summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.github/workflows/run-checker-ci.yml2
-rwxr-xr-xConfigure5
-rw-r--r--apps/cmp.c66
-rw-r--r--apps/lib/apps.c2
-rw-r--r--apps/s_client.c9
-rw-r--r--crypto/cmp/build.info11
-rw-r--r--crypto/cmp/cmp_client.c2
-rw-r--r--crypto/cmp/cmp_ctx.c6
-rw-r--r--crypto/cmp/cmp_local.h2
-rw-r--r--crypto/err/err_all.c2
-rw-r--r--crypto/x509/x_all.c4
-rw-r--r--include/openssl/cmp.h.in4
-rw-r--r--include/openssl/http.h4
-rw-r--r--test/build.info18
-rw-r--r--test/cmp_ctx_test.c8
-rw-r--r--test/recipes/79-test_http.t5
-rw-r--r--test/recipes/80-test_cmp_http.t2
-rw-r--r--util/libcrypto.num54
18 files changed, 131 insertions, 75 deletions
diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml
index e21b31a47e..a44121fdf2 100644
--- a/.github/workflows/run-checker-ci.yml
+++ b/.github/workflows/run-checker-ci.yml
@@ -23,9 +23,9 @@ jobs:
no-dtls,
no-ec,
no-ec2m,
+ no-http,
no-siv,
no-legacy,
- no-rfc3779,
no-sock,
no-srp,
no-srtp,
diff --git a/Configure b/Configure
index a6c9af9398..e62fbc99a8 100755
--- a/Configure
+++ b/Configure
@@ -459,6 +459,7 @@ my @disablables = (
"fuzz-afl",
"fuzz-libfuzzer",
"gost",
+ "http",
"idea",
"ktls",
"legacy",
@@ -672,7 +673,9 @@ my @disable_cascades = (
"blake2" => [ "argon2" ],
- "deprecated-3.0" => [ "engine", "srp" ]
+ "deprecated-3.0" => [ "engine", "srp" ],
+
+ "http" => [ "ocsp" ]
);
# Avoid protocol support holes. Also disable all versions below N, if version
diff --git a/apps/cmp.c b/apps/cmp.c
index fa2f49585f..72acabcb6f 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -68,7 +68,7 @@ typedef enum {
} cmp_cmd_t;
/* message transfer */
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
static char *opt_server = NULL;
static char *opt_proxy = NULL;
static char *opt_no_proxy = NULL;
@@ -141,7 +141,7 @@ static int opt_keyform = FORMAT_UNDEF;
static char *opt_otherpass = NULL;
static char *opt_engine = NULL;
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
/* TLS connection */
static int opt_tls_used = 0;
static char *opt_tls_cert = NULL;
@@ -164,7 +164,7 @@ static char *opt_rspout = NULL;
static int opt_use_mock_srv = 0;
/* mock server */
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
static char *opt_port = NULL;
static int opt_max_msgs = 0;
#endif
@@ -213,7 +213,7 @@ typedef enum OPTION_choice {
OPT_OLDCERT, OPT_REVREASON,
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
OPT_SERVER, OPT_PROXY, OPT_NO_PROXY,
#endif
OPT_RECIPIENT, OPT_PATH,
@@ -236,7 +236,7 @@ typedef enum OPTION_choice {
OPT_PROV_ENUM,
OPT_R_ENUM,
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
OPT_TLS_USED, OPT_TLS_CERT, OPT_TLS_KEY,
OPT_TLS_KEYPASS,
OPT_TLS_EXTRA, OPT_TLS_TRUSTED, OPT_TLS_HOST,
@@ -246,7 +246,7 @@ typedef enum OPTION_choice {
OPT_REQIN, OPT_REQIN_NEW_TID, OPT_REQOUT, OPT_RSPIN, OPT_RSPOUT,
OPT_USE_MOCK_SRV,
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
OPT_PORT, OPT_MAX_MSGS,
#endif
OPT_SRV_REF, OPT_SRV_SECRET,
@@ -346,9 +346,9 @@ const OPTIONS cmp_options[] = {
"0..6, 8..10 (see RFC5280, 5.3.1) or -1. Default -1 = none included"},
OPT_SECTION("Message transfer"),
-#ifdef OPENSSL_NO_SOCK
+#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP)
