This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 1.3.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/1.3.x by this push:
new 69a977dd4 Fix OCSP soft fail with the APR connector
69a977dd4 is described below
commit 69a977dd427ad2a6da0f10aca3872386ee27f681
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Jan 15 17:25:53 2026 +0000
Fix OCSP soft fail with the APR connector
---
native/src/sslutils.c | 6 +++++-
xdocs/miscellaneous/changelog.xml | 4 ++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/native/src/sslutils.c b/native/src/sslutils.c
index a4518f404..91bd0dbe2 100644
--- a/native/src/sslutils.c
+++ b/native/src/sslutils.c
@@ -379,8 +379,12 @@ int SSL_callback_SSL_verify(int ok, X509_STORE_CTX *ctx)
}
else if (ocsp_response == OCSP_STATUS_UNKNOWN) {
errnum = X509_STORE_CTX_get_error(ctx);
- if (errnum != 0 && !(ocsp_soft_fail && errnum ==
X509_V_ERR_UNABLE_TO_GET_CRL))
+ if (errnum != 0 && !(ocsp_soft_fail && errnum ==
X509_V_ERR_UNABLE_TO_GET_CRL)) {
ok = 0;
+ } else {
+ // Clear the store error else the handshake will fail
with the APR connector
+ X509_STORE_CTX_set_error(ctx, 0);
+ }
}
}
}
diff --git a/xdocs/miscellaneous/changelog.xml
b/xdocs/miscellaneous/changelog.xml
index 772e236f7..02edbdb2a 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -37,6 +37,10 @@
Remove group write permissions from the files in the tar.gz source
archive. (markt)
</fix>
+ <fix>
+ Clear additional error in OCSP processing that was preventing OCSP soft
+ fail working with Tomcat's APR/native connector. (markt)
+ </fix>
</changelog>
</section>
<section name="1.3.4" rtext="2026-01-12">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
