curl-library
RE: [bagder/curl] d771b4: openssl: Disable OCSP in old versions of OpenSSL
Date: Tue, 10 Feb 2015 23:11:32 +0000
On Tue, 10 Feb 2015, Alessandro Ghedini wrote:
> > Over the weekend I came to build curl on Centos and found that it
> > didn't build against the build in version of OpenSSL (v0.9.8b) :(
> >
> > I appreciate this is a fairly old version but given we support 0.9.7+
> > (according to our docs) I decided to do some digging around and try
> > and fix this.
> >
> > Anyway, I found that the OCSP stapling functions we use were added
> > to openssl/ssl/tls1.h in 0.9.8h.
> >
> > I couldn't find this in any documentation but instead had to look at the
header files - given that I have pushed a fix to enable building on my
platform, would someone with more experience in this area please double
check my findings.
>
> Looks good to me. It's pretty much what my patch [0] did, except that I
> used 0x0090807f instead of 0x0090808f by mistake.
Thanks for verifying that and sorry we missed your patch :(
> It seems to me that they are the same thing, except that HAVE_BORINGSSL
> can be used outside of openssl.c (and it's generally more used). I haven't
tried
> boringssl though, so I could be wrong.
I've pull down a copy of the repo under my Linux VM (not under Windows yet)
just so I could check out some API differences.
For consistency I think I'll change the HAVE_BORINGSSL usage in openssl.c
(where possible) to use OPENSSL_IS_BORINGSSL as I noticed last night that
this pre-processor variable is already used more than my usage of
HAVE_BORINGSSL is. In that respect it seems sensible to me to use
HAVE_BORINGSSL outside of openssl.c such as in the curl_des and ntlm code
;-)
Kind Regards
Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-02-11