BUG/MINOR: disable dynamic OCSP load with BoringSSL

it was accidently enabled on BoringSSL while
actually it is not supported

wla: Fix part of the issue mentionned in #895.
It fixes build of boringSSL versions prior to commit
https://boringssl.googlesource.com/boringssl/+/49e9f67d8b7cbeb3953b5548ad1009d15947a523

Must be backported in 2.2.

Signed-off-by: William Lallemand <wlallemand@haproxy.org>

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index cce06cd62f7be91aa127223f815cf46da14ab8b7..69d76b05d10f7632368300a4d186defd7114339e 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1278,7 +1278,7 @@ int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
 
 #endif
 
-#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
+#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
 
 
 /*
@@ -3137,7 +3137,7 @@ static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_an
        }
 #endif
 
-#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
+#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
        /* Load OCSP Info into context */
        if (ckch->ocsp_response) {
                if (ssl_sock_load_ocsp(ctx, ckch, find_chain) < 0) {