Open pki-bot opened 3 years ago
Comment from mharmsen (@mharmsen) at 2017-05-24 17:54:53
Metadata Update from @mharmsen:
Comment from mharmsen (@mharmsen) at 2017-05-24 18:02:26
Metadata Update from @mharmsen:
Comment from mharmsen (@mharmsen) at 2017-05-24 18:03:10
Metadata Update from @mharmsen:
Comment from mharmsen (@mharmsen) at 2017-05-25 14:51:56
Per PKI Bug Council of May 25, 2017: 10.4 - critical
Comment from mharmsen (@mharmsen) at 2017-05-25 14:51:58
Metadata Update from @mharmsen:
Comment from edewata (@edewata) at 2017-06-20 12:19:49
cfu pointed out that according to RFC 6960 in case of error the OCSP responder should still generate a valid OCSP response that contains the error code. See https://tools.ietf.org/html/rfc6960#section-2.3.
Comment from mharmsen (@mharmsen) at 2017-08-04 13:58:36
Metadata Update from @mharmsen:
Comment from mharmsen (@mharmsen) at 2017-09-25 17:02:12
Metadata Update from @mharmsen:
Comment from mharmsen (@mharmsen) at 2017-09-25 17:21:59
Metadata Update from @mharmsen:
Comment from mharmsen (@mharmsen) at 2017-09-25 17:22:33
Per CS/DS Meeting 09/25/2017: 10.5 critical
Comment from edewata (@edewata) at 2017-10-06 19:18:12
Apparently the error only happens on a new CA which has not published the CRL yet. Once the CRL is published (even if it's empty) the OCSP will work correctly. Here are the steps:
Possible solutions:
Lowering the priority to major.
Comment from edewata (@edewata) at 2017-10-06 19:18:23
Metadata Update from @edewata:
Comment from mharmsen (@mharmsen) at 2017-10-25 14:15:56
[20171025] - Offline Triage ==> 10.6
Comment from mharmsen (@mharmsen) at 2017-10-25 14:15:57
Metadata Update from @mharmsen:
This issue was migrated from Pagure Issue #2703. Originally filed by edewata (@edewata) on 2017-05-24 11:58:27:
The OCSPServlet in OCSP subsystem fails to process a normal OCSP request. The same servlet seems to be working fine in CA subsystem.
Steps to reproduce:
On the client side the OCSPClient failed with the following exception:
On the server side the OCSPServlet failed with the following exception:
The OCSPServlet should return a valid response in all cases.