mod_md rejects OCSP response when nextUpdate field is not set. However, per RFC 6960 this is valid (in particular see section 4.2.2.1):
If nextUpdate is not set, the responder is indicating that newer
revocation information is available all the time.
Update mod_md to accept these responses. When !bnextup, set valid.end to valid.start plus 12 hours. mod_md will attempt to refresh the response at some earlier time, according to the MDStaplingRenewWindow setting.
icing
commented
9 months ago
mod_md rejects OCSP response when nextUpdate field is not set. However, per RFC 6960 this is valid (in particular see section 4.2.2.1):
Update mod_md to accept these responses. When
!bnextup, setvalid.endtovalid.startplus 12 hours. mod_md will attempt to refresh the response at some earlier time, according to theMDStaplingRenewWindowsetting.Fixes: https://github.com/icing/mod_md/issues/326