Fix change of behavior of the single stapled OCSP response API#29251
Closed
t8m wants to merge 1 commit intoopenssl:masterfrom
Closed
Fix change of behavior of the single stapled OCSP response API#29251t8m wants to merge 1 commit intoopenssl:masterfrom
t8m wants to merge 1 commit intoopenssl:masterfrom
Conversation
t8m
added
branch: master
t8m
force-pushed
the
ocsp-single-resp-regression
branch
2 times, most recently
from
f40a0a4 to
6664268
Compare
Fixes openssl#28888 Fixes b1b4b15 Instead of transferring the ownership of the single OCSP response to the SSL object, the multi-stapling PR modified the semantics of SSL_set_tlsext_status_ocsp_resp() to copying semantics. This change reverts the behavior to the previous one. Partially based on fix by Remi Gacogne: openssl#28894
t8m
force-pushed
the
ocsp-single-resp-regression
branch
from
6664268 to
7075419
Compare
Member
Author
|
Hmm... I forgot there is already #28894 so I've mentioned it in the commit message. |
mattcaswell
approved these changes
Nov 28, 2025
bob-beck
approved these changes
Nov 28, 2025
Contributor
bob-beck
left a comment
bob-beck
left a comment
There was a problem hiding this comment.
Wow, changing that behaviour was certainly breakage.
Yes please. LGTM.
Sashan
approved these changes
Nov 28, 2025
Contributor
Sashan
left a comment
Sashan
left a comment
There was a problem hiding this comment.
looks good to me as far as I can tell.
Sashan
added
approval: done
openssl-machine
added
approval: ready to merge
Collaborator
|
This pull request is ready to merge |
Member
Author
|
Merged to the master and 3.6 branches. Thank you for the reviews. |
openssl-machine
pushed a commit
that referenced
this pull request
Dec 1, 2025
Fixes #28888 Fixes b1b4b15 Instead of transferring the ownership of the single OCSP response to the SSL object, the multi-stapling PR modified the semantics of SSL_set_tlsext_status_ocsp_resp() to copying semantics. This change reverts the behavior to the previous one. Partially based on fix by Remi Gacogne: #28894 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from #29251)
openssl-machine
pushed a commit
that referenced
this pull request
Dec 1, 2025
Fixes #28888 Fixes b1b4b15 Instead of transferring the ownership of the single OCSP response to the SSL object, the multi-stapling PR modified the semantics of SSL_set_tlsext_status_ocsp_resp() to copying semantics. This change reverts the behavior to the previous one. Partially based on fix by Remi Gacogne: #28894 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from #29251) (cherry picked from commit 7e50e03)
cxx194832
pushed a commit
to cxx194832/openssl
that referenced
this pull request
Dec 12, 2025
Fixes openssl#28888 Fixes b1b4b15 Instead of transferring the ownership of the single OCSP response to the SSL object, the multi-stapling PR modified the semantics of SSL_set_tlsext_status_ocsp_resp() to copying semantics. This change reverts the behavior to the previous one. Partially based on fix by Remi Gacogne: openssl#28894 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> (Merged from openssl#29251)
openssl-machine
pushed a commit
that referenced
this pull request
Jan 27, 2026
3.6.1 CHANGES.md includes the following: * #28760 "Improve the CPUINFO display for RISC-V" * #28797 "Fix regression when X509_V_FLAG_CRL_CHECK_ALL is set" * #28955 "Fix for TLS handshake issue with GnuTLS #28902" * #29155 "fix(x509.c): fixed -checkend return values" * #29214 "s390x: Check and fail on invalid malformed ECDSA signatures" * #29245 "Clang format 3.6" * #29251 "Fix change of behavior of the single stapled OCSP response API" 3.6.1 NEWS.md includes the following: * #28797 "Fix regression when X509_V_FLAG_CRL_CHECK_ALL is set" * #28955 "Fix for TLS handshake issue with GnuTLS #28902" Co-Authored-by: Tomáš Mráz <[email protected]> Signed-off-by: Eugene Syromiatnikov <[email protected]> Reviewed-by: Nikola Pajkovsky <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> MergeDate: Mon Jan 26 20:01:30 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #28888
Fixes t8m@b1b4b15
Instead of transferring the ownership of the single OCSP response
to the SSL object, the multi-stapling PR modified the semantics
of SSL_set_tlsext_status_ocsp_resp() to copying semantics.
This change reverts the behavior to the previous one.
Partially based on fix by Remi Gacogne:
#28894