apache
10.0.x: OCSP errors on startup
@maskit converted the mechanism for OCSP fetch from the openssl's implementation to using FetchSM via #9591. This is a necessary and valuable change to give us flexibility with our SSL library options. However when testing ATS 10 internally at Yahoo, I noticed the following OCSP ERROR messages on process start:
[Jun 9 19:12:30.086] [ET_OCSP 0] ERROR: Failed to refresh OCSP for <path> certificate. url=http://ocsp.digicert.com
[Jun 9 19:12:30.087] [ET_OCSP 0] ERROR: failed to get a response from OCSP server; uri=http://ocsp.digicert.com
[Jun 9 19:12:30.087] [ET_OCSP 0] ERROR: stapling_refresh_response: failed to refresh OCSP response
These error messages are alarming. Talking with @maskit, however, he points out that these failures are due to FetchSM not being initialized in the early process startup phase that's trying to use it. Later on, after the ATS process is finished, the fetch works fine. So OCSP works fine, just not during process start.
We should consider whether we can silence these messages on process initialization or, potentially, perform the fetch later when FetchSM is fully initialized.
This issue has been automatically marked as stale because it has not had recent activity. Marking it stale to flag it for further consideration by the community.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}