{OPT_MORE_STR, 0, 0,
- "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock build"},
+ "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock/no-http build"},
#else
{"server", OPT_SERVER, 's',
"[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443."},
@@ -441,9 +441,9 @@ const OPTIONS cmp_options[] = {
OPT_R_OPTIONS,
OPT_SECTION("TLS connection"),
-#ifdef OPENSSL_NO_SOCK
+#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP)
{OPT_MORE_STR, 0, 0,
- "NOTE: -tls_used and all other TLS options not supported due to no-sock build"},
+ "NOTE: -tls_used and all other TLS options not supported due to no-sock/no-http build"},
#else
{"tls_used", OPT_TLS_USED, '-',
"Enable using TLS (also when other TLS options are not set)"},
@@ -482,9 +482,9 @@ const OPTIONS cmp_options[] = {
"Use internal mock server at API level, bypassing socket-based HTTP"},
OPT_SECTION("Mock server"),
-#ifdef OPENSSL_NO_SOCK
+#if defined(OPENSSL_NO_SOCK) || defined(OPENSSL_NO_HTTP)
{OPT_MORE_STR, 0, 0,
- "NOTE: -port and -max_msgs not supported due to no-sock build"},
+ "NOTE: -port and -max_msgs not supported due to no-sock/no-http build"},
#else
{"port", OPT_PORT, 's',
"Act as HTTP-based mock server listening on given port"},
@@ -571,7 +571,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
{&opt_oldcert}, {(char **)&opt_revreason},
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
{&opt_server}, {&opt_proxy}, {&opt_no_proxy},
#endif
{&opt_recipient}, {&opt_path}, {(char **)&opt_keep_alive},
@@ -593,7 +593,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
{&opt_engine},
#endif
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
{(char **)&opt_tls_used}, {&opt_tls_cert}, {&opt_tls_key},
{&opt_tls_keypass},
{&opt_tls_extra}, {&opt_tls_trusted}, {&opt_tls_host},
@@ -604,7 +604,7 @@ static varref cmp_vars[] = { /* must be in same order as enumerated above! */
{&opt_reqout}, {&opt_rspin}, {&opt_rspout},
{(char **)&opt_use_mock_srv},
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
{&opt_port}, {(char **)&opt_max_msgs},
#endif
{&opt_srv_ref}, {&opt_srv_secret},
@@ -807,7 +807,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
CMP_warn("too few -rspin filename arguments; resorting to using mock server");
res = OSSL_CMP_CTX_server_perform(ctx, actual_req);
} else {
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_server == NULL) {
CMP_err("missing -server or -use_mock_srv option, or too few -rspin filename arguments");
goto err;
@@ -816,7 +816,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
CMP_warn("too few -rspin filename arguments; resorting to contacting server");
res = OSSL_CMP_MSG_http_perform(ctx, actual_req);
#else
- CMP_err("-server not supported on no-sock build; missing -use_mock_srv option or too few -rspin filename arguments");
+ CMP_err("-server not supported on no-sock/no-http build; missing -use_mock_srv option or too few -rspin filename arguments");
#endif
}
rspin_in_use = 0;
@@ -1232,7 +1232,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
return 1;
}
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
/*
* set up ssl_ctx for the OSSL_CMP_CTX based on options from config file/CLI.
