On mar, gen 27, 2015 at 01:18:54 +0000, Steve Holme wrote:
> On Mon, 26 Jan 2015, John E. Malmberg wrote:
>
> > The lib/vtls/openssl.c verifystatus() can not be compiled using
> > OpenSSL builds that define the macro OPENSSL_NO_TLSEXT in
> > opensslconf.h.
>
> I've just pushed commit a268a804b7 which hopefully fixes it. I tried to compile OpenSSL here with 'no-tlsext' and ran into compilation errors in OpenSSL :(
>
> However, it build enough of itself for me to test my fix here. However, I would appreciate it if you could also give it a once over please.
>
> I've also pushed a fix to correct Curl_ossl_cert_status_request() not returning FALSE when OCSP stapling is disabled through compilation with BoringSSL or OpenSSL with 'no-tlsext' which I believe is the correct thing to do. But if Daniel, Alessandro or someone else that knows more about it than me could verify this as well that would be great.

It looks good to me, but note that the OpenSSL developers are planning to remove
the OPENSSL_NO_TLSEXT option (see [0]), so this will probably fail to build at
some point in the future.

Cheers

[0] http://thread.gmane.org/gmane.comp.encryption.openssl.devel/28226

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html