Permalink
Browse files

Fix bug that fetch-ocsp-response does not work with OpenSSL 1.1.0

The syntax of openssl ocsp -header option has been changed in OpenSSL
1.1.0.  And it now does not require -header option anymore.  It looks
like that it is workaround for 1.0.x versions.
  • Loading branch information...
1 parent 77416b0 commit bd3ececdd8439ca1c4d4556ad32a6564ee1135c9 @tatsuhiro-t tatsuhiro-t committed Dec 12, 2016
Showing with 1 addition and 1 deletion.
  1. +1 −1 script/fetch-ocsp-response
@@ -146,7 +146,7 @@ def send_and_receive_ocsp(respder_fn, cmd, cert_fn, issuer_fn, ocsp_uri,
'-noverify', '-respout', respder_fn
]
ver = openssl_version.lower()
- if ver.startswith('openssl 1.') or ver.startswith('libressl '):
+ if ver.startswith('openssl 1.0.') or ver.startswith('libressl '):
args.extend(['-header', 'Host', ocsp_host])
resp = run_openssl(args, allow_tempfail=True)
return resp.decode('utf-8')

0 comments on commit bd3ecec

Please sign in to comment.