Prevent inexistence of openssl ssl_verify_cert_chain from breaking the build

Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>

diff --git a/m4/sxe-crypto.m4 b/m4/sxe-crypto.m4
index ac95002..69c89c9 100644 (file)
--- a/m4/sxe-crypto.m4
+++ b/m4/sxe-crypto.m4
@@ -217,6 +217,9 @@ AC_DEFUN([SXE_CHECK_OPENSSL_FUNCS], [dnl
        if test x"$ac_SSLv23_server_method" = xyes; then
                AC_DEFINE([HAVE_SSLV23_SERVER_METHOD], 1, [SSLv23 server methods available])
        fi
+       if test x"$ac_ssl_verify_cert_chain" = xyes; then
+               AC_DEFINE([HAVE_SSL_VERIFY_CERT_CHAIN], 1, [ssl_verify_cert_chain available])
+       fi
        SXE_RESTORE_LIBS
 ])dnl SXE_CHECK_OPENSSL_FUNCS
 

diff --git a/src/openssl.c b/src/openssl.c
index 29d61a6..5ad630b 100644 (file)
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -3990,7 +3990,11 @@ layout, or may also be an evp-pkey object.
 
        if (fun && fun(ssl_conn, ca) &&
            (conn = XSSLCONN(ssl_conn)->ssl_conn)) {
+#if HAVE_SSL_VERIFY_CERT_CHAIN
                ssl_verify_cert_chain(conn, SSL_get_peer_cert_chain(conn));
+#else
+               error("SSL certificate chain verification not supported");
+#endif
                UNGCPRO;
                return Qt;
        }