moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 16:18:48 -05:00
Code Issues Releases Wiki Activity

openssl: do the OCSP work-around for libressl too

Browse Source 
I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to
still require the work-around for stapling to work.
This commit is contained in:
Daniel Stenberg 2015-03-24 23:39:52 +01:00
parent bd9ac3cff2
commit ac2827ac09
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/vtls/openssl.c
View File

@ -1360,7 +1360,8 @@ static CURLcode verifystatus(struct connectdata *conn,
ch = SSL_get_peer_cert_chain(connssl->handle); ch = SSL_get_peer_cert_chain(connssl->handle);
st = SSL_CTX_get_cert_store(connssl->ctx); st = SSL_CTX_get_cert_store(connssl->ctx);
#if (OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
defined(LIBRESSL_VERSION_NUMBER))
/* The authorized responder cert in the OCSP response MUST be signed by the /* The authorized responder cert in the OCSP response MUST be signed by the
peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert, peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
no problem, but if it's an intermediate cert OpenSSL has a bug where it no problem, but if it's an intermediate cert OpenSSL has a bug where it