diff options
author | Matt Caswell <matt@openssl.org> | 2016-03-21 16:54:53 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-04-06 14:57:45 +0100 |
commit | 3e41ac35281827b59e55d51058cf6bb086c1f2b5 (patch) | |
tree | a8064c66c48200152a8c6f4ac45a7a93ccfec506 /apps | |
parent | 7626fbf2ef70e02f47afe59b7dd7210e75371ed7 (diff) |
Fix no-ocsp
Misc fixes for no-ocsp
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'apps')
-rw-r--r-- | apps/ocsp.c | 11 | ||||
-rw-r--r-- | apps/s_client.c | 8 | ||||
-rw-r--r-- | apps/s_server.c | 9 |
3 files changed, 24 insertions, 4 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index 574ed8c67f..24d88da5c3 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -55,8 +55,12 @@ * Hudson (tjh@cryptsoft.com). * */ -#ifndef OPENSSL_NO_OCSP +#include <openssl/opensslconf.h> + +#ifdef OPENSSL_NO_OCSP +NON_EMPTY_TRANSLATION_UNIT +#else # ifdef OPENSSL_SYS_VMS # define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined * on OpenVMS */ @@ -69,8 +73,9 @@ # include <string.h> # include <time.h> # include <ctype.h> -# include "apps.h" /* needs to be included before the openssl - * headers! */ + +/* Needs to be included before the openssl headers */ +# include "apps.h" # include <openssl/e_os2.h> # include <openssl/crypto.h> # include <openssl/err.h> diff --git a/apps/s_client.c b/apps/s_client.c index 5b4cd4839f..b180dbc1cb 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -207,7 +207,9 @@ static int c_ign_eof = 0; static int c_brief = 0; static void print_stuff(BIO *berr, SSL *con, int full); +#ifndef OPENSSL_NO_OCSP static int ocsp_resp_cb(SSL *s, void *arg); +#endif static int saved_errno; @@ -757,7 +759,9 @@ OPTIONS s_client_options[] = { "Set TLS extension servername in ClientHello"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, +#ifndef OPENSSL_NO_OCSP {"status", OPT_STATUS, '-', "Request certificate status from server"}, +#endif {"serverinfo", OPT_SERVERINFO, 's', "types Send empty ClientHello extensions (comma-separated numbers)"}, {"alpn", OPT_ALPN, 's', @@ -1888,11 +1892,13 @@ int s_client_main(int argc, char **argv) SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_c_out); } +#ifndef OPENSSL_NO_OCSP if (c_status_req) { SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); } +#endif SSL_set_bio(con, sbio, sbio); SSL_set_connect_state(con); @@ -2736,6 +2742,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) (void)BIO_flush(bio); } +# ifndef OPENSSL_NO_OCSP static int ocsp_resp_cb(SSL *s, void *arg) { const unsigned char *p; @@ -2759,5 +2766,6 @@ static int ocsp_resp_cb(SSL *s, void *arg) OCSP_RESPONSE_free(rsp); return 1; } +# endif #endif diff --git a/apps/s_server.c b/apps/s_server.c index 08acc476a7..e0aa2ae4f8 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -230,7 +230,6 @@ static BIO *bio_s_msg = NULL; static int s_debug = 0; static int s_tlsextdebug = 0; static int s_tlsextstatus = 0; -static int cert_status_cb(SSL *s, void *arg); static int no_resume_ephemeral = 0; static int s_msg = 0; static int s_quiet = 0; @@ -604,6 +603,7 @@ typedef struct tlsextstatusctx_st { static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, 0 }; +#ifndef OPENSSL_NO_OCSP /* * Certificate Status callback. This is called when a client includes a * certificate status request extension. This is a simplified version. It @@ -717,6 +717,7 @@ static int cert_status_cb(SSL *s, void *arg) ret = SSL_TLSEXT_ERR_ALERT_FATAL; goto done; } +#endif #ifndef OPENSSL_NO_NEXTPROTONEG /* This is the context that we pass to next_proto_cb */ @@ -919,12 +920,14 @@ OPTIONS s_server_options[] = { "CA file for certificate verification (PEM format)"}, {"ign_eof", OPT_IGN_EOF, '-', "ignore input eof (default when -quiet)"}, {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input eof"}, +#ifndef OPENSSL_NO_OCSP {"status", OPT_STATUS, '-', "Request certificate status from server"}, {"status_verbose", OPT_STATUS_VERBOSE, '-', "Print more output in certificate status callback"}, {"status_timeout", OPT_STATUS_TIMEOUT, 'n', "Status request responder timeout"}, {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"}, +#endif #ifndef OPENSSL_NO_SSL_TRACE {"trace", OPT_TRACE, '-', "trace protocol messages"}, #endif @@ -1323,6 +1326,7 @@ int s_server_main(int argc, char *argv[]) tlscstatp.timeout = atoi(opt_arg()); break; case OPT_STATUS_URL: +#ifndef OPENSSL_NO_OCSP s_tlsextstatus = 1; if (!OCSP_parse_url(opt_arg(), &tlscstatp.host, @@ -1331,6 +1335,7 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_err, "Error parsing URL\n"); goto end; } +#endif break; case OPT_MSG: s_msg = 1; @@ -2009,6 +2014,7 @@ int s_server_main(int argc, char *argv[]) if (ctx2) SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile)); } +#ifndef OPENSSL_NO_OCSP if (s_tlsextstatus) { SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); @@ -2017,6 +2023,7 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_tlsext_status_arg(ctx2, &tlscstatp); } } +#endif BIO_printf(bio_s_out, "ACCEPT\n"); (void)BIO_flush(bio_s_out); |