[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts

2021-09-26 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

Christophe JAILLET  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #9 from Christophe JAILLET  ---
Backported in 2.4.x in r1887155

This is part of 2.4.47

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org



[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts

2021-03-08 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #8 from Ruediger Pluem  ---
(In reply to Christophe JAILLET from comment #7)
> Coming back to it, is this "Connection: close" needed at all?
> We are using HTTP/1.0 here, and it should be closed in all cases.
> 
> Did I miss something? Is there something else lurking around?

It is probably caused by a misconfigured / buggy HTTP server on OCSP server
side, but I see no harm in adding the "Connection: close" if it helps.
I agree that the normal behavior of the server to a HTTP/1.0 request should be
to close the connection after sending the response.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org



[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts

2021-03-05 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #7 from Christophe JAILLET  ---
Coming back to it, is this "Connection: close" needed at all?
We are using HTTP/1.0 here, and it should be closed in all cases.

Did I miss something? Is there something else lurking around?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org



[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts

2020-02-21 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

Giovanni Bechis  changed:

   What|Removed |Added

   Keywords||FixedInTrunk

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org



[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts

2020-02-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #6 from Ruediger Pluem  ---
Commited to trunk as r1874007.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org



[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts

2020-02-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #5 from Giovanni Bechis  ---
Yes, the patch fixes the issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org



[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts

2020-02-14 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #4 from Ruediger Pluem  ---
(In reply to Giovanni Bechis from comment #3)
> You understood perfectly and your diff makes absolutely sense.

Can you confirm that the patch fixes your issue?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org



[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts

2020-02-13 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #3 from Giovanni Bechis  ---
You understood perfectly and your diff makes absolutely sense.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org



[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts

2020-02-13 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #2 from Ruediger Pluem  ---
(In reply to Giovanni Bechis from comment #1)
> Created attachment 37011 [details]
> Possible fix
> 
> A possible fix could be to force a connection closure as soon as a correct
> reply from the OCSP server has arrived, not sure if it's done in the correct
> code-path anyway.

Maybe I misunderstood the issue. You are talking about the HTTP connection to
the OCSP server / responder, correct? But the patch disables the keepalive on
the connection to the client (e.g. the browser). If you want to disable the
keepalive on the connection to the OCSP server / have it closed after the
request IMHO the following patch should do it:

Index: ssl_util_ocsp.c
===
--- ssl_util_ocsp.c (revision 1873895)
+++ ssl_util_ocsp.c (working copy)
@@ -46,6 +46,7 @@
 BIO_printf(bio, "%s%s%s HTTP/1.0\r\n"
"Host: %s:%d\r\n"
"Content-Type: application/ocsp-request\r\n"
+   "Connection: close\r\n"
"Content-Length: %d\r\n"
"\r\n",
uri->path ? uri->path : "/",

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org



[Bug 64135] OCSP Stapling doesn't handle Keep-Alive responses properly, causing delays/timeouts

2020-02-11 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=64135

--- Comment #1 from Giovanni Bechis  ---
Created attachment 37011
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37011&action=edit
Possible fix

A possible fix could be to force a connection closure as soon as a correct
reply from the OCSP server has arrived, not sure if it's done in the correct
code-path anyway.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org