This is an automated email from the ASF dual-hosted git repository.
markt-asf pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new 56c5b3fe85 Better docs for ocspSoftFail
56c5b3fe85 is described below
commit 56c5b3fe85bd0723ea098bf2ffcbf54f2275291a
Author: Mark Thomas <[email protected]>
AuthorDate: Thu May 21 10:34:58 2026 +0100
Better docs for ocspSoftFail
---
webapps/docs/changelog.xml | 4 ++++
webapps/docs/config/http.xml | 14 ++++++++------
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a6bb184bd4..75ec59c9bf 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -233,6 +233,10 @@
Documentation: Expand the description of some of the attributes of the
<code>CrawlerSessionManagerValve</code>. (markt)
</add>
+ <fix>
+ Documentation: Clearer description and correct documented default for
+ <code>ocspSoftFail</code>. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 5f957a5c75..8341b7a0a5 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -1460,12 +1460,14 @@
</attribute>
<attribute name="ocspSoftFail" required="false">
- <p>By default, if an OCSP check fails for any reason the associated TLS
- handhskae will also fail and a TLS connection will not be established. If
- this attribute is set to <code>true</code>, OCSP checks that fail but do
- not return an explicit failure status to Tomcat (e.g. the OCSP check
times
- out) will not cause the TLS handshake to fail.</p>
- <p>If not specified, the default value of <code>false</code> will be
+ <p>If an OCSP responder returns an error, the TLS handshake will always
+ fail and a TLS connection will not be established. If the OCSP responder
+ is unreachable or otherwise unavailable, this setting determines whether
+ the handshake completes or fails. If <code>true</code>, the handskahe
will
+ complete and a TLS connection will be established when the OCSP responder
+ is unavailable. If <code>false</code>, the handshake will fail and no TLS
+ connection will be established.</p>
+ <p>If not specified, the default value of <code>true</code> will be
used.</p>
</attribute>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
