From 62a721ea47e1e697faa7e3d87c8c9025808a8667 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 5 Oct 2017 10:16:40 +0200 Subject: [PATCH] openssl: enable PKCS12 support for !BoringSSL Enable PKCS12 for all non-boringssl builds without relying on configure or cmake checks. Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html Reported-by: Christian Schmitz Closes #1948 --- CMakeLists.txt | 1 - configure.ac | 5 +---- lib/vtls/openssl.c | 6 ++++-- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 261baba5c..3bfb5febd 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -366,7 +366,6 @@ if(CMAKE_USE_OPENSSL) check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H) check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H) check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H) - check_include_file("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H) check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H) check_include_file("openssl/ssl.h" HAVE_OPENSSL_SSL_H) check_include_file("openssl/x509.h" HAVE_OPENSSL_X509_H) diff --git a/configure.ac b/configure.ac index 56b8756ba..8d71bb6fc 100755 --- a/configure.ac +++ b/configure.ac @@ -1647,10 +1647,7 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno && fi fi - if test X"$OPENSSL_ENABLED" = X"1"; then - dnl is there a pkcs12.h header present? - AC_CHECK_HEADERS(openssl/pkcs12.h) - else + if test X"$OPENSSL_ENABLED" != X"1"; then LIBS="$CLEANLIBS" fi diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 7b41353d0..2ee27d5b5 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -69,7 +69,9 @@ #include #include -#ifdef HAVE_OPENSSL_PKCS12_H +#ifndef OPENSSL_IS_BORINGSSL +/* BoringSSL does not support PKCS12 */ +#define HAVE_PKCS12_SUPPORT 1 #include #endif @@ -653,7 +655,7 @@ int cert_stuff(struct connectdata *conn, case SSL_FILETYPE_PKCS12: { -#ifdef HAVE_OPENSSL_PKCS12_H +#ifdef HAVE_PKCS12_SUPPORT FILE *f; PKCS12 *p12; EVP_PKEY *pri;