On Thu, Jan 15, 2026 at 6:35 PM Mark Thomas <[email protected]> wrote:
> On 15/01/2026 14:01, Mark Thomas wrote: > > On 15/01/2026 13:30, Mark Thomas wrote: > >> On 15/01/2026 13:11, Dimitris Soumis wrote: > > <snip/> > > >>> I am attaching a draft patch, fixing those issues and resulting in > >>> all tests passing. > >>> The patch breaks something, as I > >>> see TestOcspTimeout.testTimeoutWithoutSoftFail fails. I will look > >>> into it later. > >> > >> Thanks. That is really helpful. > >> > >> I've spent the morning looking at the native crashes and have made > >> some progress but I could do with a break from that so I'll look at > >> the draft patch. > > > > Yes. That all makes sense. I've re-worked TesterSupport.initSsl because > > the various overloaded methods let you change the server cert for JSSE > > configuration style but not OPENSSL. My local change allows the default > > certificate file and certificate key file to be overridden as well > > (which is what the OCSP tests needs to do). > > > > I also spotted an issue with JSSE vs OpenSSL trust configuration that > > I've fixed. > > > > The OCSP tests are passing now with APR. I just need to check I haven't > > broken anything else. > > The OCSP soft fail tests are, somewhat ironically, failing. But only > with APR. I think I have tracked down the error but it is in native > code. If I am right, it is only 1.3.x that is affected. > > There is a strong possibility that we are going to need another Native > 1.3.x release. I'm thinking: > - Try and get that out today > - Get most votes tomorrow > - Call the result Monday and then tag. > > Thoughts? > +1 I think ocsp_soft_fail needs to be taken into consideration in sslcontext.c as is being done for the other attributes. > > Mark > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
