diff options
| author | Michael Paquier <michael@paquier.xyz> | 2019-09-28 15:22:49 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2019-09-28 15:22:49 +0900 |
| commit | 55282fa20f46c193bd4a89ad5bcd048048a8734d (patch) | |
| tree | 08db588dc0fffaf7991e41b08fd24e2759d6e192 /src | |
| parent | 5ee96b3e2221d154ffcb719bd2dee1179c53f821 (diff) | |
| download | postgresql-55282fa20f46c193bd4a89ad5bcd048048a8734d.tar.gz postgresql-55282fa20f46c193bd4a89ad5bcd048048a8734d.zip | |
Remove code relevant to OpenSSL 0.9.6 in be/fe-secure-openssl.c
HEAD supports OpenSSL 0.9.8 and newer versions, and this code likely got
forgotten as its surrounding comments mention an incorrect version
number.
Author: Michael Paquier
Reviewed-by: Peter Eisentraut
Discussion: https://postgr.es/m/20190927032311.GB8485@paquier.xyz
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/be-secure-openssl.c | 9 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 12 |
2 files changed, 0 insertions, 21 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index c97c811e63a..a0ae5c5046c 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -269,17 +269,8 @@ be_tls_init(bool isServerStart) /* Set the flags to check against the complete CRL chain */ if (X509_STORE_load_locations(cvstore, ssl_crl_file, NULL) == 1) { - /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */ -#ifdef X509_V_FLAG_CRL_CHECK X509_STORE_set_flags(cvstore, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); -#else - ereport(LOG, - (errcode(ERRCODE_CONFIG_FILE_ERROR), - errmsg("SSL certificate revocation list file \"%s\" ignored", - ssl_crl_file), - errdetail("SSL library does not support certificate revocation lists."))); -#endif } else { diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index c8b8d070395..c8dddfb5fdb 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -869,20 +869,8 @@ initialize_SSL(PGconn *conn) if (fnbuf[0] != '\0' && X509_STORE_load_locations(cvstore, fnbuf, NULL) == 1) { - /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */ -#ifdef X509_V_FLAG_CRL_CHECK X509_STORE_set_flags(cvstore, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); -#else - char *err = SSLerrmessage(ERR_get_error()); - - printfPQExpBuffer(&conn->errorMessage, - libpq_gettext("SSL library does not support CRL certificates (file \"%s\")\n"), - fnbuf); - SSLerrfree(err); - SSL_CTX_free(SSL_context); - return -1; -#endif } /* if not found, silently ignore; we do not require CRL */ ERR_clear_error(); |