curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: HAVE_OPENSSL_PKCS12_H on Windows?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 5 Oct 2017 10:11:17 +0200 (CEST)

On Thu, 5 Oct 2017, Christian Schmitz wrote:

> Sorry, no configure on Windows. We simply call nmake:

Ok, thanks. That explains it!

I think we might be able to improve the #ifdef check. I *think* PKCS12 support
is always present in the OpenSSL versions we support and its only BoringSSL
that doesn't have it, so we should be able to tweak the code to better adjust
for non-configure, non-cmake builds.

What do you think about this fix?

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 4253160aa..b1f94a148 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -67,11 +67,13 @@
  #include <openssl/bn.h>
  #include <openssl/rsa.h>
  #include <openssl/bio.h>
  #include <openssl/buffer.h>

-#ifdef HAVE_OPENSSL_PKCS12_H
+#ifndef OPENSSL_IS_BORINGSSL
+/* BoringSSL does not support PKCS12 */
+#define HAVE_PKCS12_SUPPORT 1
  #include <openssl/pkcs12.h>
  #endif

  #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
  #include <openssl/ocsp.h>
@@ -651,11 +653,11 @@ int cert_stuff(struct connectdata *conn,
        return 0;
  #endif

      case SSL_FILETYPE_PKCS12:
      {
-#ifdef HAVE_OPENSSL_PKCS12_H
+#ifdef HAVE_PKCS12_SUPPORT
        FILE *f;
        PKCS12 *p12;
        EVP_PKEY *pri;
        STACK_OF(X509) *ca = NULL;

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2017-10-05