From: Emmanuel Hocdet <manu@gandi.net>
Date: Fri, 25 Oct 2019 10:19:00 +0000 (+0200)
Subject: MINOR: ssl: BoringSSL ocsp_response does not need issuer
X-Git-Tag: v2.1-dev4~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eaad5cc2d83ddd2b1c3ea314cb7eba0d54e45b64;p=thirdparty%2Fhaproxy.git

MINOR: ssl: BoringSSL ocsp_response does not need issuer

HAproxy can fail when issuer is not found, it must not with BoringSSL.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 770216d4a0..aaa8652885 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3281,6 +3281,7 @@ static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_c
 		}
 	}
 
+#ifndef OPENSSL_IS_BORINGSSL /* Useless for BoringSSL */
 	if (ckch->ocsp_response) {
 		X509 *issuer;
 		int i;
@@ -3321,6 +3322,7 @@ static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_c
 			}
 		}
 	}
+#endif
 
 	ret = 0;