You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2021/03/03 17:43:04 UTC
svn commit: r1887155 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
modules/ssl/ssl_util_ocsp.c
Author: jorton
Date: Wed Mar 3 17:43:04 2021
New Revision: 1887155
URL: http://svn.apache.org/viewvc?rev=1887155&view=rev
Log:
Merge r1874007 from trunk:
* modules/ssl/ssl_util_ocsp.c (serialize_request): Set the Connection header
to close to indicate that we do not want to keep the HTTP connection to the
OCSP responder alive. We don't reuse the connections currently and if the
OCSP responder keeps the connection alive this could cause us to wait for
keepalive timeout of the OCSP responder to timeout until we finish our
reading of the OCSP response.
PR: 64135
Submitted by: rpluem
Reviewed by: jorton, ylavic, covener
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1874007
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1887155&r1=1887154&r2=1887155&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Wed Mar 3 17:43:04 2021
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.47
+ *) mod_ssl: Do not keep connections to OCSP responders alive when doing
+ OCSP requests. PR 64135. [Ruediger Pluem]
+
*) mod_ssl: Improve the coalescing filter to buffer into larger TLS
records, and avoid revealing the HTTP header size via TLS record
boundaries (for common response generators).
Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c?rev=1887155&r1=1887154&r2=1887155&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c Wed Mar 3 17:43:04 2021
@@ -46,6 +46,7 @@ static BIO *serialize_request(OCSP_REQUE
BIO_printf(bio, "%s%s%s HTTP/1.0\r\n"
"Host: %s:%d\r\n"
"Content-Type: application/ocsp-request\r\n"
+ "Connection: close\r\n"
"Content-Length: %d\r\n"
"\r\n",
uri->path ? uri->path : "/",