openssl: Disable OCSP in old versions of OpenSSL

Versions of OpenSSL prior to v0.9.8h do not support the necessary functions for OCSP stapling.
curl · Feb 9, 2015 · d771b44 · d771b44
1 parent 7eebf9a
commit d771b44
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
@@ -1323,7 +1323,8 @@ static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
   return result;
 }
 
-#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+    !defined(HAVE_BORINGSSL)
 static CURLcode verifystatus(struct connectdata *conn,
                              struct ssl_connect_data *connssl)
 {
@@ -2060,7 +2061,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
     return CURLE_OUT_OF_MEMORY;
   }
 
-#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+    !defined(HAVE_BORINGSSL)
   if(data->set.ssl.verifystatus)
     SSL_set_tlsext_status_type(connssl->handle, TLSEXT_STATUSTYPE_ocsp);
 #endif
@@ -2748,7 +2750,8 @@ static CURLcode servercert(struct connectdata *conn,
       infof(data, "\t SSL certificate verify ok.\n");
   }
 
-#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+    !defined(HAVE_BORINGSSL)
   if(data->set.ssl.verifystatus) {
     result = verifystatus(conn, connssl);
     if(result) {
@@ -3202,7 +3205,8 @@ void Curl_ossl_md5sum(unsigned char *tmp, /* input */
 
 bool Curl_ossl_cert_status_request(void)
 {
-#if !defined(HAVE_BORINGSSL) && !defined(OPENSSL_NO_TLSEXT)
+#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \
+    !defined(HAVE_BORINGSSL)
   return TRUE;
 #else
   return FALSE;