* Returns pointer on success, NULL on error
@@ -1854,7 +1854,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
{
int ret = 0;
char *host = NULL, *port = NULL, *path = NULL, *used_path = opt_path;
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
int portnum, use_ssl;
static char server_port[32] = { '\0' };
const char *proxy_host = NULL;
@@ -1863,7 +1863,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
char proxy_buf[200] = "";
if (!opt_use_mock_srv && opt_rspin == NULL) { /* note: -port is not given */
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_server == NULL) {
CMP_err("missing -server or -use_mock_srv or -rspin option");
goto err;
@@ -1873,7 +1873,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
goto err;
#endif
}
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_server == NULL) {
if (opt_proxy != NULL)
CMP_warn("ignoring -proxy option since -server is not given");
@@ -1967,7 +1967,7 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
|| opt_rspin != NULL || opt_rspout != NULL || opt_use_mock_srv)
(void)OSSL_CMP_CTX_set_transfer_cb(ctx, read_write_req_resp);
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_tls_used) {
APP_HTTP_TLS_INFO *info;
@@ -2404,7 +2404,7 @@ static int get_opts(int argc, char **argv)
if (!set_verbosity(opt_int_arg()))
goto opthelp;
break;
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
case OPT_SERVER:
opt_server = opt_str();
break;
@@ -2434,7 +2434,7 @@ static int get_opts(int argc, char **argv)
case OPT_TOTAL_TIMEOUT:
opt_total_timeout = opt_int_arg();
break;
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
case OPT_TLS_USED:
opt_tls_used = 1;
break;
@@ -2650,7 +2650,7 @@ static int get_opts(int argc, char **argv)
opt_use_mock_srv = 1;
break;
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
case OPT_PORT:
opt_port = opt_str();
break;
@@ -2739,7 +2739,7 @@ static int get_opts(int argc, char **argv)
return 1;
}
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx)
{
BIO *acbio;
@@ -2827,7 +2827,7 @@ static void print_status(void)
OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, OSSL_CMP_PKISI_BUFLEN);
const char *from = "", *server = "";
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_server != NULL) {
from = " from ";
server = opt_server;
@@ -3006,7 +3006,7 @@ int cmp_main(int argc, char **argv)
goto err;
}
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_tls_cert == NULL && opt_tls_key == NULL && opt_tls_keypass == NULL
&& opt_tls_extra == NULL && opt_tls_trusted == NULL
&& opt_tls_host == NULL) {
@@ -3040,7 +3040,7 @@ int cmp_main(int argc, char **argv)
#endif
if (opt_use_mock_srv
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|| opt_port != NULL
#endif
) {
@@ -3057,7 +3057,7 @@ int cmp_main(int argc, char **argv)
OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity);
}
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_tls_used && (opt_use_mock_srv || opt_server == NULL)) {
CMP_warn("ignoring -tls_used option since -use_mock_srv is given or -server is not given");
opt_tls_used = 0;
@@ -3145,7 +3145,7 @@ int cmp_main(int argc, char **argv)
cleanse(opt_keypass);
cleanse(opt_newkeypass);
cleanse(opt_otherpass);
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
cleanse(opt_tls_keypass);
#endif
cleanse(opt_secret);
@@ -3156,7 +3156,7 @@ int cmp_main(int argc, char **argv)
