From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 23 Jan 2012 20:10:01 +0000 (+0100)
Subject: OCSP_REQ_CTX is only in newer versions of OpenSSL
X-Git-Tag: release_3_0_0_beta0~389
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d62df4179b67edcde1ac5992d75354ef5f35a59b;p=thirdparty%2Ffreeradius-server.git

OCSP_REQ_CTX is only in newer versions of OpenSSL
---

diff --git a/src/main/tls.c b/src/main/tls.c
index 9fc2c3d4262..c0ab5e26783 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1073,10 +1073,12 @@ static int ocsp_check(X509_STORE *store, X509 *issuer_cert, X509 *client_cert,
 	int status ;
 	ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
 	int reason;
+#if OPENSSL_VERSION_NUMBER >= 0x1000003f
 	OCSP_REQ_CTX *ctx;
 	int rc;
 	struct timeval now;
 	struct timeval when;
+#endif
 
 	/*
 	 * Create OCSP Request
@@ -1108,7 +1110,17 @@ static int ocsp_check(X509_STORE *store, X509 *issuer_cert, X509 *client_cert,
 	bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
 
 	BIO_set_conn_port(cbio, port);
-
+#if OPENSSL_VERSION_NUMBER < 0x1000003f
+	BIO_do_connect(cbio);
+ 
+	/* Send OCSP request and wait for response */
+	resp = OCSP_sendreq_bio(cbio, path, req);
+	if (!resp) {
+		radlog(L_ERR, "Error: Couldn't get OCSP response");
+		ocsp_ok = 2;
+		goto ocsp_end;
+	}
+#else
 	if (conf->ocsp_timeout)
 		BIO_set_nbio(cbio, 1);
 
@@ -1151,6 +1163,7 @@ static int ocsp_check(X509_STORE *store, X509 *issuer_cert, X509 *client_cert,
 		ocsp_ok = 2;
 		goto ocsp_end;
 	}
+#endif
 
 	/* Verify OCSP response status */
 	status = OCSP_response_status(resp);