On Mon, 9 Feb 2015, GitHub wrote:

> openssl: Disable OCSP in old versions of OpenSSL
>
> Versions of OpenSSL prior to v0.9.8h do not support the necessary
> functions for OCSP stapling.

As most of you know... I am predominately a Windows developer - although I do have a CentOS 5 VM that I use for compiling curl under Linux with, for example, doing the GSS-API work I did before Christmas and double checking authentication bugs / fixes across the two platforms.

Over the weekend I came to build curl on Centos and found that it didn't build against the build in version of OpenSSL (v0.9.8b) :(

I appreciate this is a fairly old version but given we support 0.9.7+ (according to our docs) I decided to do some digging around and try and fix this.

Anyway, I found that the OCSP stapling functions we use were added to openssl/ssl/tls1.h in 0.9.8h.

I couldn't find this in any documentation but instead had to look at the header files - given that I have pushed a fix to enable building on my platform, would someone with more experience in this area please double check my findings.

Additionally, I was wondering should I be using HAVE_BORINGSSL or OPENSSL_IS_BORINGSSL in some of my pre-processor checks - or doesn't that matter?

Many thanks

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-02-09