aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2015-01-22 23:34:43 +0100
committerDaniel Stenberg <daniel@haxx.se>2015-01-22 23:34:43 +0100
commit23c6f0a3447b48d2d3f41cc9168bbf24fbd834a0 (patch)
treee541f5c0424f1b140d28a2a53cddd1fd84a1864d /lib
parentd1cf5d570663dac157740cb5e49d24614f185da7 (diff)
OCSP stapling: disabled when build with BoringSSL
Diffstat (limited to 'lib')
-rw-r--r--lib/vtls/openssl.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index c066d43ea..2bb76aebe 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -64,7 +64,9 @@
#include <openssl/md5.h>
#include <openssl/conf.h>
#include <openssl/bn.h>
+#ifndef HAVE_BORINGSSL
#include <openssl/ocsp.h>
+#endif
#else
#include <rand.h>
#include <x509v3.h>
@@ -1321,6 +1323,7 @@ static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
return result;
}
+#ifndef HAVE_BORINGSSL
static CURLcode verifystatus(struct connectdata *conn,
struct ssl_connect_data *connssl)
{
@@ -1443,6 +1446,7 @@ end:
return result;
}
+#endif /* HAVE_BORINGSSL */
#endif /* USE_SSLEAY */
@@ -2056,8 +2060,10 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
return CURLE_OUT_OF_MEMORY;
}
+#ifndef HAVE_BORINGSSL
if(data->set.ssl.verifystatus)
SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp);
+#endif
SSL_set_connect_state(connssl->handle);
@@ -2742,6 +2748,7 @@ static CURLcode servercert(struct connectdata *conn,
infof(data, "\t SSL certificate verify ok.\n");
}
+#ifndef HAVE_BORINGSSL
if(data->set.ssl.verifystatus) {
result = verifystatus(conn, connssl);
if(result) {
@@ -2750,6 +2757,7 @@ static CURLcode servercert(struct connectdata *conn,
return result;
}
}
+#endif
if(!strict)
/* when not strict, we don't bother about the verify cert problems */