ocsp: enable OPENSSL tlsext status cb for NGINX and HAPROXY

2025-02-17 14:53:49 +00:00
parent a1d1f0ddf1
commit 7db3c34e2b
3 changed files with 8 additions and 10 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -8690,13 +8690,13 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl)
 #ifdef OPENSSL_EXTRA
    XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
 #endif
-#if defined(HAVE_OCSP) && defined(OPENSSL_ALL)
+#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
    if (ssl->ocspResp) {
        XFREE(ssl->ocspResp, NULL, 0);
        ssl->ocspResp = NULL;
        ssl->ocspRespSz = 0;
    }
-#endif /* defined(HAVE_OCSP) && defined(OPENSSL_ALL) */
+#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */
 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
    while (ssl->certReqCtx != NULL) {
        CertReqCtx* curr = ssl->certReqCtx;
@@ -9021,13 +9021,13 @@ void FreeHandshakeResources(WOLFSSL* ssl)
        * !WOLFSSL_POST_HANDSHAKE_AUTH */
 #endif /* HAVE_TLS_EXTENSIONS && !NO_TLS */

-#if defined(HAVE_OCSP) && defined(OPENSSL_ALL)
+#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
    if (ssl->ocspResp != NULL) {
        XFREE(ssl->ocspResp, NULL, 0);
        ssl->ocspResp = NULL;
        ssl->ocspRespSz = 0;
    }
-#endif /* HAVE_OCSP && OPENSSL_ALL */
+#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */

 #ifdef WOLFSSL_STATIC_MEMORY
    /* when done with handshake decrement current handshake count */
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -17355,7 +17355,7 @@ void wolfSSL_ERR_load_SSL_strings(void)
 }
 #endif

-#ifdef HAVE_OCSP
+#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
 long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp)
 {
    if (s == NULL || resp == NULL)
@@ -17377,7 +17377,7 @@ long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp,

    return WOLFSSL_SUCCESS;
 }
-#endif /* HAVE_OCSP */
+#endif /* defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */

 #ifdef HAVE_MAX_FRAGMENT
 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -6133,12 +6133,10 @@ struct WOLFSSL {
        void*       ocspIOCtx;
        byte ocspProducedDate[MAX_DATE_SZ];
        int ocspProducedDateFormat;
-    #ifdef OPENSSL_EXTRA
+    #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
        byte*       ocspResp;
        int         ocspRespSz;
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
-            char*   url;
-        #endif
+        char*   url;
    #endif
 #if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)
            word32 response_idx;