Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Sprint:
Server Security 2025-11-07, Server Security 2025-11-21, Server Security 2025-12-05
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

After an OCSP response acquisition attempt, several events might have occurred:

A network error
One or more responder errors
A response which failed signature validation
A response which failed to meet policy
A response which indicates the subject certificate was revoked
A response which indicates the subject certificate was valid

There are probably a few other edge cases. Currently, the main OCSP stapling loop dispatches requests, then logs message 577163 which includes the Status of acquisition and validation. It doesn't report anything about what was observed in the response, meaning that both valid and revoked responses are reported with Status::OK. This is misleading, and can confuse administrators trying to debug revoked responses.

is depended on by

SERVER-84646 Connecting to OCSP revoked endpoints should fail with server defined errors

Closed

related to

SERVER-84646 Connecting to OCSP revoked endpoints should fail with server defined errors

Closed

Assignee:: Erwin Pe
Reporter:: Spencer Jackson
Participants:: Erwin Pe, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Jan 08 2024 07:30:16 PM UTC
Updated:: Nov 24 2025 06:00:55 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates