]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
increased code disabled from disable-ocsp and disable-openpgp options
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 5 Mar 2014 13:36:28 +0000 (14:36 +0100)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 5 Mar 2014 13:38:24 +0000 (14:38 +0100)
doc/examples/Makefile.am
lib/ext/cert_type.c
lib/ext/status_request.c
lib/gnutls_extensions.c
lib/gnutls_handshake.c
lib/gnutls_state.c
lib/gnutls_x509.c

index 26376cf2d2188f9f1e378c5138771dded892ece1..959a9e52cb9859f0356361ee41b83146411f8af0 100644 (file)
@@ -45,7 +45,10 @@ CXX_LDADD = ../../lib/libgnutlsxx.la \
 noinst_PROGRAMS = ex-client-resume ex-client-dtls
 noinst_PROGRAMS += ex-cert-select ex-client-x509
 noinst_PROGRAMS += ex-serv-dtls ex-client-xssl1 ex-client-xssl2
-noinst_PROGRAMS += print-ciphersuites ex-serv-x509
+noinst_PROGRAMS += print-ciphersuites
+if ENABLE_OCSP
+noinst_PROGRAMS += ex-serv-x509
+endif
 
 ex_client_xssl1_LDADD = $(LDADD) ../../lib/libgnutls-xssl.la
 ex_client_xssl2_LDADD = $(LDADD) ../../lib/libgnutls-xssl.la
index 698884fc6757a8f8c002a1fd5648121f7b6dccdf..f9f5e8ab934de30e8f73c1305c5e29cd58f2fdd8 100644 (file)
@@ -31,6 +31,8 @@
 #include <gnutls_state.h>
 #include <gnutls_num.h>
 
+#ifdef ENABLE_OPENPGP
+
 /* Maps record size to numbers according to the
  * extensions draft.
  */
@@ -247,3 +249,5 @@ inline static int _gnutls_cert_type2num(int cert_type)
        }
 
 }
+
+#endif
index 474b0fae3deaccddb9613271f2b2a57a5b162fb0..4cbc490462a1310a8803d64d8705574e6c1d467b 100644 (file)
@@ -34,6 +34,8 @@
 #include <auth/cert.h>
 #include <gnutls_handshake.h>
 
+#ifdef ENABLE_OCSP
+
 typedef struct {
        gnutls_datum_t *responder_id;
        size_t responder_id_size;
@@ -628,3 +630,5 @@ int _gnutls_recv_server_certificate_status(gnutls_session_t session)
 
        return ret;
 }
+
+#endif
index 508e4883be204cbcb982e8bf4431bacef5683543..3d32b6a0ae688cbd3c0e9ef5ec35fc7b31b9f9f9 100644 (file)
@@ -308,13 +308,17 @@ int _gnutls_ext_init(void)
        if (ret != GNUTLS_E_SUCCESS)
                return ret;
 
+#ifdef ENABLE_OCSP
        ret = _gnutls_ext_register(&ext_mod_status_request);
        if (ret != GNUTLS_E_SUCCESS)
                return ret;
+#endif
 
+#ifdef ENABLE_OPENPGP
        ret = _gnutls_ext_register(&ext_mod_cert_type);
        if (ret != GNUTLS_E_SUCCESS)
                return ret;
+#endif
 
        ret = _gnutls_ext_register(&ext_mod_server_name);
        if (ret != GNUTLS_E_SUCCESS)
index 57fe496bfb1c8122fb55b032e00427c1e9124422..a94406d1c99588c6358846f59e924ba13a126e25 100644 (file)
@@ -2697,6 +2697,7 @@ static int _gnutls_handshake_client(gnutls_session_t session)
                IMED_RET("recv server certificate", ret, 1);
 
        case STATE6:
+#ifdef ENABLE_OCSP
                /* RECV CERTIFICATE STATUS */
                if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
                        ret =
@@ -2704,7 +2705,7 @@ static int _gnutls_handshake_client(gnutls_session_t session)
                            (session);
                STATE = STATE6;
                IMED_RET("recv server certificate", ret, 1);
-
+#endif
        case STATE7:
                ret = run_verify_callback(session, GNUTLS_CLIENT);
                STATE = STATE7;
@@ -3067,6 +3068,7 @@ static int _gnutls_handshake_server(gnutls_session_t session)
                IMED_RET("send server certificate", ret, 0);
 
        case STATE4:
+#ifdef ENABLE_OCSP
                if (session->internals.resumed == RESUME_FALSE)
                        ret =
                            _gnutls_send_server_certificate_status(session,
@@ -3074,7 +3076,7 @@ static int _gnutls_handshake_server(gnutls_session_t session)
                                                                   (STATE4));
                STATE = STATE4;
                IMED_RET("send server certificate status", ret, 0);
-
+#endif
        case STATE5:
                /* send server key exchange (A) */
                if (session->internals.resumed == RESUME_FALSE)
index dab51997c8c3b267479a52b2762df691d17bd9bb..1db5a48e8b1c7b47ff25f5b4c92bb663c0069bf9 100644 (file)
@@ -404,8 +404,10 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags)
        /* Enable useful extensions */
        if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) {
                gnutls_session_ticket_enable_client(*session);
+#ifdef ENABLE_OCSP
                gnutls_ocsp_status_request_enable_client(*session, NULL, 0,
                                                         NULL);
+#endif
        }
 
        if (flags & GNUTLS_NO_REPLAY_PROTECTION)
index b6726a37a62cf2d31dff90aba3a5d1a50abda4ef..05ec2a5952a1422fb89b5bca36787a55d5b06ea9 100644 (file)
@@ -254,6 +254,7 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session,
        }
 
        /* Use the OCSP extension if any */
+#ifdef ENABLE_OCSP
        if (verify_flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS)
                goto skip_ocsp;
 
@@ -273,7 +274,6 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session,
                }
        }
 
-#ifdef ENABLE_OCSP
        ret =
            check_ocsp_response(session, peer_certificate_list[0], issuer,
                                &resp, &ocsp_status);