diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2015-03-24 23:39:52 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2015-03-24 23:39:52 +0100 |
| commit | ac2827ac09b1ef2ba2ffca0d8046bc0ad143a5d4 (patch) | |
| tree | 205903fffdd80cb00116dafc7617ca5693987672 | |
| parent | bd9ac3cff2539bafb584ac4691151734792d312d (diff) | |
openssl: do the OCSP work-around for libressl too
I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to
still require the work-around for stapling to work.
| -rw-r--r-- | lib/vtls/openssl.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index d399e9aa5..56b5ff112 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1360,7 +1360,8 @@ static CURLcode verifystatus(struct connectdata *conn, ch = SSL_get_peer_cert_chain(connssl->handle); st = SSL_CTX_get_cert_store(connssl->ctx); -#if (OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ +#if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \ + defined(LIBRESSL_VERSION_NUMBER)) /* The authorized responder cert in the OCSP response MUST be signed by the peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert, no problem, but if it's an intermediate cert OpenSSL has a bug where it |