This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/main by this push:
new 77dc8f1b9 Enable building with OpenSSL versions without newer OCSP
error codes
77dc8f1b9 is described below
commit 77dc8f1b9c9550b414fbbe1dc582b9f047263b9f
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Dec 11 09:28:10 2025 +0000
Enable building with OpenSSL versions without newer OCSP error codes
---
native/include/ssl_private.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index d3de1fccf..3b364e454 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -220,6 +220,19 @@ extern ENGINE *tcn_ssl_engine;
#define OCSP_STATUS_UNKNOWN 2
/* 15 minutes - aligns with JSSE */
#define OCSP_MAX_SKEW 900
+/* Older versions of OpenSSL have a smaller range of OCSP error codes*/
+#if !defined(X509_V_ERR_OCSP_RESP_INVALID)
+#define X509_V_ERR_OCSP_RESP_INVALID 96
+#endif
+#if !defined(X509_V_ERR_OCSP_SIGNATURE_FAILURE)
+#define X509_V_ERR_OCSP_SIGNATURE_FAILURE 97
+#endif
+#if !defined(X509_V_ERR_OCSP_NOT_YET_VALID)
+#define X509_V_ERR_OCSP_NOT_YET_VALID 98
+#endif
+#if !defined(X509_V_ERR_OCSP_HAS_EXPIRED)
+#define X509_V_ERR_OCSP_HAS_EXPIRED 99
+#endif
#endif
#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
