Hi Stuart, thank you for your fast reply.
On Fri, Jan 10, 2020 at 7:22 PM Stuart Henderson <[email protected]> wrote: > On 2020/01/10 19:13, Kor son of Rynar wrote: > > On Fri, Jan 10, 2020 at 6:48 PM Kor son of Rynar < > [email protected]> > > wrote: > > > > > >Fix: > > > Unknown. Could be related to the lack of "Connection: close" > > > and/or "Content-Type" headers in the HTTP request? > > > > > > > Adding the missing headers seems to solve the problem: > > > > --- http.c.orig Fri Jun 28 13:32:49 2019 > > +++ http.c Fri Jan 10 22:04:09 2020 > > @@ -349,7 +349,10 @@ > > c = asprintf(&req, > > "POST %s HTTP/1.0\r\n" > > ...this uses HTTP/1.0 > > > "Host: %s\r\n" > > + "Accept: */*\r\n" > > + "Content-Type: application/ocsp-request\r\n" > > "Content-Length: %zu\r\n" > > + "Connection: close\r\n" > > ...but Connection: close is an HTTP/1.1 header, so this isn't entirely > legit. > Does it work without that (i.e. just add Accept/Content-Type)? > It does work without the Connection: close and even without the Accept: */* header. It stops working when you remove the Content-Type: header. The diff is simpler, then: --- http.c.orig Fri Jun 28 13:32:49 2019 +++ http.c Sat Jan 11 15:29:22 2020 @@ -349,6 +349,7 @@ c = asprintf(&req, "POST %s HTTP/1.0\r\n" "Host: %s\r\n" + "Content-Type: application/ocsp-request\r\n" "Content-Length: %zu\r\n" "\r\n", http->path, http->host, psz); Thanks, Kor. > > "\r\n", > > http->path, http->host, psz); > > > # obj/ocspcheck -N -vvv server.crt > > Built an 83 byte ocsp request > > Using http to host ocsp.sectigo.com, port 80, path / > > DNS returns 2001:4de0:ac19::1:b:3b for ocsp.sectigo.com > > Server at ocsp.sectigo.com returns: > > [Body]=[471 bytes] > > OCSP response signature validated from ocsp.sectigo.com > > OCSP response status 0 from host ocsp.sectigo.com > > OCSP response validated from ocsp.sectigo.com > > This Update: Thu Jan 9 01:20:43 2020 > > Next Update: Sun Jan 12 21:20:43 2020 >
