osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: svn commit: r1843478 - /httpd/test/framework/trunk/t/ssl/ocsp.t


Am 14.10.2018 um 22:58 schrieb William A Rowe Jr:
On Sun, Oct 14, 2018 at 3:50 PM Rainer Jung <rainer.jung@xxxxxxxxxxx <mailto:rainer.jung@xxxxxxxxxxx>> wrote:


    And Jim already set "With 1.1.1, both return 1, but so what, we know
    that it has oscp."


That, of course, is nonsense.

OpenSSL is malleable... with numerous no-{feature} choice, we really shouldn't
presume presence of features by OpenSSL version. Otherwise, why wouldn't
we simply use a regex against `openssl version`?

Agreed, looking at the code it seems that starting with 1.1.0 (I only checked 1.1.0i) ocsp can be disabled with no-ocsp.

Regards,

Rainer