projects / users / rhaas / postgres.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5ee96b3)
Remove code relevant to OpenSSL 0.9.6 in be/fe-secure-openssl.c
authorMichael Paquier <[email protected]>
Sat, 28 Sep 2019 06:22:49 +0000 (15:22 +0900)
committerMichael Paquier <[email protected]>
Sat, 28 Sep 2019 06:22:49 +0000 (15:22 +0900)
HEAD supports OpenSSL 0.9.8 and newer versions, and this code likely got
forgotten as its surrounding comments mention an incorrect version
number.

Author: Michael Paquier
Reviewed-by: Peter Eisentraut
Discussion: https://postgr.es/m/20190927032311[email protected]

src/backend/libpq/be-secure-openssl.c patch | blob | blame | history
src/interfaces/libpq/fe-secure-openssl.c patch | blob | blame | history

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index c97c811e63acf28c76796c933dd33f8627822f65..a0ae5c5046c9158ba18ea00b3250c87a3784fc9d 100644 (file)
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -269,17 +269,8 @@ be_tls_init(bool isServerStart)
                        /* Set the flags to check against the complete CRL chain */
                        if (X509_STORE_load_locations(cvstore, ssl_crl_file, NULL) == 1)
                        {
-                               /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
-#ifdef X509_V_FLAG_CRL_CHECK
                                X509_STORE_set_flags(cvstore,
                                                                         X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
-#else
-                               ereport(LOG,
-                                               (errcode(ERRCODE_CONFIG_FILE_ERROR),
-                                                errmsg("SSL certificate revocation list file \"%s\" ignored",
-                                                               ssl_crl_file),
-                                                errdetail("SSL library does not support certificate revocation lists.")));
-#endif
                        }
                        else
                        {
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index c8b8d0703959b5c8da6f04da4b7c9a6ed09dda7d..c8dddfb5fdbca341495adb2ea596bebc95c4b763 100644 (file)
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -869,20 +869,8 @@ initialize_SSL(PGconn *conn)
                        if (fnbuf[0] != '\0' &&
                                X509_STORE_load_locations(cvstore, fnbuf, NULL) == 1)
                        {
-                               /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
-#ifdef X509_V_FLAG_CRL_CHECK
                                X509_STORE_set_flags(cvstore,
                                                                         X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
-#else
-                               char       *err = SSLerrmessage(ERR_get_error());
-
-                               printfPQExpBuffer(&conn->errorMessage,
-                                                                 libpq_gettext("SSL library does not support CRL certificates (file \"%s\")\n"),
-                                                                 fnbuf);
-                               SSLerrfree(err);
-                               SSL_CTX_free(SSL_context);
-                               return -1;
-#endif
                        }
                        /* if not found, silently ignore;  we do not require CRL */
                        ERR_clear_error();
Robert Haas's development tree.