Created attachment 34508 [details] patch proposal When SSLOCSPEnable is set to On in global/server configuration, it is not inherited by VirtualHosts. If I move the configurations inside the VirtualHost, failure happens as expected and SSL handshake is not completed. A patch is attached that works for me. Patch was generated for 2.4.23. Reproducer: This is a simplified reproducer that does not actually perform OCSP check but you can see logging where it at least gets into OCSP code: 1. Install httpd and mod_ssl 2. Add the following configurations in ssl.conf but outside of the VirtualHost. I did have to create a CA and client cert but the Responder URL goes to nowhere. SSLCACertificateFile /tmp/cacert.crt SSLVerifyClient require SSLVerifyDepth 1 SSLOCSPEnable On SSLOCSPDefaultResponder http://localhost:9999/ SSLOCSPOverrideResponder On 3. Send request with a certificate signed by the /tmp/cacert.crt # curl -I -E ./cert.crt:test --key ./privkey.key -k https://localhost/ HTTP/1.1 200 OK 4. The request above succeeds but should not because the OCSP responder is unreachable and cert cannot be validated.