OpenSSL OCSP fix backported to RHEL7 / RHEL8?

Latest response

Hi,

I am looking at setting up an OCSP responder using openssl and there is a minor fix that adds critical functionality for using the openssl ocsp module as a systemd service. See Fix #10682 here: https://github.com/openssl/openssl/commit/1cf20ca31bed31c0bd16c6ed1eeaa1b9580939b7

It looks like that fix is only targeted for master and 3.0.0. It seems like it would be pretty trivial to backport it to openssl 1.1.1 or 1.0.2.

Of course there may be another tool that is preferred for setting up an OCSP Responder.

George

Responses

RHEL 7 is in Maintenance development support phase where we aren't accepting feature requests anymore.

However, RHEL 8 is still in Full development support phase, so we would gladly consider a feature request there.

If you have access to a support entitlement, please open a support case with your feature request for OpenSSL and provide a business justification for its inclusion.

Unfortunately my customer has not approved us to move to RHEL8 yet. I downloaded the latest src RPM for openssl (1.0.2k) and developed the patch and integrated it with the rpmbuild environment.

I will see if my customer is ok with a patched version of openssl or if they'd prefer to roll to a newer release of RHEL or openssl. Or use a different solution for OCSP server.

Is there interest in having a patch developed for the RHEL8 src package for openssl? I understand that you are not adding features to RHEL7 anymore. Of course if RHEL8 is planning to move to openssl 3.0.0+ anytime soon then no need...it already has an approved, merged patch in the openssl project (developed by someone else).