Add a `cert-status` feature flag to `curlinfo`, based on the conditions
used in `lib/vtls` sources.
To:
- fix disabling this test when using OpenSSL (or fork) built with
the `no-ocsp` option.
- enable this test for AWS-LC in CI.
Note:
- BoringSSL (and quiche) has OSCP disabled by default.
- MultiSSL dynamic selection continues to confuse this test.
(To fix it, support would need to be detected by querying libcurl
via curl. Probably overkill given that OCSP is on its way out.)
Follow-up to
f2c765028fcf91c4f7bf15eeb0249d525e13ac8f #20149
Closes #20133
#include <stdio.h>
+#if defined(USE_QUICHE) || defined(USE_OPENSSL)
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_OCSP */
+#endif
+
static const char *disabled[] = {
"bindlocal: "
#ifdef CURL_DISABLE_BINDLOCAL
"ON"
#else
"OFF"
+#endif
+ ,
+ "cert-status: "
+#if defined(USE_GNUTLS) || \
+ ((defined(USE_QUICHE) || defined(USE_OPENSSL)) && !defined(OPENSSL_NO_OCSP))
+ "ON"
+#else
+ "OFF"
#endif
};
@pytest.mark.parametrize("proto", Env.http_protos())
def test_17_08_cert_status(self, env: Env, proto, httpd, nghttpx):
- if not env.curl_uses_lib('openssl') and \
- not env.curl_uses_lib('quictls') and \
- not env.curl_uses_lib('libressl') and \
- not env.curl_uses_lib('gnutls'):
+ if not env.curl_can_cert_status():
pytest.skip("TLS library does not support --cert-status")
curl = CurlClient(env=env)
domain = 'localhost'
if p.returncode != 0:
raise RuntimeError(f'{self.curlinfo} failed with exit code: {p.returncode}')
self.curl_is_verbose = 'verbose-strings: ON' in p.stdout
+ self.curl_can_cert_status = 'cert-status: ON' in p.stdout
self.ports = {}
def curl_is_verbose() -> bool:
return Env.CONFIG.curl_is_verbose
+ @staticmethod
+ def curl_can_cert_status() -> bool:
+ return Env.CONFIG.curl_can_cert_status
+
@staticmethod
def curl_can_early_data() -> bool:
if Env.curl_uses_lib('gnutls'):
projects / thirdparty / curl.git / commitdiff
