cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: lib/vtls/openssl.c verifystatus not compiling if OPENSSL_NO_TLSEXT is defined.

From: Alessandro Ghedini <alessandro_at_ghedini.me>
Date: Tue, 27 Jan 2015 17:57:41 +0100

On mar, gen 27, 2015 at 04:17:40 +0000, Joe Mason wrote:
> > From: curl-library [curl-library-bounces_at_cool.haxx.se] on behalf of Alessandro
> > Ghedini [alessandro_at_ghedini.me]
> >
> > It looks good to me, but note that the OpenSSL developers are planning to
> > remove
> > the OPENSSL_NO_TLSEXT option (see [0]), so this will probably fail to build at
> > some point in the future.
>
> I don't think that will cause a problem unless a version of openssl ships that doesn't have OCSP support but doesn't define OPENSSL_NO_TLSEXT. I assume that's not what they're doing - if they remove the definition, it would mean that all versions shipped after that point always support TLSEXT (and therefore OCSP).

Right, I have no idea why I wrote that it would fail to build, go figure...

> However it might be a good idea to define a OPENSSL_HAVE_OCSP macro, so that we don't have to repeat this test several times, and only have to update the macro definition if we find other configurations that need OCSP disabled.

Yes, it may also check for the OpenSSL version, although it's probably old
enough that a check isn't really needed. I'll write a patch if no one beats me
to it.

Cheers

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2015-01-27