diff options
Diffstat (limited to 'src/include/ipxe/ocsp.h')
-rw-r--r-- | src/include/ipxe/ocsp.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/include/ipxe/ocsp.h b/src/include/ipxe/ocsp.h index 9a6b3fe6..be0bddc5 100644 --- a/src/include/ipxe/ocsp.h +++ b/src/include/ipxe/ocsp.h @@ -14,6 +14,14 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/asn1.h> #include <ipxe/x509.h> #include <ipxe/refcnt.h> +#include <config/crypto.h> + +/* Allow OCSP to be disabled completely */ +#ifdef OCSP_CHECK +#define OCSP_ENABLED 1 +#else +#define OCSP_ENABLED 0 +#endif /** OCSP algorithm identifier */ #define OCSP_ALGORITHM_IDENTIFIER( ... ) \ @@ -119,6 +127,10 @@ ocsp_put ( struct ocsp_check *ocsp ) { */ static inline int ocsp_required ( struct x509_certificate *cert ) { + /* An OCSP check is never required if OCSP checks are disabled */ + if ( ! OCSP_ENABLED ) + return 0; + /* An OCSP check is required if an OCSP URI exists but the * OCSP status is not (yet) good. */ |