62400 – OCSP Stapling should not serve OCSP responses from the cache even after they expire

Bug 62400 - OCSP Stapling should not serve OCSP responses from the cache even after they expire

Summary: OCSP Stapling should not serve OCSP responses from the cache even after they ...

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ssl (show other bugs)
Version:	2.5-HEAD
Hardware:	PC Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-05-23 03:41 UTC by Taejoong Chung
Modified:	2018-05-23 03:41 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Taejoong Chung 2018-05-23 03:41:00 UTC

SSLStapling On;
SSLStaplingStandardCacheTimeout 3600 (after one hour a new ocsp request is being done by mod_ssl)

When the OCSP responses from the cache expire, it should go fetch a fresh OCSP response from the OCSP responder even though it still has some cycles to hit the SSLStaplingStandardCacheTimeout; but it keeps serving the expired response from the cache.