noinst_PROGRAMS = ex-client-resume ex-client-dtls
noinst_PROGRAMS += ex-cert-select ex-client-x509
noinst_PROGRAMS += ex-serv-dtls ex-client-xssl1 ex-client-xssl2
-noinst_PROGRAMS += print-ciphersuites ex-serv-x509
+noinst_PROGRAMS += print-ciphersuites
+if ENABLE_OCSP
+noinst_PROGRAMS += ex-serv-x509
+endif
ex_client_xssl1_LDADD = $(LDADD) ../../lib/libgnutls-xssl.la
ex_client_xssl2_LDADD = $(LDADD) ../../lib/libgnutls-xssl.la
#include <gnutls_state.h>
#include <gnutls_num.h>
+#ifdef ENABLE_OPENPGP
+
/* Maps record size to numbers according to the
* extensions draft.
*/
}
}
+
+#endif
#include <auth/cert.h>
#include <gnutls_handshake.h>
+#ifdef ENABLE_OCSP
+
typedef struct {
gnutls_datum_t *responder_id;
size_t responder_id_size;
return ret;
}
+
+#endif
if (ret != GNUTLS_E_SUCCESS)
return ret;
+#ifdef ENABLE_OCSP
ret = _gnutls_ext_register(&ext_mod_status_request);
if (ret != GNUTLS_E_SUCCESS)
return ret;
+#endif
+#ifdef ENABLE_OPENPGP
ret = _gnutls_ext_register(&ext_mod_cert_type);
if (ret != GNUTLS_E_SUCCESS)
return ret;
+#endif
ret = _gnutls_ext_register(&ext_mod_server_name);
if (ret != GNUTLS_E_SUCCESS)
IMED_RET("recv server certificate", ret, 1);
case STATE6:
+#ifdef ENABLE_OCSP
/* RECV CERTIFICATE STATUS */
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
ret =
(session);
STATE = STATE6;
IMED_RET("recv server certificate", ret, 1);
-
+#endif
case STATE7:
ret = run_verify_callback(session, GNUTLS_CLIENT);
STATE = STATE7;
IMED_RET("send server certificate", ret, 0);
case STATE4:
+#ifdef ENABLE_OCSP
if (session->internals.resumed == RESUME_FALSE)
ret =
_gnutls_send_server_certificate_status(session,
(STATE4));
STATE = STATE4;
IMED_RET("send server certificate status", ret, 0);
-
+#endif
case STATE5:
/* send server key exchange (A) */
if (session->internals.resumed == RESUME_FALSE)
/* Enable useful extensions */
if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) {
gnutls_session_ticket_enable_client(*session);
+#ifdef ENABLE_OCSP
gnutls_ocsp_status_request_enable_client(*session, NULL, 0,
NULL);
+#endif
}
if (flags & GNUTLS_NO_REPLAY_PROTECTION)
}
/* Use the OCSP extension if any */
+#ifdef ENABLE_OCSP
if (verify_flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS)
goto skip_ocsp;
}
}
-#ifdef ENABLE_OCSP
ret =
check_ocsp_response(session, peer_certificate_list[0], issuer,
&resp, &ocsp_status);