Use HTTP 1.0 for OCSP responses

TheComputerGuy96 · kristelmerilain · commit bd6edb6dd9ef · 2026-03-03T09:35:55.000+02:00
For some reason, the nsc.vrm.lt's OCSP responder responds really
slowly (over 2 minutes) in HTTP 1.1 mode (so use the legacy 1.0
protocol for OCSP responses)

Signed-off-by: Aida Jonikienė &lt;tcg96nougat@gmail.com&gt;
diff --git a/src/crypto/Connect.cpp b/src/crypto/Connect.cpp
@@ -56,7 +56,7 @@ using namespace std;
 
 
 
-Connect::Connect(const string &_url, string _method, int _timeout, const vector<X509Cert> &certs, const string &userAgentData)
+Connect::Connect(const string &_url, string _method, int _timeout, const vector<X509Cert> &certs, const string &userAgentData, const string &version)
     : method(std::move(_method))
     , timeout(_timeout)
 {
@@ -159,7 +159,7 @@ Connect::Connect(const string &_url, string _method, int _timeout, const vector<
         }
     }
 
-    BIO_printf(d, "%s %s HTTP/1.1\r\n", method.c_str(), path.c_str());
+    BIO_printf(d, "%s %s HTTP/%s\r\n", method.c_str(), path.c_str(), version.c_str());
     addHeader("Connection", "close");
     if(port == "80" || port == "443")
         addHeader("Host", host);
diff --git a/src/crypto/Connect.h b/src/crypto/Connect.h
@@ -61,7 +61,8 @@ class Connect
     };
 
     Connect(const std::string &url, std::string method = "POST",
-        int timeout = 0, const std::vector<X509Cert> &certs = {}, const std::string &userAgentData = {});
+        int timeout = 0, const std::vector<X509Cert> &certs = {}, const std::string &userAgentData = {},
+        const std::string &version = "1.1");
     ~Connect();
     inline Result exec(std::initializer_list<std::pair<std::string_view,std::string_view>> headers,
         const std::vector<unsigned char> &data)
diff --git a/src/crypto/OCSP.cpp b/src/crypto/OCSP.cpp
@@ -79,7 +79,7 @@ OCSP::OCSP(const X509Cert &cert, const X509Cert &issuer, const std::string &user
     if(!OCSP_request_add1_nonce(req.get(), nullptr, 32)) // rfc8954: SIZE(1..32)
         THROW_OPENSSLEXCEPTION("Failed to add NONCE to OCSP request.");
 
-    Connect::Result result = Connect(url, "POST", 0, {}, userAgent).exec({
+    Connect::Result result = Connect(url, "POST", 0, {}, userAgent, "1.0").exec({
         {"Content-Type", "application/ocsp-request"},
         {"Accept", "application/ocsp-response"},
         {"Connection", "Close"},

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ using namespace std;`
`56`	`56`
`57`	`57`
`58`	`58`
`59`		`-Connect::Connect(const string &_url, string _method, int _timeout, const vector<X509Cert> &certs, const string &userAgentData)`
	`59`	`+Connect::Connect(const string &_url, string _method, int _timeout, const vector<X509Cert> &certs, const string &userAgentData, const string &version)`
`60`	`60`	`: method(std::move(_method))`
`61`	`61`	`, timeout(_timeout)`
`62`	`62`	`{`
`@@ -159,7 +159,7 @@ Connect::Connect(const string &_url, string _method, int _timeout, const vector<`
`159`	`159`	`}`
`160`	`160`	`}`
`161`	`161`
`162`		`- BIO_printf(d, "%s %s HTTP/1.1\r\n", method.c_str(), path.c_str());`
	`162`	`+ BIO_printf(d, "%s %s HTTP/%s\r\n", method.c_str(), path.c_str(), version.c_str());`
`163`	`163`	`addHeader("Connection", "close");`
`164`	`164`	`if(port == "80" \|\| port == "443")`
`165`	`165`	`addHeader("Host", host);`