You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2021/03/03 17:43:04 UTC

svn commit: r1887155 - in /httpd/httpd/branches/2.4.x: ./ CHANGES modules/ssl/ssl_util_ocsp.c

Author: jorton
Date: Wed Mar  3 17:43:04 2021
New Revision: 1887155

URL: http://svn.apache.org/viewvc?rev=1887155&view=rev
Log:
Merge r1874007 from trunk:

* modules/ssl/ssl_util_ocsp.c (serialize_request): Set the Connection header
  to close to indicate that we do not want to keep the HTTP connection to the
  OCSP responder alive. We don't reuse the connections currently and if the
  OCSP responder keeps the connection alive this could cause us to wait for
  keepalive timeout of the OCSP responder to timeout until we finish our
  reading of the OCSP response.

PR: 64135
Submitted by: rpluem
Reviewed by: jorton, ylavic, covener

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1874007

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1887155&r1=1887154&r2=1887155&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Wed Mar  3 17:43:04 2021
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.47
 
+  *) mod_ssl: Do not keep connections to OCSP responders alive when doing
+     OCSP requests.  PR 64135.  [Ruediger Pluem]
+
   *) mod_ssl: Improve the coalescing filter to buffer into larger TLS
      records, and avoid revealing the HTTP header size via TLS record
      boundaries (for common response generators).

Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c?rev=1887155&r1=1887154&r2=1887155&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c Wed Mar  3 17:43:04 2021
@@ -46,6 +46,7 @@ static BIO *serialize_request(OCSP_REQUE
     BIO_printf(bio, "%s%s%s HTTP/1.0\r\n"
                "Host: %s:%d\r\n"
                "Content-Type: application/ocsp-request\r\n"
+               "Connection: close\r\n"
                "Content-Length: %d\r\n"
                "\r\n",
                uri->path ? uri->path : "/",