From 051cdab68bc2da44ab661e4668c51fda9c67d380 Mon Sep 17 00:00:00 2001 From: Emeric Brun Date: Tue, 2 Oct 2012 19:25:50 +0200 Subject: [PATCH] BUG/MINOR: build: Fix compilation issue on openssl 0.9.6 due to missing CRL feature. --- src/ssl_sock.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 8b62c0ace..71ae06f92 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -510,7 +510,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy /* set CA names fo client cert request, function returns void */ SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(bind_conf->cafile)); } - +#ifdef X509_V_FLAG_CRL_CHECK if (bind_conf->crlfile) { X509_STORE *store = SSL_CTX_get_cert_store(ctx); @@ -523,6 +523,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); } } +#endif } shared_context_set_cache(ctx); @@ -1128,6 +1129,11 @@ static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bin /* parse the "crlfile" bind keyword */ static int bind_parse_crlfile(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err) { +#ifndef X509_V_FLAG_CRL_CHECK + if (err) + memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]); + return ERR_ALERT | ERR_FATAL; +#else if (!*args[cur_arg + 1]) { if (err) memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]); @@ -1136,6 +1142,7 @@ static int bind_parse_crlfile(char **args, int cur_arg, struct proxy *px, struct conf->crlfile = strdup(args[cur_arg + 1]); return 0; +#endif } /* parse the "ecdhe" bind keyword keywords */