Fix bug that fetch-ocsp-response does not work with OpenSSL 1.1.0

The syntax of openssl ocsp -header option has been changed in OpenSSL
1.1.0.  And it now does not require -header option anymore.  It looks
like that it is workaround for 1.0.x versions.
This commit is contained in:
Tatsuhiro Tsujikawa 2016-12-12 21:22:48 +09:00
parent 77416b0ac2
commit bd3ececdd8

View File

@ -146,7 +146,7 @@ def send_and_receive_ocsp(respder_fn, cmd, cert_fn, issuer_fn, ocsp_uri,
'-noverify', '-respout', respder_fn '-noverify', '-respout', respder_fn
] ]
ver = openssl_version.lower() ver = openssl_version.lower()
if ver.startswith('openssl 1.') or ver.startswith('libressl '): if ver.startswith('openssl 1.0.') or ver.startswith('libressl '):
args.extend(['-header', 'Host', ocsp_host]) args.extend(['-header', 'Host', ocsp_host])
resp = run_openssl(args, allow_tempfail=True) resp = run_openssl(args, allow_tempfail=True)
return resp.decode('utf-8') return resp.decode('utf-8')