On Mon, Feb 09, 2015 at 09:18:21PM +0000, Steve Holme wrote: > On Mon, 9 Feb 2015, GitHub wrote: > > > openssl: Disable OCSP in old versions of OpenSSL > > > > Versions of OpenSSL prior to v0.9.8h do not support the necessary > > functions for OCSP stapling. > > As most of you know... I am predominately a Windows developer - although I do > have a CentOS 5 VM that I use for compiling curl under Linux with, for > example, doing the GSS-API work I did before Christmas and double checking > authentication bugs / fixes across the two platforms. > > Over the weekend I came to build curl on Centos and found that it didn't > build against the build in version of OpenSSL (v0.9.8b) :( > > I appreciate this is a fairly old version but given we support 0.9.7+ > (according to our docs) I decided to do some digging around and try and fix > this. > > Anyway, I found that the OCSP stapling functions we use were added to > openssl/ssl/tls1.h in 0.9.8h. > > I couldn't find this in any documentation but instead had to look at the > header files - given that I have pushed a fix to enable building on my > platform, would someone with more experience in this area please double check > my findings.
Looks good to me. It's pretty much what my patch [0] did, except that I used 0x0090807f instead of 0x0090808f by mistake. > Additionally, I was wondering should I be using HAVE_BORINGSSL or > OPENSSL_IS_BORINGSSL in some of my pre-processor checks - or doesn't that > matter? It seems to me that they are the same thing, except that HAVE_BORINGSSL can be used outside of openssl.c (and it's generally more used). I haven't tried boringssl though, so I could be wrong. Cheers [0] http://curl.haxx.se/mail/lib-2015-01/0175.html
signature.asc
Description: Digital signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
