On mar, gen 27, 2015 at 01:18:54 +0000, Steve Holme wrote: > On Mon, 26 Jan 2015, John E. Malmberg wrote: > > > The lib/vtls/openssl.c verifystatus() can not be compiled using > > OpenSSL builds that define the macro OPENSSL_NO_TLSEXT in > > opensslconf.h. > > I've just pushed commit a268a804b7 which hopefully fixes it. I tried to > compile OpenSSL here with 'no-tlsext' and ran into compilation errors in > OpenSSL :( > > However, it build enough of itself for me to test my fix here. However, I > would appreciate it if you could also give it a once over please. > > I've also pushed a fix to correct Curl_ossl_cert_status_request() not > returning FALSE when OCSP stapling is disabled through compilation with > BoringSSL or OpenSSL with 'no-tlsext' which I believe is the correct thing to > do. But if Daniel, Alessandro or someone else that knows more about it than > me could verify this as well that would be great.
It looks good to me, but note that the OpenSSL developers are planning to remove the OPENSSL_NO_TLSEXT option (see [0]), so this will probably fail to build at some point in the future. Cheers [0] http://thread.gmane.org/gmane.comp.encryption.openssl.devel/28226
signature.asc
Description: Digital signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
