On 15/01/2026 16:53, Dimitris Soumis wrote:
On Thu, Jan 15, 2026 at 6:35 PM Mark Thomas <[email protected]> wrote:
On 15/01/2026 14:01, Mark Thomas wrote:
On 15/01/2026 13:30, Mark Thomas wrote:
On 15/01/2026 13:11, Dimitris Soumis wrote:
<snip/>
I am attaching a draft patch, fixing those issues and resulting in
all tests passing.
The patch breaks something, as I
see TestOcspTimeout.testTimeoutWithoutSoftFail fails. I will look
into it later.
Thanks. That is really helpful.
I've spent the morning looking at the native crashes and have made
some progress but I could do with a break from that so I'll look at
the draft patch.
Yes. That all makes sense. I've re-worked TesterSupport.initSsl because
the various overloaded methods let you change the server cert for JSSE
configuration style but not OPENSSL. My local change allows the default
certificate file and certificate key file to be overridden as well
(which is what the OCSP tests needs to do).
I also spotted an issue with JSSE vs OpenSSL trust configuration that
I've fixed.
The OCSP tests are passing now with APR. I just need to check I haven't
broken anything else.
The OCSP soft fail tests are, somewhat ironically, failing. But only
with APR. I think I have tracked down the error but it is in native
code. If I am right, it is only 1.3.x that is affected.
There is a strong possibility that we are going to need another Native
1.3.x release. I'm thinking:
- Try and get that out today
- Get most votes tomorrow
- Call the result Monday and then tag.
Thoughts?
+1
I think ocsp_soft_fail needs to be taken into consideration in sslcontext.c
as is being done for the other attributes.
I've just committed a different fix but I could well have missed
something. What did you have in mind?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