OSSL_CMP_CTX_print_errors(cmp_ctx);
if (cmp_ctx != NULL) {
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
APP_HTTP_TLS_INFO *info = OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx);
(void)OSSL_CMP_CTX_set_http_cb_arg(cmp_ctx, NULL);
@@ -3165,7 +3165,7 @@ int cmp_main(int argc, char **argv)
X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx));
/* cannot free info already here, as it may be used indirectly by: */
OSSL_CMP_CTX_free(cmp_ctx);
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (info != NULL) {
OPENSSL_free((char *)info->server);
OPENSSL_free((char *)info->port);
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 4f92016ee2..b8beef0556 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2499,7 +2499,7 @@ void store_setup_crl_download(X509_STORE *st)
X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
}
-#ifndef OPENSSL_NO_SOCK
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
static const char *tls_error_hint(void)
{
unsigned long err = ERR_peek_error();
diff --git a/apps/s_client.c b/apps/s_client.c
index fa45197070..56497a9f2b 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1654,6 +1654,7 @@ int s_client_main(int argc, char **argv)
}
if (proxystr != NULL) {
+#ifndef OPENSSL_NO_HTTP
int res;
char *tmp_host = host, *tmp_port = port;
@@ -1688,8 +1689,14 @@ int s_client_main(int argc, char **argv)
"%s: -proxy argument malformed or ambiguous\n", prog);
goto end;
}
+#else
+ BIO_printf(bio_err,
+ "%s: -proxy not supported in no-http build\n", prog);
+ goto end;
+#endif
}
+
if (bindstr != NULL) {
int res;
res = BIO_parse_hostserv(bindstr, &bindhost, &bindport,
@@ -2341,12 +2348,14 @@ int s_client_main(int argc, char **argv)
sbuf_len = 0;
sbuf_off = 0;
+#ifndef OPENSSL_NO_HTTP
if (proxystr != NULL) {
/* Here we must use the connect string target host & port */
if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass,
0 /* no timeout */, bio_err, prog))
goto shut;
}
+#endif
switch ((PROTOCOL_CHOICE) starttls_proto) {
case PROTO_OFF:
diff --git a/crypto/cmp/build.info b/crypto/cmp/build.info
index ad67c434cc..907d78d25f 100644
--- a/crypto/cmp/build.info
+++ b/crypto/cmp/build.info
@@ -1,4 +1,11 @@
LIBS=../../libcrypto
-SOURCE[../../libcrypto]= cmp_asn.c cmp_ctx.c cmp_err.c cmp_util.c \
+$OPENSSLSRC=\
+ cmp_asn.c cmp_ctx.c cmp_err.c cmp_util.c \
cmp_status.c cmp_hdr.c cmp_protect.c cmp_msg.c cmp_vfy.c \
- cmp_server.c cmp_client.c cmp_genm.c cmp_http.c
+ cmp_server.c cmp_client.c cmp_genm.c
+
+IF[{- !$disabled{'http'} -}]
+ $OPENSSLSRC=$OPENSSLSRC cmp_http.c
+ENDIF
+
+SOURCE[../../libcrypto]=$OPENSSLSRC
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index 62f3738247..071c02b187 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -134,8 +134,10 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req,
int time_left;
OSSL_CMP_transfer_cb_t transfer_cb = ctx->transfer_cb;
+#ifndef OPENSSL_NO_HTTP
if (transfer_cb == NULL)
transfer_cb = OSSL_CMP_MSG_http_perform;
+#endif
*rep = NULL;
if (ctx->total_timeout != 0 /* not waiting indefinitely */) {
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index ed15f45489..2b8bd2bd2e 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -163,11 +163,13 @@ int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx)
return 0;
}
+#ifndef OPENSSL_NO_HTTP
if (ctx->http_ctx != NULL) {
