[exim-cvs] Test suite: disable OCSP for old OpenSSL versions

Top Page
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Test suite: disable OCSP for old OpenSSL versions
Gitweb: http://git.exim.org/exim.git/commitdiff/6d68e1c72d8bd58b005e9d1c8df890e4fe5e6536
Commit:     6d68e1c72d8bd58b005e9d1c8df890e4fe5e6536
Parent:     e265af1fe6fe0260965aab6fbb18481046cbcf42
Author:     Todd Lyons <tlyons@???>
AuthorDate: Wed Oct 29 07:26:17 2014 -0700
Committer:  Todd Lyons <tlyons@???>
CommitDate: Wed Oct 29 07:26:17 2014 -0700


    Test suite: disable OCSP for old OpenSSL versions


    OpenSSL 0.9.8 in CentOS 5.x has early OCSP support, but not stapling
      so just completely disable OCSP using the same logic that exists
      in tls-openssl.c.
---
 test/src/client.c |   12 +++++++++++-
 1 files changed, 11 insertions(+), 1 deletions(-)


diff --git a/test/src/client.c b/test/src/client.c
index 50897a1..72cebbe 100644
--- a/test/src/client.c
+++ b/test/src/client.c
@@ -58,6 +58,10 @@ static int sigalrm_seen = 0;

/* TLS support can be optionally included, either for OpenSSL or GnuTLS. The
latter needs a whole pile of tables. */
+#if !defined(EXIM_HAVE_OPENSSL_TLSEXT) && !defined(DISABLE_OCSP)
+# warning "OpenSSL library version too old; define DISABLE_OCSP in Makefile"
+# define DISABLE_OCSP
+#endif

#ifdef HAVE_OPENSSL
# define HAVE_TLS
@@ -67,7 +71,9 @@ latter needs a whole pile of tables. */
# include <openssl/ssl.h>
# include <openssl/err.h>
# include <openssl/rand.h>
-# include <openssl/ocsp.h>
+# ifndef DISABLE_OCSP
+# include <openssl/ocsp.h>
+# endif
#endif


@@ -188,6 +194,7 @@ setup_verify(BIO *bp, char *CAfile, char *CApath)
}


+#ifndef DISABLE_OCSP
static int
tls_client_stapling_cb(SSL *s, void *arg)
{
@@ -238,6 +245,7 @@ else
X509_STORE_free(store);
return ret;
}
+#endif


/*************************************************
@@ -257,12 +265,14 @@ SSL_set_session_id_context(*ssl, sid_ctx, strlen(sid_ctx));
SSL_set_fd (*ssl, sock);
SSL_set_connect_state(*ssl);

+#ifndef DISABLE_OCSP
if (ocsp_stapling)
{
SSL_CTX_set_tlsext_status_cb(ctx, tls_client_stapling_cb);
SSL_CTX_set_tlsext_status_arg(ctx, BIO_new_fp(stdout, BIO_NOCLOSE));
SSL_set_tlsext_status_type(*ssl, TLSEXT_STATUSTYPE_ocsp);
}
+#endif

signal(SIGALRM, sigalrm_handler_flag);
sigalrm_seen = 0;