serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Zhakov <chemo...@gmail.com>
Subject Re: svn commit: r1774473 - in /serf/branches/ocsp-verification: buckets/ssl_buckets.c serf_bucket_types.h test/test_ssl.c
Date Fri, 16 Dec 2016 05:45:37 GMT
On 16 December 2016 at 01:48, Branko ─îibej <brane@apache.org> wrote:
> On 15.12.2016 18:16, Ivan Zhakov wrote:
>> On 15 December 2016 at 17:31,  <brane@apache.org> wrote:
>>> +/*
>>> + * OCSP bits are here because they depend on OpenSSL and private types
>>> + * defined in this file.
>>> + */
>>> +
>>> +struct serf_ssl_ocsp_request_t {
>>> +#ifndef OPENSSL_NO_OCSP
>>> +    /* OpenSSL's internal representation of the OCSP request. */
>>> +    OCSP_REQUEST *request;
>>> +
>>> +    /* DER-encoded request and size. */
>>> +    const void *der_request;
>>> +    apr_size_t der_request_size;
>>> +
>>> +    /* Exported server and issuer certificates. */
>>> +    const char *encoded_server_cert;
>>> +    const char *encoded_issuer_cert;
>>> +#endif  /* OPENSSL_NO_OCSP */
>>> +};
>> As far I remember C requires that a struct or union has at least one member.
>
> You're absolutely right. I've been meddling in C++ for too long.
>
> FWIW, that file does not compile, even on trunk, when OPENSSL_NO_OCSP is
> defined ... I wonder if we should just remove those conditional blocks?
> After all, it's not as if we want to encourage people to use OpenSSL 0.9.7.
>
As far I remember OpenSSL is very configurable in build time, so
OPENSSL_NO_OSCSP can be set even for OpenSSL 1.0.2 using '--no-ocsp'
option [1]:

[1] https://github.com/openssl/openssl/blob/master/INSTALL


-- 
Ivan Zhakov

Mime
View raw message