(void)OSSL_HTTP_close(ctx->http_ctx, 1);
ossl_cmp_debug(ctx, "disconnected from CMP server");
ctx->http_ctx = NULL;
}
+#endif
ctx->status = OSSL_CMP_PKISTATUS_unspecified;
ctx->failInfoCode = -1;
@@ -191,10 +193,12 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
if (ctx == NULL)
return;
+#ifndef OPENSSL_NO_HTTP
if (ctx->http_ctx != NULL) {
(void)OSSL_HTTP_close(ctx->http_ctx, 1);
ossl_cmp_debug(ctx, "disconnected from CMP server");
}
+#endif
OPENSSL_free(ctx->propq);
OPENSSL_free(ctx->serverPath);
OPENSSL_free(ctx->server);
@@ -813,6 +817,7 @@ DEFINE_OSSL_CMP_CTX_set1(server, char)
/* Set the server exclusion list of the HTTP proxy server */
DEFINE_OSSL_CMP_CTX_set1(no_proxy, char)
+#ifndef OPENSSL_NO_HTTP
/* Set the http connect/disconnect callback function to be used for HTTP(S) */
DEFINE_OSSL_set(OSSL_CMP_CTX, http_cb, OSSL_HTTP_bio_cb_t)
@@ -824,6 +829,7 @@ DEFINE_OSSL_set(OSSL_CMP_CTX, http_cb_arg, void *)
* Returns callback argument set previously (NULL if not set or on error)
*/
DEFINE_OSSL_get(OSSL_CMP_CTX, http_cb_arg, void *, NULL)
+#endif
/* Set callback function for sending CMP request and receiving response */
DEFINE_OSSL_set(OSSL_CMP_CTX, transfer_cb, OSSL_CMP_transfer_cb_t)
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index 1a27d39abf..b8168af06f 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -51,8 +51,10 @@ struct ossl_cmp_ctx_st {
int total_timeout; /* max number of seconds an enrollment may take, incl. */
/* attempts polling for a response if a 'waiting' PKIStatus is received */
time_t end_time; /* session start time + totaltimeout */
+# ifndef OPENSSL_NO_HTTP
OSSL_HTTP_bio_cb_t http_cb;
void *http_cb_arg; /* allows to store optional argument to cb */
+# endif
/* server authentication */
/*
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index 55aa2b8dbd..bbb7eda6d5 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -85,7 +85,9 @@ int ossl_err_load_crypto_strings(void)
# ifndef OPENSSL_NO_ENGINE
|| ossl_err_load_ENGINE_strings() == 0
# endif
+# ifndef OPENSSL_NO_HTTP
|| ossl_err_load_HTTP_strings() == 0
+# endif
# ifndef OPENSSL_NO_OCSP
|| ossl_err_load_OCSP_strings() == 0
# endif
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index e4c5c16f76..09a1034a53 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -98,6 +98,7 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
int timeout, const ASN1_ITEM *it)
{
+#ifndef OPENSSL_NO_HTTP
BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */,
bio, rbio, NULL /* cb */, NULL /* arg */,
1024 /* buf_size */, NULL /* headers */,
@@ -107,6 +108,9 @@ static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio,
BIO_free(mem);
return res;
+#else
+ return 0;
+#endif
}
X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout)
diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in
index c986674be2..7fb74f4560 100644
--- a/include/openssl/cmp.h.in
+++ b/include/openssl/cmp.h.in
@@ -308,9 +308,11 @@ int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
+# ifndef OPENSSL_NO_HTTP
int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
+# endif
typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
const OSSL_CMP_MSG *req);
int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
@@ -408,8 +410,10 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
X509_STORE *trusted_store, X509 *cert);
/* from cmp_http.c */
