openssl: Disable OCSP in old versions of OpenSSL (d771b44e) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/vtls/openssl.c

+8 −4

Original line number	Diff line number	Diff line
		@@ -1323,7 +1323,8 @@ static CURLcode verifyhost(struct connectdata conn, X509 server_cert)
		return result;
		}

		#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
		#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
		!defined(HAVE_BORINGSSL)
		static CURLcode verifystatus(struct connectdata *conn,
		struct ssl_connect_data *connssl)
		{
		@@ -2060,7 +2061,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
		return CURLE_OUT_OF_MEMORY;
		}

		#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
		#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
		!defined(HAVE_BORINGSSL)
		if(data->set.ssl.verifystatus)
		SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp);
		#endif
		@@ -2748,7 +2750,8 @@ static CURLcode servercert(struct connectdata *conn,
		infof(data, "\t SSL certificate verify ok.\n");
		}

		#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
		#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
		!defined(HAVE_BORINGSSL)
		if(data->set.ssl.verifystatus) {
		result = verifystatus(conn, connssl);
		if(result) {
		@@ -3202,7 +3205,8 @@ void Curl_ossl_md5sum(unsigned char tmp, / input */

		bool Curl_ossl_cert_status_request(void)
		{
		#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
		#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
		!defined(HAVE_BORINGSSL)
		return TRUE;
		#else
		return FALSE;