Bug 62400

Summary: OCSP Stapling should not serve OCSP responses from the cache even after they expire
Product: Apache httpd-2 Reporter: Taejoong Chung <tijay00>
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: normal    
Priority: P2    
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Taejoong Chung 2018-05-23 03:41:00 UTC
SSLStapling On;
SSLStaplingStandardCacheTimeout 3600 (after one hour a new ocsp request is being done by mod_ssl)

When the OCSP responses from the cache expire, it should go fetch a fresh OCSP response from the OCSP responder even though it still has some cycles to hit the SSLStaplingStandardCacheTimeout; but it keeps serving the expired response from the cache.