Changes with Apache 2.4.5
+ *) mod_ssl: Fix possible truncation of OCSP responses when reading from the
+ server. [Joe Orton]
+
*) core: Support the SINGLE_LISTEN_UNSERIALIZED_ACCEPT optimization
on Linux kernel versions 3.x and above. PR 55121. [Bradley Heilbrun
<apache heilbrun.org>]
apr_bucket *e = APR_BRIGADE_FIRST(bb);
rv = apr_bucket_read(e, &data, &len, APR_BLOCK_READ);
- if (rv == APR_EOF || (rv == APR_SUCCESS && len == 0)) {
+ if (rv == APR_EOF) {
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(01984)
"OCSP response: got EOF");
break;
"error reading response from OCSP server");
return NULL;
}
+ if (len == 0) {
+ /* Ignore zero-length buckets (possible side-effect of
+ * line splitting). */
+ apr_bucket_delete(e);
+ continue;
+ }
count += len;
if (count > MAX_CONTENT) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c, APLOGNO(01986)