ANDROID: extract-cert: omit PKCS#11 support if building against BoringSSL

BoringSSL does not implement the ENGINE API. In Android we do not seem
to rely on the PKCS#11 -> DER extraction. Hence, make this conditional
on the SSL library used.

Bug: 135570712
Signed-off-by: Matthias Maennich <maennich@google.com>
Change-Id: I84af6633dd470083497087c7dd1a2734480e2b0e
This commit is contained in:
Matthias Maennich 2020-11-26 10:08:38 +00:00 committed by Michael Bestas
parent 0c830ba471
commit dfdf3144ad
No known key found for this signature in database
GPG Key ID: CC95044519BE6669

View File

@ -49,6 +49,7 @@ static void display_openssl_errors(int l)
}
}
#ifndef OPENSSL_IS_BORINGSSL
static void drain_openssl_errors(void)
{
const char *file;
@ -58,6 +59,7 @@ static void drain_openssl_errors(void)
return;
while (ERR_get_error_line(&file, &line)) {}
}
#endif
#define ERR(cond, fmt, ...) \
do { \
@ -112,6 +114,10 @@ int main(int argc, char **argv)
fclose(f);
exit(0);
} else if (!strncmp(cert_src, "pkcs11:", 7)) {
#ifdef OPENSSL_IS_BORINGSSL
ERR(1, "BoringSSL does not support extracting from PKCS#11");
exit(1);
#else
ENGINE *e;
struct {
const char *cert_id;
@ -134,6 +140,7 @@ int main(int argc, char **argv)
ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
ERR(!parms.cert, "Get X.509 from PKCS#11");
write_cert(parms.cert);
#endif
} else {
BIO *b;
X509 *x509;