Skip to content

Commit 55282fa

Browse files
michaelpqmichaelpq
committed
Remove code relevant to OpenSSL 0.9.6 in be/fe-secure-openssl.c
HEAD supports OpenSSL 0.9.8 and newer versions, and this code likely got forgotten as its surrounding comments mention an incorrect version number. Author: Michael Paquier Reviewed-by: Peter Eisentraut Discussion: https://postgr.es/m/20190927032311.GB8485@paquier.xyz
1 parent 5ee96b3 commit 55282fa

File tree

2 files changed

+0
-21
lines changed

2 files changed

+0
-21
lines changed

src/backend/libpq/be-secure-openssl.c

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -269,17 +269,8 @@ be_tls_init(bool isServerStart)
269269
/* Set the flags to check against the complete CRL chain */
270270
if (X509_STORE_load_locations(cvstore, ssl_crl_file, NULL) == 1)
271271
{
272-
/* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
273-
#ifdef X509_V_FLAG_CRL_CHECK
274272
X509_STORE_set_flags(cvstore,
275273
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
276-
#else
277-
ereport(LOG,
278-
(errcode(ERRCODE_CONFIG_FILE_ERROR),
279-
errmsg("SSL certificate revocation list file \"%s\" ignored",
280-
ssl_crl_file),
281-
errdetail("SSL library does not support certificate revocation lists.")));
282-
#endif
283274
}
284275
else
285276
{

src/interfaces/libpq/fe-secure-openssl.c

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -869,20 +869,8 @@ initialize_SSL(PGconn *conn)
869869
if (fnbuf[0] != '\0' &&
870870
X509_STORE_load_locations(cvstore, fnbuf, NULL) == 1)
871871
{
872-
/* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
873-
#ifdef X509_V_FLAG_CRL_CHECK
874872
X509_STORE_set_flags(cvstore,
875873
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
876-
#else
877-
char *err = SSLerrmessage(ERR_get_error());
878-
879-
printfPQExpBuffer(&conn->errorMessage,
880-
libpq_gettext("SSL library does not support CRL certificates (file \"%s\")\n"),
881-
fnbuf);
882-
SSLerrfree(err);
883-
SSL_CTX_free(SSL_context);
884-
return -1;
885-
#endif
886874
}
887875
/* if not found, silently ignore; we do not require CRL */
888876
ERR_clear_error();

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy