Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-1463

[ASF BZ 63356] OCSP_parse_url error while parsing Authority Information Access extension

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 5.3.0.DR1
    • JWS 5.0.0 GA
    • tomcat-native
    • None
    • 16
    • +
    • Hide

      The issue appears under these conditions:
      1. Tomcat is configured using APR connector and OpenSSL implementation

      <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" minSpareThreads="150" maxThreads="150" SSLEnabled="true">

      2. Client certificate is required

      <SSLHostConfig certificateVerification="require" ...>

      3. Client certificate contains AIA extension
      4. The AIA extension does NOT contain OCSP information

      Show
      The issue appears under these conditions: 1. Tomcat is configured using APR connector and OpenSSL implementation <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" minSpareThreads="150" maxThreads="150" SSLEnabled="true"> 2. Client certificate is required <SSLHostConfig certificateVerification="require" ...> 3. Client certificate contains AIA extension 4. The AIA extension does NOT contain OCSP information

      When verifying a client certificate that contains Authority Information Access (AIA) extension without OCSP the handshake fails and the following message appears in Tomcat logs:

      01-Nov-2019 11:49:19.475 FINE [https-openssl-apr-8443-exec-1] org.apache.tomcat.util.net.AprEndpoint.setSocketOptions Handshake failed: error:27072041:OCSP routines:OCSP_parse_url:malloc failure

      The issue is described in ASF bug report 63356:
      https://bz.apache.org/bugzilla/show_bug.cgi?id=63356

      This is fixed in Tomcat Native 1.2.22.

            rhn-support-csutherl Coty Sutherland
            rhn-support-tbriceno Tomas Briceno Fernandez
            Matus Madzin Matus Madzin
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: