On Mon, 9 Feb 2015, GitHub wrote: > openssl: Disable OCSP in old versions of OpenSSL > > Versions of OpenSSL prior to v0.9.8h do not support the necessary > functions for OCSP stapling.
As most of you know... I am predominately a Windows developer - although I do have a CentOS 5 VM that I use for compiling curl under Linux with, for example, doing the GSS-API work I did before Christmas and double checking authentication bugs / fixes across the two platforms. Over the weekend I came to build curl on Centos and found that it didn't build against the build in version of OpenSSL (v0.9.8b) :( I appreciate this is a fairly old version but given we support 0.9.7+ (according to our docs) I decided to do some digging around and try and fix this. Anyway, I found that the OCSP stapling functions we use were added to openssl/ssl/tls1.h in 0.9.8h. I couldn't find this in any documentation but instead had to look at the header files - given that I have pushed a fix to enable building on my platform, would someone with more experience in this area please double check my findings. Additionally, I was wondering should I be using HAVE_BORINGSSL or OPENSSL_IS_BORINGSSL in some of my pre-processor checks - or doesn't that matter? Many thanks Steve ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
