1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

openssl: do the OCSP work-around for libressl too

I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to
still require the work-around for stapling to work.
This commit is contained in:
Daniel Stenberg 2015-03-24 23:39:52 +01:00
parent bd9ac3cff2
commit ac2827ac09

View File

@ -1360,7 +1360,8 @@ static CURLcode verifystatus(struct connectdata *conn,
ch = SSL_get_peer_cert_chain(connssl->handle); ch = SSL_get_peer_cert_chain(connssl->handle);
st = SSL_CTX_get_cert_store(connssl->ctx); st = SSL_CTX_get_cert_store(connssl->ctx);
#if (OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
defined(LIBRESSL_VERSION_NUMBER))
/* The authorized responder cert in the OCSP response MUST be signed by the /* The authorized responder cert in the OCSP response MUST be signed by the
peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert, peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
no problem, but if it's an intermediate cert OpenSSL has a bug where it no problem, but if it's an intermediate cert OpenSSL has a bug where it