1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00

OCSP stapling: disabled when build with BoringSSL

This commit is contained in:
Daniel Stenberg 2015-01-22 23:34:43 +01:00
parent d1cf5d5706
commit 23c6f0a344

View File

@ -64,7 +64,9 @@
#include <openssl/md5.h> #include <openssl/md5.h>
#include <openssl/conf.h> #include <openssl/conf.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#ifndef HAVE_BORINGSSL
#include <openssl/ocsp.h> #include <openssl/ocsp.h>
#endif
#else #else
#include <rand.h> #include <rand.h>
#include <x509v3.h> #include <x509v3.h>
@ -1321,6 +1323,7 @@ static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
return result; return result;
} }
#ifndef HAVE_BORINGSSL
static CURLcode verifystatus(struct connectdata *conn, static CURLcode verifystatus(struct connectdata *conn,
struct ssl_connect_data *connssl) struct ssl_connect_data *connssl)
{ {
@ -1443,6 +1446,7 @@ end:
return result; return result;
} }
#endif /* HAVE_BORINGSSL */
#endif /* USE_SSLEAY */ #endif /* USE_SSLEAY */
@ -2056,8 +2060,10 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
} }
#ifndef HAVE_BORINGSSL
if(data->set.ssl.verifystatus) if(data->set.ssl.verifystatus)
SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp); SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp);
#endif
SSL_set_connect_state(connssl->handle); SSL_set_connect_state(connssl->handle);
@ -2742,6 +2748,7 @@ static CURLcode servercert(struct connectdata *conn,
infof(data, "\t SSL certificate verify ok.\n"); infof(data, "\t SSL certificate verify ok.\n");
} }
#ifndef HAVE_BORINGSSL
if(data->set.ssl.verifystatus) { if(data->set.ssl.verifystatus) {
result = verifystatus(conn, connssl); result = verifystatus(conn, connssl);
if(result) { if(result) {
@ -2750,6 +2757,7 @@ static CURLcode servercert(struct connectdata *conn,
return result; return result;
} }
} }
#endif
if(!strict) if(!strict)
/* when not strict, we don't bother about the verify cert problems */ /* when not strict, we don't bother about the verify cert problems */