+# ifndef OPENSSL_NO_HTTP
OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
const OSSL_CMP_MSG *req);
+# endif
/* from cmp_server.c */
typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
diff --git a/include/openssl/http.h b/include/openssl/http.h
index f7ab214265..aa4dac1c1d 100644
--- a/include/openssl/http.h
+++ b/include/openssl/http.h
@@ -33,6 +33,8 @@ extern "C" {
# define OPENSSL_HTTP_PROXY "HTTP_PROXY"
# define OPENSSL_HTTPS_PROXY "HTTPS_PROXY"
+# ifndef OPENSSL_NO_HTTP
+
#define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024)
#define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024)
@@ -103,6 +105,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost,
const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy,
const char *server, int use_ssl);
+
+# endif /* !defined(OPENSSL_NO_HTTP) */
# ifdef __cplusplus
}
# endif
diff --git a/test/build.info b/test/build.info
index f6f19d6407..13f81226ba 100644
--- a/test/build.info
+++ b/test/build.info
@@ -57,7 +57,7 @@ IF[{- !$disabled{tests} -}]
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
recordlentest drbgtest rand_status_test sslbuffertest \
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
- http_test servername_test ocspapitest fatalerrtest tls13ccstest \
+ servername_test ocspapitest fatalerrtest tls13ccstest \
sysdefaulttest errtest ssl_ctx_test build_wincrypt_test \
context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
@@ -515,12 +515,14 @@ IF[{- !$disabled{tests} -}]
DEPEND[ocspapitest]=../libcrypto libtestutil.a
IF[{- !$disabled{sock} -}]
- PROGRAMS{noinst}=http_test
- ENDIF
+ IF[{- !$disabled{http} -}]
+ PROGRAMS{noinst}=http_test
- SOURCE[http_test]=http_test.c
- INCLUDE[http_test]=../include ../apps/include
- DEPEND[http_test]=../libcrypto libtestutil.a
+ SOURCE[http_test]=http_test.c
+ INCLUDE[http_test]=../include ../apps/include
+ DEPEND[http_test]=../libcrypto libtestutil.a
+ ENDIF
+ ENDIF
SOURCE[dtlstest]=dtlstest.c helpers/ssltestlib.c
INCLUDE[dtlstest]=../include ../apps/include
@@ -590,10 +592,6 @@ IF[{- !$disabled{tests} -}]
INCLUDE[ciphername_test]=../include ../apps/include
DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a
- SOURCE[http_test]=http_test.c
- INCLUDE[http_test]=../include ../apps/include
- DEPEND[http_test]=../libcrypto libtestutil.a
-
SOURCE[servername_test]=servername_test.c helpers/ssltestlib.c
INCLUDE[servername_test]=../include ../apps/include
DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a
diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c
index d85acae58b..485e0e47f1 100644
--- a/test/cmp_ctx_test.c
+++ b/test/cmp_ctx_test.c
@@ -318,10 +318,12 @@ static int test_cmp_ctx_log_cb(void)
return result;
}
+#ifndef OPENSSL_NO_HTTP
static BIO *test_http_cb(BIO *bio, void *arg, int use_ssl, int detail)
{
return NULL;
}
+#endif
static OSSL_CMP_MSG *test_transfer_cb(OSSL_CMP_CTX *ctx,
const OSSL_CMP_MSG *req)
@@ -560,7 +562,9 @@ static X509_STORE *X509_STORE_new_1(void)
STACK_OF(TYPE)*, NULL, IS_0, \
sk_##TYPE##_new_null(), sk_##TYPE##_free)
+#ifndef OPENSSL_NO_HTTP
typedef OSSL_HTTP_bio_cb_t OSSL_CMP_http_cb_t;
+#endif
#define DEFINE_SET_CB_TEST(FIELD) \
static OSSL_CMP_##FIELD##_t OSSL_CMP_CTX_get_##FIELD(const CMP_CTX *ctx) \
{ \
@@ -746,8 +750,10 @@ DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, server, char)
DEFINE_SET_INT_TEST(serverPort)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, proxy, char)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, no_proxy, char)
+#ifndef OPENSSL_NO_HTTP
DEFINE_SET_CB_TEST(http_cb)
DEFINE_SET_GET_P_VOID_TEST(http_cb_arg)
+#endif
DEFINE_SET_CB_TEST(transfer_cb)
DEFINE_SET_GET_P_VOID_TEST(transfer_cb_arg)
@@ -837,8 +843,10 @@ int setup_tests(void)
ADD_TEST(test_CTX_set_get_serverPort);
ADD_TEST(test_CTX_set1_get0_proxy);
ADD_TEST(test_CTX_set1_get0_no_proxy);
+#ifndef OPENSSL_NO_HTTP
ADD_TEST(test_CTX_set_get_http_cb);
ADD_TEST(test_CTX_set_get_http_cb_arg);
+#endif
ADD_TEST(test_CTX_set_get_transfer_cb);
ADD_TEST(test_CTX_set_get_transfer_cb_arg);
/* server authentication: */
diff --git a/test/recipes/79-test_http.t b/test/recipes/79-test_http.t
index b3ac70fdeb..ecf6eb23a2 100644
--- a/test/recipes/79-test_http.t
+++ b/test/recipes/79-test_http.t
@@ -12,11 +12,16 @@ use OpenSSL::Test::Utils;
setup("test_http");
+plan skip_all => "HTTP protocol is not supported by this OpenSSL build"
+ if disabled('http');
+plan skip_all => "not supported by no-sock build" if disabled('sock');
+
plan tests => 2;
SKIP: {
skip "sockets disabled", 1 if disabled("sock");
skip "OCSP disabled", 1 if disabled("ocsp");
+ skip "HTTP disabled", 1 if disabled("http");
my $cmd = [qw{openssl ocsp -index any -port 0}];
my @output = run(app($cmd), capture => 1);
$output[0] =~ s/\r\n/\n/g;
diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t
index 5fbdb930c9..4fd03e8b2d 100644
--- a/test/recipes/80-test_cmp_http.t
+++ b/test/recipes/80-test_cmp_http.t
@@ -30,6 +30,8 @@ plan skip_all => "These tests are not supported in a no-ec build"
if disabled("ec");
plan skip_all => "These tests are not supported in a no-sock build"
if disabled("sock");
+plan skip_all => "These tests are not supported in a no-http build"
+ if disabled("http");
plan skip_all => "Tests involving local HTTP server not available on Windows or VMS"
if $^O =~ /^(VMS|MSWin32|msys)$/;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index aedb8789bc..0b8beaa411 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -133,7 +133,7 @@ d2i_OCSP_BASICRESP 134 3_0_0 EXIST::FUNCTION:OCSP
X509v3_add_ext 135 3_0_0 EXIST::FUNCTION:
X509v3_addr_subset 136 3_0_0 EXIST::FUNCTION:RFC3779
CRYPTO_strndup 137 3_0_0 EXIST::FUNCTION:
-OSSL_HTTP_REQ_CTX_free 138 3_0_0 EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_free 138 3_0_0 EXIST::FUNCTION:HTTP
X509_STORE_new 140 3_0_0 EXIST::FUNCTION:
ASN1_TYPE_free 141 3_0_0 EXIST::FUNCTION:
PKCS12_BAGS_new 142 3_0_0 EXIST::FUNCTION:
@@ -266,7 +266,7 @@ WHIRLPOOL_Init 271 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3
EVP_OpenInit 272 3_0_0 EXIST::FUNCTION:
OCSP_response_get1_basic 273 3_0_0 EXIST::FUNCTION:OCSP
CRYPTO_gcm128_tag 274 3_0_0 EXIST::FUNCTION:
-OSSL_HTTP_parse_url 275 3_0_0 EXIST::FUNCTION:
+OSSL_HTTP_parse_url 275 3_0_0 EXIST::FUNCTION:HTTP
UI_get0_test_string 276 3_0_0 EXIST::FUNCTION:
CRYPTO_secure_free 277 3_0_0 EXIST::FUNCTION:
DSA_print_fp 278 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
@@ -614,7 +614,7 @@ UI_get0_result_string 629 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_add_policy 630 3_0_0 EXIST::FUNCTION:TS
X509_REQ_dup 631 3_0_0 EXIST::FUNCTION:
d2i_DSA_PUBKEY_fp 633 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA,STDIO
-OSSL_HTTP_REQ_CTX_exchange 634 3_0_0 EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_exchange 634 3_0_0 EXIST::FUNCTION:HTTP
d2i_X509_REQ_fp 635 3_0_0 EXIST::FUNCTION:STDIO
DH_OpenSSL 636 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DH
BN_get_rfc3526_prime_8192 637 3_0_0 EXIST::FUNCTION:
@@ -1114,7 +1114,7 @@ PEM_write_bio_PKCS7 1141 3_0_0 EXIST::FUNCTION:
MDC2_Final 1142 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MDC2
SMIME_crlf_copy 1143 3_0_0 EXIST::FUNCTION:
OCSP_REQUEST_get_ext_count 1144 3_0_0 EXIST::FUNCTION:OCSP
-OSSL_HTTP_REQ_CTX_new 1145 3_0_0 EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_new 1145 3_0_0 EXIST::FUNCTION:HTTP
X509_load_cert_crl_file 1146 3_0_0 EXIST::FUNCTION:
EVP_PKEY_new_mac_key 1147 3_0_0 EXIST::FUNCTION:
DIST_POINT_new 1148 3_0_0 EXIST::FUNCTION:
@@ -1378,7 +1378,7 @@ BIO_set_ex_data 1411 3_0_0 EXIST::FUNCTION:
SHA512 1412 3_0_0 EXIST::FUNCTION:
X509_STORE_CTX_get_explicit_policy 1413 3_0_0 EXIST::FUNCTION:
EVP_DecodeBlock 1414 3_0_0 EXIST::FUNCTION:
-OSSL_HTTP_REQ_CTX_set_request_line 1415 3_0_0 EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_set_request_line 1415 3_0_0 EXIST::FUNCTION:HTTP
EVP_MD_CTX_reset 1416 3_0_0 EXIST::FUNCTION:
X509_NAME_new 1417 3_0_0 EXIST::FUNCTION:
ASN1_item_pack 1418 3_0_0 EXIST::FUNCTION:
@@ -1576,7 +1576,7 @@ BIO_ADDRINFO_address 1613 3_0_0 EXIST::FUNCTION:SOCK
ASN1_STRING_print_ex 1614 3_0_0 EXIST::FUNCTION:
i2d_CMS_ReceiptRequest 1615 3_0_0 EXIST::FUNCTION:CMS
d2i_TS_REQ_fp 1616 3_0_0 EXIST::FUNCTION:STDIO,TS
-OSSL_HTTP_REQ_CTX_set1_req 1617 3_0_0 EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_set1_req 1617 3_0_0 EXIST::FUNCTION:HTTP
EVP_PKEY_get_default_digest_nid 1618 3_0_0 EXIST::FUNCTION:
ASIdOrRange_new 1619 3_0_0 EXIST::FUNCTION:RFC3779
ASN1_SCTX_new 1620 3_0_0 EXIST::FUNCTION:
@@ -1592,7 +1592,7 @@ CRYPTO_ocb128_cleanup 1629 3_0_0 EXIST::FUNCTION:OCB
EVP_des_ede_cbc 1630 3_0_0 EXIST::FUNCTION:DES
i2d_ASN1_TIME 1631 3_0_0 EXIST::FUNCTION:
ENGINE_register_all_pkey_asn1_meths 1632 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
-OSSL_HTTP_REQ_CTX_set_max_response_length 1633 3_0_0 EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_set_max_response_length 1633 3_0_0 EXIST::FUNCTION:HTTP
d2i_ISSUING_DIST_POINT 1634 3_0_0 EXIST::FUNCTION:
CMS_RecipientInfo_set0_key 1635 3_0_0 EXIST::FUNCTION:CMS
NCONF_new 1636 3_0_0 EXIST::FUNCTION:
@@ -1849,7 +1849,7 @@ OCSP_ONEREQ_add_ext 1892 3_0_0 EXIST::FUNCTION:OCSP
CMS_uncompress 1893 3_0_0 EXIST::FUNCTION:CMS
CRYPTO_mem_debug_pop 1895 3_0_0 EXIST::FUNCTION:CRYPTO_MDEBUG,DEPRECATEDIN_3_0
EVP_aes_192_cfb128 1896 3_0_0 EXIST::FUNCTION:
-OSSL_HTTP_REQ_CTX_nbio 1897 3_0_0 EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_nbio 1897 3_0_0 EXIST::FUNCTION:HTTP
EVP_CIPHER_CTX_copy 1898 3_0_0 EXIST::FUNCTION:
CRYPTO_secure_allocated 1899 3_0_0 EXIST::FUNCTION:
UI_UTIL_read_pw_string 1900 3_0_0 EXIST::FUNCTION:
@@ -2415,7 +2415,7 @@ Camellia_decrypt 2466 3_0_0 EXIST::FUNCTION:CAMELLIA,DEPR
X509_signature_print 2467 3_0_0 EXIST::FUNCTION:
EVP_camellia_128_ecb 2468 3_0_0 EXIST::FUNCTION:CAMELLIA
MD2_Final 2469 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,MD2
-OSSL_HTTP_REQ_CTX_add1_header 2470 3_0_0 EXIST::FUNCTION:
+OSSL_HTTP_REQ_CTX_add1_header 2470 3_0_0 EXIST::FUNCTION:HTTP
NETSCAPE_SPKAC_it 2471 3_0_0 EXIST::FUNCTION:
ASIdOrRang