Enable OCSP stapling in QSslSocket

This patch enables OCSP stapling in QSslSocket::SslClientMode (OpenSSL back-end only). OCSP stapling is described by RFC6066 and based on the original OCSP as defined by RFC2560. At the moment multiple certificate status protocol is not supported (not implemented in OpenSSL). SecureTransport does not support OCSP stapling at the moment. [ChangeLog][QtNetwork][TLS] Added OCSP-stapling support for OpenSSL backend Task-number: QTBUG-12812 Task-number: QTBUG-17158 Change-Id: Id2e0f4cc861311d1ece462864e5e30c76184af8c Reviewed-by: Edward Welbourne <edward.welbourne@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2018-10-25 10:44:16 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2018-12-03 13:20:05 +0000
commit: a8412dc020e82b45b54b0b6637b8b88b255c413a (patch)
tree: d232e68bb1a7d30e11667f7d988e42ae4deee9e8 /src/network/configure.json
parent: c1fc47b06aa27e253271d59b6c1f11a6c4ab674a (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/src/network/configure.json b/src/network/configure.json
index 327131ba11..368209cd3f 100644
--- a/src/network/configure.json
+++ b/src/network/configure.json
@@ -15,6 +15,7 @@
             "openssl-linked": { "type": "void", "name": "openssl", "value": "linked" },
             "openssl-runtime": { "type": "void", "name": "openssl", "value": "runtime" },
             "dtls": "boolean",
+            "ocsp": "boolean",
             "sctp": "boolean",
             "securetransport": "boolean",
             "ssl": "boolean",
@@ -163,6 +164,23 @@
                 ]
             },
             "use": "openssl"
+        },
+        "ocsp": {
+            "label": "OCSP stapling support in OpenSSL",
+            "type": "compile",
+            "test": {
+                "include": ["openssl/ssl.h", "openssl/ocsp.h"],
+                "tail": [
+                    "#if defined(OPENSSL_NO_OCSP) || defined(OPENSSL_NO_TLSEXT)",
+                    "#  error OpenSSL without OCSP stapling",
+                    "#endif"
+                ],
+                "main": [
+                    "(void)SSL_get_tlsext_status_ocsp_resp(nullptr, nullptr);",
+                    "(void)d2i_OCSP_RESPONSE(nullptr, nullptr, 0);"
+                ]
+            },
+            "use": "openssl"
         }
     },
 
@@ -237,6 +255,13 @@
             "condition": "features.openssl && tests.dtls",
             "output": [ "publicFeature" ]
         },
+        "ocsp": {
+            "label": "OCSP-stapling",
+            "purpose": "Provides OCSP stapling support",
+            "section": "Networking",
+            "condition": "features.opensslv11 && tests.ocsp",
+            "output": [ "publicFeature" ]
+        },
         "opensslv11": {
             "label": "OpenSSL 1.1",
             "condition": "features.openssl && tests.openssl11",
@@ -370,6 +395,7 @@ For example:
                 "openssl-linked",
                 "opensslv11",
                 "dtls",
+                "ocsp",
                 "sctp",
                 "system-proxies"
             ]
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2018-10-25 10:44:16 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2018-12-03 13:20:05 +0000
commit	a8412dc020e82b45b54b0b6637b8b88b255c413a (patch)
tree	d232e68bb1a7d30e11667f7d988e42ae4deee9e8 /src/network/configure.json
parent	c1fc47b06aa27e253271d59b6c1f11a6c4ab674a (diff)