From: Nikos Mavrogiannopoulos Date: Wed, 5 Mar 2014 13:36:28 +0000 (+0100) Subject: increased code disabled from disable-ocsp and disable-openpgp options X-Git-Tag: gnutls_3_3_0pre0~75 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=70ea3b701bf80847903bbf3d2f010cfbf55410ba;p=thirdparty%2Fgnutls.git increased code disabled from disable-ocsp and disable-openpgp options --- diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am index 26376cf2d2..959a9e52cb 100644 --- a/doc/examples/Makefile.am +++ b/doc/examples/Makefile.am @@ -45,7 +45,10 @@ CXX_LDADD = ../../lib/libgnutlsxx.la \ noinst_PROGRAMS = ex-client-resume ex-client-dtls noinst_PROGRAMS += ex-cert-select ex-client-x509 noinst_PROGRAMS += ex-serv-dtls ex-client-xssl1 ex-client-xssl2 -noinst_PROGRAMS += print-ciphersuites ex-serv-x509 +noinst_PROGRAMS += print-ciphersuites +if ENABLE_OCSP +noinst_PROGRAMS += ex-serv-x509 +endif ex_client_xssl1_LDADD = $(LDADD) ../../lib/libgnutls-xssl.la ex_client_xssl2_LDADD = $(LDADD) ../../lib/libgnutls-xssl.la diff --git a/lib/ext/cert_type.c b/lib/ext/cert_type.c index 698884fc67..f9f5e8ab93 100644 --- a/lib/ext/cert_type.c +++ b/lib/ext/cert_type.c @@ -31,6 +31,8 @@ #include #include +#ifdef ENABLE_OPENPGP + /* Maps record size to numbers according to the * extensions draft. */ @@ -247,3 +249,5 @@ inline static int _gnutls_cert_type2num(int cert_type) } } + +#endif diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index 474b0fae3d..4cbc490462 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -34,6 +34,8 @@ #include #include +#ifdef ENABLE_OCSP + typedef struct { gnutls_datum_t *responder_id; size_t responder_id_size; @@ -628,3 +630,5 @@ int _gnutls_recv_server_certificate_status(gnutls_session_t session) return ret; } + +#endif diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 508e4883be..3d32b6a0ae 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -308,13 +308,17 @@ int _gnutls_ext_init(void) if (ret != GNUTLS_E_SUCCESS) return ret; +#ifdef ENABLE_OCSP ret = _gnutls_ext_register(&ext_mod_status_request); if (ret != GNUTLS_E_SUCCESS) return ret; +#endif +#ifdef ENABLE_OPENPGP ret = _gnutls_ext_register(&ext_mod_cert_type); if (ret != GNUTLS_E_SUCCESS) return ret; +#endif ret = _gnutls_ext_register(&ext_mod_server_name); if (ret != GNUTLS_E_SUCCESS) diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 57fe496bfb..a94406d1c9 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2697,6 +2697,7 @@ static int _gnutls_handshake_client(gnutls_session_t session) IMED_RET("recv server certificate", ret, 1); case STATE6: +#ifdef ENABLE_OCSP /* RECV CERTIFICATE STATUS */ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = @@ -2704,7 +2705,7 @@ static int _gnutls_handshake_client(gnutls_session_t session) (session); STATE = STATE6; IMED_RET("recv server certificate", ret, 1); - +#endif case STATE7: ret = run_verify_callback(session, GNUTLS_CLIENT); STATE = STATE7; @@ -3067,6 +3068,7 @@ static int _gnutls_handshake_server(gnutls_session_t session) IMED_RET("send server certificate", ret, 0); case STATE4: +#ifdef ENABLE_OCSP if (session->internals.resumed == RESUME_FALSE) ret = _gnutls_send_server_certificate_status(session, @@ -3074,7 +3076,7 @@ static int _gnutls_handshake_server(gnutls_session_t session) (STATE4)); STATE = STATE4; IMED_RET("send server certificate status", ret, 0); - +#endif case STATE5: /* send server key exchange (A) */ if (session->internals.resumed == RESUME_FALSE) diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index dab51997c8..1db5a48e8b 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -404,8 +404,10 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) /* Enable useful extensions */ if ((flags & GNUTLS_CLIENT) && !(flags & GNUTLS_NO_EXTENSIONS)) { gnutls_session_ticket_enable_client(*session); +#ifdef ENABLE_OCSP gnutls_ocsp_status_request_enable_client(*session, NULL, 0, NULL); +#endif } if (flags & GNUTLS_NO_REPLAY_PROTECTION) diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index b6726a37a6..05ec2a5952 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -254,6 +254,7 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session, } /* Use the OCSP extension if any */ +#ifdef ENABLE_OCSP if (verify_flags & GNUTLS_VERIFY_DISABLE_CRL_CHECKS) goto skip_ocsp; @@ -273,7 +274,6 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session, } } -#ifdef ENABLE_OCSP ret = check_ocsp_response(session, peer_certificate_list[0], issuer, &resp, &ocsp_status);