66664 – Request for crl fallback enabling

Bug 66664 - Request for crl fallback enabling

Summary: Request for crl fallback enabling

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ssl (show other bugs)
Version:	2.5-HEAD
Hardware:	All All

Importance:	P2 enhancement (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-06-22 07:24 UTC by davide schiaroli
Modified:	2023-06-27 03:33 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description davide schiaroli 2023-06-22 07:24:54 UTC

The default behaviour of apache regarding verification is to enable OCSP, CRL or all together. All the mechanism of cert verification have to report a valid status to make the connection possibile. If one of the mechanism is broken, like an unresponsive OCSP Responder, the verification will fail. In my opinion it will be better to make these mechanism more configurable, adding the possibility to ocsp have a fallback, and not to abort the verification. Are there suitable mechanism in apache that make this already possible? I hope I was clear, thanks