* modules/ssl/ssl_util_ocsp.c (serialize_request): Set the Connection header

  to close to indicate that we do not want to keep the HTTP connection to the
  OCSP responder alive. We don't reuse the connections currently and if the
  OCSP responder keeps the connection alive this could cause us to wait for
  keepalive timeout of the OCSP responder to timeout until we finish our
  reading of the OCSP response.

PR: 64135

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874007 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index bfcb87d41262cc982c72d138eb5c13baab6aaafc..450d87776a22af059391724d69825e05e91ba88c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_ssl: Do not keep connections to OCSP responders alive when doing
+     OCSP requests.  PR 64135.  [Ruediger Pluem]
+
   *) mod_ssl: Disable client verification on ACME ALPN challenges. Fixes github
      issue mod_md#172 (https://github.com/icing/mod_md/issues/172).
      [Michael Kaufmann <mail michael-kaufmann.ch>, Stefan Eissing]

diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c
index b66e15146c85478398d3a610836026c72477eac5..b9c8a0b850e1cec468e3b9652b1c9faf23aa0cf1 100644 (file)
--- a/modules/ssl/ssl_util_ocsp.c
+++ b/modules/ssl/ssl_util_ocsp.c
@@ -46,6 +46,7 @@ static BIO *serialize_request(OCSP_REQUEST *req, const apr_uri_t *uri,
     BIO_printf(bio, "%s%s%s HTTP/1.0\r\n"
                "Host: %s:%d\r\n"
                "Content-Type: application/ocsp-request\r\n"
+               "Connection: close\r\n"
                "Content-Length: %d\r\n"
                "\r\n",
                uri->path ? uri->path : "/",