cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: lib/vtls/openssl.c verifystatus not compiling if OPENSSL_NO_TLSEXT is defined.

From: Alessandro Ghedini <alessandro_at_ghedini.me>
Date: Tue, 27 Jan 2015 18:03:11 +0100

On Tue, Jan 27, 2015 at 05:57:41PM +0100, Alessandro Ghedini wrote:
> On mar, gen 27, 2015 at 04:17:40 +0000, Joe Mason wrote:
> > > From: curl-library [curl-library-bounces_at_cool.haxx.se] on behalf of Alessandro
> > > Ghedini [alessandro_at_ghedini.me]
> > >
> > > It looks good to me, but note that the OpenSSL developers are planning to
> > > remove
> > > the OPENSSL_NO_TLSEXT option (see [0]), so this will probably fail to build at
> > > some point in the future.
> >
> > I don't think that will cause a problem unless a version of openssl ships that doesn't have OCSP support but doesn't define OPENSSL_NO_TLSEXT. I assume that's not what they're doing - if they remove the definition, it would mean that all versions shipped after that point always support TLSEXT (and therefore OCSP).
>
> Right, I have no idea why I wrote that it would fail to build, go figure...
>
> > However it might be a good idea to define a OPENSSL_HAVE_OCSP macro, so that we don't have to repeat this test several times, and only have to update the macro definition if we find other configurations that need OCSP disabled.
>
> Yes, it may also check for the OpenSSL version, although it's probably old
> enough that a check isn't really needed. I'll write a patch if no one beats me
> to it.

Patch attached. I put the version check too, since I noticed that there are
other version checks below for even older OpenSSL versions.

Cheers

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2015-01-27