From: Ruediger Pluem <rpluem@apache.org>
Date: Thu, 4 Sep 2025 06:06:15 +0000 (+0000)
Subject: Perform OCSP requests via HTTP/1.1 instead of HTTP/1.0
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5cec2b41bdbb776b012eca4aed9ac8b2946beea9;p=thirdparty%2Fapache%2Fhttpd.git

Perform OCSP requests via HTTP/1.1 instead of HTTP/1.0

According to https://docs.digicert.com/en/whats-new/change-log/certcentral-change-log.html#digicert-ending-support-for-http-1-0-connections-for-ocsp-and-crl-certificate-status-verification-checks-619426
Digicert stops supporting HTTP/1.0 for their OCSP responder, but still supports
HTTP/1.1. Hence switch to HTTP/1.1 to keep things working.
It is assumed that other OCSP responders support HTTP/1.1 as well.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1928222 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c
index 855f02fc21..434ee48303 100644
--- a/modules/ssl/ssl_util_ocsp.c
+++ b/modules/ssl/ssl_util_ocsp.c
@@ -46,7 +46,7 @@ static BIO *serialize_request(OCSP_REQUEST *req, const apr_uri_t *uri,
         BIO_printf(bio, "http://%s:%d",
                    uri->hostname, uri->port);
     }
-    BIO_printf(bio, "%s%s%s HTTP/1.0\r\n"
+    BIO_printf(bio, "%s%s%s HTTP/1.1\r\n"
                "Host: %s:%d\r\n"
                "Content-Type: application/ocsp-request\r\n"
                "Connection: close\r\n"