Commit 55282fa2 authored by Michael Paquier's avatar Michael Paquier

Remove code relevant to OpenSSL 0.9.6 in be/fe-secure-openssl.c

HEAD supports OpenSSL 0.9.8 and newer versions, and this code likely got
forgotten as its surrounding comments mention an incorrect version
number.

Author: Michael Paquier
Reviewed-by: Peter Eisentraut
Discussion: https://postgr.es/m/20190927032311.GB8485@paquier.xyz
parent 5ee96b3e
...@@ -269,17 +269,8 @@ be_tls_init(bool isServerStart) ...@@ -269,17 +269,8 @@ be_tls_init(bool isServerStart)
/* Set the flags to check against the complete CRL chain */ /* Set the flags to check against the complete CRL chain */
if (X509_STORE_load_locations(cvstore, ssl_crl_file, NULL) == 1) if (X509_STORE_load_locations(cvstore, ssl_crl_file, NULL) == 1)
{ {
/* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
#ifdef X509_V_FLAG_CRL_CHECK
X509_STORE_set_flags(cvstore, X509_STORE_set_flags(cvstore,
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
#else
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("SSL certificate revocation list file \"%s\" ignored",
ssl_crl_file),
errdetail("SSL library does not support certificate revocation lists.")));
#endif
} }
else else
{ {
......
...@@ -869,20 +869,8 @@ initialize_SSL(PGconn *conn) ...@@ -869,20 +869,8 @@ initialize_SSL(PGconn *conn)
if (fnbuf[0] != '\0' && if (fnbuf[0] != '\0' &&
X509_STORE_load_locations(cvstore, fnbuf, NULL) == 1) X509_STORE_load_locations(cvstore, fnbuf, NULL) == 1)
{ {
/* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
#ifdef X509_V_FLAG_CRL_CHECK
X509_STORE_set_flags(cvstore, X509_STORE_set_flags(cvstore,
X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
#else
char *err = SSLerrmessage(ERR_get_error());
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("SSL library does not support CRL certificates (file \"%s\")\n"),
fnbuf);
SSLerrfree(err);
SSL_CTX_free(SSL_context);
return -1;
#endif
} }
/* if not found, silently ignore; we do not require CRL */ /* if not found, silently ignore; we do not require CRL */
ERR_clear_error(); ERR_clear_error();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment