diff options
author | Todd Lyons <tlyons@exim.org> | 2014-10-29 07:26:17 -0700 |
---|---|---|
committer | Todd Lyons <tlyons@exim.org> | 2014-10-29 07:26:17 -0700 |
commit | 6d68e1c72d8bd58b005e9d1c8df890e4fe5e6536 (patch) | |
tree | 10aed1ffb9d40434f7cb95a81047ccb76293ef17 /test/src | |
parent | e265af1fe6fe0260965aab6fbb18481046cbcf42 (diff) |
Test suite: disable OCSP for old OpenSSL versions
OpenSSL 0.9.8 in CentOS 5.x has early OCSP support, but not stapling
so just completely disable OCSP using the same logic that exists
in tls-openssl.c.
Diffstat (limited to 'test/src')
-rw-r--r-- | test/src/client.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/test/src/client.c b/test/src/client.c index 50897a155..72cebbeb4 100644 --- a/test/src/client.c +++ b/test/src/client.c @@ -58,6 +58,10 @@ static int sigalrm_seen = 0; /* TLS support can be optionally included, either for OpenSSL or GnuTLS. The latter needs a whole pile of tables. */ +#if !defined(EXIM_HAVE_OPENSSL_TLSEXT) && !defined(DISABLE_OCSP) +# warning "OpenSSL library version too old; define DISABLE_OCSP in Makefile" +# define DISABLE_OCSP +#endif #ifdef HAVE_OPENSSL # define HAVE_TLS @@ -67,7 +71,9 @@ latter needs a whole pile of tables. */ # include <openssl/ssl.h> # include <openssl/err.h> # include <openssl/rand.h> -# include <openssl/ocsp.h> +# ifndef DISABLE_OCSP +# include <openssl/ocsp.h> +# endif #endif @@ -188,6 +194,7 @@ setup_verify(BIO *bp, char *CAfile, char *CApath) } +#ifndef DISABLE_OCSP static int tls_client_stapling_cb(SSL *s, void *arg) { @@ -238,6 +245,7 @@ else X509_STORE_free(store); return ret; } +#endif /************************************************* @@ -257,12 +265,14 @@ SSL_set_session_id_context(*ssl, sid_ctx, strlen(sid_ctx)); SSL_set_fd (*ssl, sock); SSL_set_connect_state(*ssl); +#ifndef DISABLE_OCSP if (ocsp_stapling) { SSL_CTX_set_tlsext_status_cb(ctx, tls_client_stapling_cb); SSL_CTX_set_tlsext_status_arg(ctx, BIO_new_fp(stdout, BIO_NOCLOSE)); SSL_set_tlsext_status_type(*ssl, TLSEXT_STATUSTYPE_ocsp); } +#endif signal(SIGALRM, sigalrm_handler_flag); sigalrm_seen = 0; |