[ocsp] Allow OCSP checks to be disabled

Some CAs provide non-functional OCSP servers, and some clients are forced to operate on networks without access to the OCSP servers. Allow the user to explicitly disable the use of OCSP checks by undefining OCSP_CHECK in config/crypto.h. Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown <mcb30@ipxe.org> 2018-03-18 22:27:49 +0200
committer: Michael Brown <mcb30@ipxe.org> 2018-03-18 22:30:21 +0200
commit: 9759860ec0c30685b53568b10caa5a91428bc7bf (patch)
tree: 21eeee70897d800f3291ce614658a75e3284aa8b /src/config/crypto.h
parent: a0021a30dd8db832714e327bbbc65d3589f528ab (diff)
download: ipxe-9759860ec0c30685b53568b10caa5a91428bc7bf.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/src/config/crypto.h b/src/config/crypto.h
index 8f885c554..1edcdce45 100644
--- a/src/config/crypto.h
+++ b/src/config/crypto.h
@@ -58,6 +58,14 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
  */
 #define CROSSCERT "http://ca.ipxe.org/auto"
 
+/** Perform OCSP checks when applicable
+ *
+ * Some CAs provide non-functional OCSP servers, and some clients are
+ * forced to operate on networks without access to the OCSP servers.
+ * Allow the user to explicitly disable the use of OCSP checks.
+ */
+#define OCSP_CHECK
+
 #include <config/named.h>
 #include NAMED_CONFIG(crypto.h)
 #include <config/local/crypto.h>
author	Michael Brown <mcb30@ipxe.org>	2018-03-18 22:27:49 +0200
committer	Michael Brown <mcb30@ipxe.org>	2018-03-18 22:30:21 +0200
commit	9759860ec0c30685b53568b10caa5a91428bc7bf (patch)
tree	21eeee70897d800f3291ce614658a75e3284aa8b /src/config/crypto.h
parent	a0021a30dd8db832714e327bbbc65d3589f528ab (diff)
download	ipxe-9759860ec0c30685b53568b10caa5a91428bc7bf.tar.gz