From 23c6f0a3447b48d2d3f41cc9168bbf24fbd834a0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 22 Jan 2015 23:34:43 +0100 Subject: [PATCH] OCSP stapling: disabled when build with BoringSSL --- lib/vtls/openssl.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index c066d43ea..2bb76aebe 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -64,7 +64,9 @@ #include #include #include +#ifndef HAVE_BORINGSSL #include +#endif #else #include #include @@ -1321,6 +1323,7 @@ static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert) return result; } +#ifndef HAVE_BORINGSSL static CURLcode verifystatus(struct connectdata *conn, struct ssl_connect_data *connssl) { @@ -1443,6 +1446,7 @@ end: return result; } +#endif /* HAVE_BORINGSSL */ #endif /* USE_SSLEAY */ @@ -2056,8 +2060,10 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) return CURLE_OUT_OF_MEMORY; } +#ifndef HAVE_BORINGSSL if(data->set.ssl.verifystatus) SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp); +#endif SSL_set_connect_state(connssl->handle); @@ -2742,6 +2748,7 @@ static CURLcode servercert(struct connectdata *conn, infof(data, "\t SSL certificate verify ok.\n"); } +#ifndef HAVE_BORINGSSL if(data->set.ssl.verifystatus) { result = verifystatus(conn, connssl); if(result) { @@ -2750,6 +2757,7 @@ static CURLcode servercert(struct connectdata *conn, return result; } } +#endif if(!strict) /* when not strict, we don't bother about the verify cert problems */ -- 2.40.0