From 9759860ec0c30685b53568b10caa5a91428bc7bf Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Sun, 18 Mar 2018 22:27:49 +0200
Subject: [ocsp] Allow OCSP checks to be disabled

Some CAs provide non-functional OCSP servers, and some clients are
forced to operate on networks without access to the OCSP servers.
Allow the user to explicitly disable the use of OCSP checks by
undefining OCSP_CHECK in config/crypto.h.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/config/crypto.h | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/config')

diff --git a/src/config/crypto.h b/src/config/crypto.h
index 8f885c55..1edcdce4 100644
--- a/src/config/crypto.h
+++ b/src/config/crypto.h
@@ -58,6 +58,14 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
  */
 #define CROSSCERT "http://ca.ipxe.org/auto"
 
+/** Perform OCSP checks when applicable
+ *
+ * Some CAs provide non-functional OCSP servers, and some clients are
+ * forced to operate on networks without access to the OCSP servers.
+ * Allow the user to explicitly disable the use of OCSP checks.
+ */
+#define OCSP_CHECK
+
 #include <config/named.h>
 #include NAMED_CONFIG(crypto.h)
 #include <config/local/crypto.h>
-- 
cgit v1.2.3-55-g7522