[SERVER-49279] Investigate how the server and client process OCSP responses Created: 02/Jul/20  Updated: 12/Nov/20  Resolved: 12/Nov/20

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Shreyas Kalyan Assignee: Shreyas Kalyan
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Sprint: Security 2020-07-27, Security 2020-11-16
Participants:

 Description   

If the server observes a response with multiple single_responses, 2 good and 1 unknown, it treats the response overall as unknown, not good. This could cause a server to not staple an OCSP response even when the server's certificate is covered by the response. This logic needs to be revisited to ensure that a response is not discarded for this reason.



 Comments   
Comment by Shreyas Kalyan [ 12/Nov/20 ]

After doing some investigation, this seems like a very edge case scenario, and very unlikely to be encountered by customers. Completing this ticket will require some thought and restructuring of our functions that handle OCSP responses. I am going to close this, but if there is customer demand for it we can revisit this in the future.

Generated at Thu Feb 08 05:19:25 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.