From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 17 Oct 2025 08:12:27 +0000 (+0200)
Subject: libssl: It is now likely that the OCSP leak will be fixed in OpenSSL 3.6.1
X-Git-Tag: rec-5.4.0-alpha1~149^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2342ad6efa8065039c85c7ee0f373c3f61d0f1ce;p=thirdparty%2Fpdns.git

libssl: It is now likely that the OCSP leak will be fixed in OpenSSL 3.6.1

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
---

diff --git a/pdns/libssl.cc b/pdns/libssl.cc
index 41967986d3..7a18f2f8ad 100644
--- a/pdns/libssl.cc
+++ b/pdns/libssl.cc
@@ -375,7 +375,7 @@ int libssl_ocsp_stapling_callback(SSL* ssl, const std::map<int, std::string>& oc
   }
 
   const auto ocsp_resp_size = data->second.size();
-#if OPENSSL_VERSION_NUMBER < 0x30600000L
+#if OPENSSL_VERSION_NUMBER != 0x30600000L
   /* we need to allocate a copy because OpenSSL will free the pointer passed to SSL_set_tlsext_status_ocsp_resp() */
   void* ocsp_resp = OPENSSL_malloc(ocsp_resp_size);
   if (ocsp_resp == nullptr) {