aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2015-02-09 20:58:33 +0000
committerSteve Holme <steve_holme@hotmail.com>2015-02-09 21:01:39 +0000
commitd771b44e538aac30b29189fc5c0f3e0f2b668d93 (patch)
tree4873282404683bff7ac1305a3318e073b5d95740
parent7eebf9a3fb7058ca95038450184ec44609a0daa7 (diff)
openssl: Disable OCSP in old versions of OpenSSL
Versions of OpenSSL prior to v0.9.8h do not support the necessary functions for OCSP stapling.
-rw-r--r--lib/vtls/openssl.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 68ca1fbcd..38cf79a27 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1323,7 +1323,8 @@ static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
return result;
}
-#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(HAVE_BORINGSSL)
static CURLcode verifystatus(struct connectdata *conn,
struct ssl_connect_data *connssl)
{
@@ -2060,7 +2061,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
return CURLE_OUT_OF_MEMORY;
}
-#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(HAVE_BORINGSSL)
if(data->set.ssl.verifystatus)
SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp);
#endif
@@ -2748,7 +2750,8 @@ static CURLcode servercert(struct connectdata *conn,
infof(data, "\t SSL certificate verify ok.\n");
}
-#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(HAVE_BORINGSSL)
if(data->set.ssl.verifystatus) {
result = verifystatus(conn, connssl);
if(result) {
@@ -3202,7 +3205,8 @@ void Curl_ossl_md5sum(unsigned char *tmp, /* input */
bool Curl_ossl_cert_status_request(void)
{
-#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+ !defined(HAVE_BORINGSSL)
return TRUE;
#else
return FALSE;