Fix OCSP related error when building with BoringSSL
BoringSSL has no "openssl/ocsp.h" nor most OCSP related APIs used in shrpx_tls.cc. This commit add ifdefs to disable related code to allow building nghttp2 with BoringSSL (again). It's possible to use !defined(OPENSSL_IS_BORINGSSL), but since BoringSSL defines OPENSSL_NO_OCSP which is more specific, I chose to go with the latter one.
This commit is contained in:
parent
6fec532012
commit
5996798a34
|
@ -45,7 +45,9 @@
|
||||||
#include <openssl/x509v3.h>
|
#include <openssl/x509v3.h>
|
||||||
#include <openssl/rand.h>
|
#include <openssl/rand.h>
|
||||||
#include <openssl/dh.h>
|
#include <openssl/dh.h>
|
||||||
|
#ifndef OPENSSL_NO_OCSP
|
||||||
#include <openssl/ocsp.h>
|
#include <openssl/ocsp.h>
|
||||||
|
#endif // OPENSSL_NO_OCSP
|
||||||
|
|
||||||
#include <nghttp2/nghttp2.h>
|
#include <nghttp2/nghttp2.h>
|
||||||
|
|
||||||
|
@ -1544,7 +1546,7 @@ int cert_lookup_tree_add_ssl_ctx(
|
||||||
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||||
auto cert = SSL_CTX_get0_certificate(ssl_ctx);
|
auto cert = SSL_CTX_get0_certificate(ssl_ctx);
|
||||||
#else // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER <
|
#else // defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER <
|
||||||
// 0x10002000L
|
// 0x10002000L
|
||||||
auto tls_ctx_data =
|
auto tls_ctx_data =
|
||||||
static_cast<TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx));
|
static_cast<TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx));
|
||||||
auto cert = load_certificate(tls_ctx_data->cert_file);
|
auto cert = load_certificate(tls_ctx_data->cert_file);
|
||||||
|
@ -1837,7 +1839,9 @@ int proto_version_from_string(const StringRef &v) {
|
||||||
|
|
||||||
int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp,
|
int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp,
|
||||||
size_t ocsp_resplen) {
|
size_t ocsp_resplen) {
|
||||||
#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
||||||
|
#if !defined(OPENSSL_NO_OCSP) && !defined(LIBRESSL_VERSION_NUMBER) && \
|
||||||
|
OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||||
int rv;
|
int rv;
|
||||||
|
|
||||||
STACK_OF(X509) * chain_certs;
|
STACK_OF(X509) * chain_certs;
|
||||||
|
@ -1909,8 +1913,8 @@ int verify_ocsp_response(SSL_CTX *ssl_ctx, const uint8_t *ocsp_resp,
|
||||||
if (LOG_ENABLED(INFO)) {
|
if (LOG_ENABLED(INFO)) {
|
||||||
LOG(INFO) << "OCSP verification succeeded";
|
LOG(INFO) << "OCSP verification succeeded";
|
||||||
}
|
}
|
||||||
#endif // !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >=
|
#endif // !defined(OPENSSL_NO_OCSP) && !defined(LIBRESSL_VERSION_NUMBER)
|
||||||
// 0x10002000L
|
// && OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue