On 9/4/25 9:09 AM, Joe Orton wrote:
> On Wed, Sep 03, 2025 at 08:55:54PM +0200, Ruediger Pluem wrote:
>>
>>
>> On 9/3/25 5:49 PM, Stefan Eissing via dev wrote:
>>> https://docs.digicert.com/en/whats-new/change-log/certcentral-change-log.html#digicert-ending-support-for-http-1-0-connections-for-ocsp-and-crl-certificate-status-verification-checks-619426
>>
>> Thanks for the heads up.
>>
>>>
>>> On rather short notice, they switch off HTTP/1.0 in their OCSP responder.
>>> That means our implementation of stapling in mod_ssl will no longer work, I
>>> assume.
>>
>> Agreed. But as HTTP/1.1 is still accepted and we already set a host
>> and connection header it should be easy to fix:
>
> That HTTP client doesn't support chunked transfer-coding, so it cannot
> declare HTTP/1.1 conformance like this. Some irony in their statement as
Unfortunately true. I reverted for now (r1928225) until a complete solution is
found.
Regards
RĂ¼diger
