diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-10-25 10:44:16 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2018-12-03 13:20:05 +0000 |
commit | a8412dc020e82b45b54b0b6637b8b88b255c413a (patch) | |
tree | d232e68bb1a7d30e11667f7d988e42ae4deee9e8 /src/network/configure.json | |
parent | c1fc47b06aa27e253271d59b6c1f11a6c4ab674a (diff) |
Enable OCSP stapling in QSslSocket
This patch enables OCSP stapling in QSslSocket::SslClientMode (OpenSSL back-end
only). OCSP stapling is described by RFC6066 and based on the original OCSP as
defined by RFC2560. At the moment multiple certificate status protocol is not
supported (not implemented in OpenSSL). SecureTransport does not support OCSP
stapling at the moment.
[ChangeLog][QtNetwork][TLS] Added OCSP-stapling support for OpenSSL backend
Task-number: QTBUG-12812
Task-number: QTBUG-17158
Change-Id: Id2e0f4cc861311d1ece462864e5e30c76184af8c
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/network/configure.json')
-rw-r--r-- | src/network/configure.json | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/network/configure.json b/src/network/configure.json index 327131ba11..368209cd3f 100644 --- a/src/network/configure.json +++ b/src/network/configure.json @@ -15,6 +15,7 @@ "openssl-linked": { "type": "void", "name": "openssl", "value": "linked" }, "openssl-runtime": { "type": "void", "name": "openssl", "value": "runtime" }, "dtls": "boolean", + "ocsp": "boolean", "sctp": "boolean", "securetransport": "boolean", "ssl": "boolean", @@ -163,6 +164,23 @@ ] }, "use": "openssl" + }, + "ocsp": { + "label": "OCSP stapling support in OpenSSL", + "type": "compile", + "test": { + "include": ["openssl/ssl.h", "openssl/ocsp.h"], + "tail": [ + "#if defined(OPENSSL_NO_OCSP) || defined(OPENSSL_NO_TLSEXT)", + "# error OpenSSL without OCSP stapling", + "#endif" + ], + "main": [ + "(void)SSL_get_tlsext_status_ocsp_resp(nullptr, nullptr);", + "(void)d2i_OCSP_RESPONSE(nullptr, nullptr, 0);" + ] + }, + "use": "openssl" } }, @@ -237,6 +255,13 @@ "condition": "features.openssl && tests.dtls", "output": [ "publicFeature" ] }, + "ocsp": { + "label": "OCSP-stapling", + "purpose": "Provides OCSP stapling support", + "section": "Networking", + "condition": "features.opensslv11 && tests.ocsp", + "output": [ "publicFeature" ] + }, "opensslv11": { "label": "OpenSSL 1.1", "condition": "features.openssl && tests.openssl11", @@ -370,6 +395,7 @@ For example: "openssl-linked", "opensslv11", "dtls", + "ocsp", "sctp", "system-proxies" ] |