]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5699abf) | patch
* modules/ssl/ssl_util_stapling.c (stapling_check_response) Don't send
authorRuediger Pluem <rpluem@apache.org>
Wed, 18 Mar 2020 11:31:20 +0000 (11:31 +0000)
committerRuediger Pluem <rpluem@apache.org>
Wed, 18 Mar 2020 11:31:20 +0000 (11:31 +0000)
commit6289dfffa43b142bed34629967a4f1a4cf051171
tree46549900950f6089c2ca86ee2f122063d7fb0565tree
parent5699abfec6e506bcca7e814a566e593a95ed1e9bcommit | diff
* modules/ssl/ssl_util_stapling.c (stapling_check_response) Don't send
  out an OCSP response that can't be parsed.

  If the crypto/ASN library can't parse a response as 'basic OCSP'
  even if it leads with a OCSP successful status, then don't pass it
  to the client. There is nothing to say at all it isn't just garbage.
  And if other types of messages are standardized they can be added.

PR: 60182
Obtained from: https://github.com/apache/httpd/commit/e72154c75dab1cc043ea1aad36758806855efb25.diff
Submitted by: <gmoniker@gmail.com>
Reviewed by: rpluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1875356 13f79535-47bb-0310-9956-ffa450edef68
modules/ssl/ssl_util_stapling.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git