BUILD: ssl: disable OCSP when using boringssl

Google's boringssl doesn't currently support OCSP, so
disable it if detected.

OCSP support may be reintroduced as per:
https://code.google.com/p/chromium/issues/detail?id=398677

In that case we can simply revert this commit.

Signed-off-by: Lukas Tribus <luky-37@hotmail.com>

diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index 3e111cd6849065d7d61bbe744cf58e985ac9b3d1..6362953ef9e1d008ddd16f36294291d3280da125 100644 (file)
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@@ -54,7 +54,7 @@ char *ssl_sock_get_version(struct connection *conn);
 int ssl_sock_get_cert_used(struct connection *conn);
 int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *out);
 unsigned int ssl_sock_get_verify_result(struct connection *conn);
-#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
+#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_IS_BORINGSSL)
 int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err);
 #endif
 

diff --git a/src/dumpstats.c b/src/dumpstats.c
index 5365042c18211de9a8ffe9b07820a15a26903e72..3855e09b4f3170707ce351121bf34c412a1ece5e 100644 (file)
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@@ -1794,7 +1794,7 @@ static int stats_sock_parse_request(struct stream_interface *si, char *line)
 #ifdef USE_OPENSSL
                else if (strcmp(args[1], "ssl") == 0) {
                        if (strcmp(args[2], "ocsp-response") == 0) {
-#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
+#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_IS_BORINGSSL)
                                char *err = NULL;
 
                                /* Expect one parameter: the new response in base64 encoding */

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index cf8adc7f7efe4b204e3f60459fa4b439c3b5e07c..e53e3bdb92d6ee1dafc6c003e6b6d6ea487b80eb 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -44,7 +44,7 @@
 #include <openssl/x509.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
+#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_IS_BORINGSSL)
 #include <openssl/ocsp.h>
 #endif
 
@@ -112,7 +112,7 @@ static DH *local_dh_4096 = NULL;
 static DH *local_dh_8192 = NULL;
 #endif /* OPENSSL_NO_DH */
 
-#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
+#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_IS_BORINGSSL)
 struct certificate_ocsp {
        struct ebmb_node key;
        unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
@@ -1282,7 +1282,7 @@ static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf
        }
 #endif
 
-#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
+#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_IS_BORINGSSL)
        ret = ssl_sock_load_ocsp(ctx, path);
        if (ret < 0) {
                if (err)