|
@@ -14,6 +14,14 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
|
14
|
14
|
#include <ipxe/asn1.h>
|
15
|
15
|
#include <ipxe/x509.h>
|
16
|
16
|
#include <ipxe/refcnt.h>
|
|
17
|
+#include <config/crypto.h>
|
|
18
|
+
|
|
19
|
+/* Allow OCSP to be disabled completely */
|
|
20
|
+#ifdef OCSP_CHECK
|
|
21
|
+#define OCSP_ENABLED 1
|
|
22
|
+#else
|
|
23
|
+#define OCSP_ENABLED 0
|
|
24
|
+#endif
|
17
|
25
|
|
18
|
26
|
/** OCSP algorithm identifier */
|
19
|
27
|
#define OCSP_ALGORITHM_IDENTIFIER( ... ) \
|
|
@@ -119,6 +127,10 @@ ocsp_put ( struct ocsp_check *ocsp ) {
|
119
|
127
|
*/
|
120
|
128
|
static inline int ocsp_required ( struct x509_certificate *cert ) {
|
121
|
129
|
|
|
130
|
+ /* An OCSP check is never required if OCSP checks are disabled */
|
|
131
|
+ if ( ! OCSP_ENABLED )
|
|
132
|
+ return 0;
|
|
133
|
+
|
122
|
134
|
/* An OCSP check is required if an OCSP URI exists but the
|
123
|
135
|
* OCSP status is not (yet) good.
|
124
|
136
|
*/
|