Remove support for BSD version of PolarSSL

"The BSD version of PolarSSL was made for migratory purposes only and is not
maintained. The GPL version of PolarSSL is actually the only actively
developed version, so I would be very reluctant to use the BSD version." /
Paul Bakker, PolarSSL hacker.

Signed-off-by: Hoi-Ho Chan <hoiho.chan@gmail.com>

diff --git a/configure.ac b/configure.ac
index f937495a3de2f20d7e65ebd076d80062aa4446ed..bad358610e0ade5c1f5813411875e71879ba1a75 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1785,10 +1785,6 @@ if test "$OPENSSL_ENABLED" != "1"; then
         AC_MSG_NOTICE([Added $polarssllib to LD_LIBRARY_PATH])
       fi
 
-      AC_CHECK_LIB(polarssl, x509parse_crl,
-                   [AC_DEFINE(HAVE_POLARSSL_GPL, 1, [if GPL version of PolarSSL is detected])
-                    AC_SUBST(HAVE_POLARSSL_GPL, [1])
-                   ])
     fi
 
   fi dnl PolarSSL not disabled

diff --git a/lib/polarssl.c b/lib/polarssl.c
index 285b3ae04712df434247f22d4d9a8df96002970b..e81e660912562985523bb6182256e9314bdc962e 100644 (file)
--- a/lib/polarssl.c
+++ b/lib/polarssl.c
@@ -97,9 +97,7 @@ Curl_polarssl_connect(struct connectdata *conn,
 #endif
   void *old_session = NULL;
   size_t old_session_size = 0;
-#if defined(HAVE_POLARSSL_GPL)
   char buffer[1024];
-#endif
 
   if(conn->ssl[sockindex].state == ssl_connection_complete)
     return CURLE_OK;
@@ -134,11 +132,6 @@ Curl_polarssl_connect(struct connectdata *conn,
   memset(&conn->ssl[sockindex].clicert, 0, sizeof(x509_cert));
 
   if(data->set.str[STRING_CERT]) {
-#if !defined(HAVE_POLARSSL_GPL)
-    /* FIXME: PolarSSL has a bug where we need to import it twice */
-    ret = x509parse_crtfile(&conn->ssl[sockindex].clicert,
-                            data->set.str[STRING_CERT]);
-#endif
     ret = x509parse_crtfile(&conn->ssl[sockindex].clicert,
                             data->set.str[STRING_CERT]);
 
@@ -162,7 +155,6 @@ Curl_polarssl_connect(struct connectdata *conn,
     }
   }
 
-#if defined(HAVE_POLARSSL_GPL)
   /* Load the CRL */
   memset(&conn->ssl[sockindex].crl, 0, sizeof(x509_crl));
 
@@ -177,7 +169,6 @@ Curl_polarssl_connect(struct connectdata *conn,
     }
   }
 
-#endif
   infof(data, "PolarSSL: Connected to %s:%d\n",
         conn->host.name, conn->remote_port);
 
@@ -208,13 +199,9 @@ Curl_polarssl_connect(struct connectdata *conn,
                   &conn->ssl[sockindex].ssn);
 
   ssl_set_ca_chain(&conn->ssl[sockindex].ssl,
-#if defined(HAVE_POLARSSL_GPL)
                    &conn->ssl[sockindex].cacert,
                    &conn->ssl[sockindex].crl,
                    conn->host.name);
-#else
-                   &conn->ssl[sockindex].cacert, conn->host.name);
-#endif
 
   ssl_set_own_cert(&conn->ssl[sockindex].ssl,
                    &conn->ssl[sockindex].clicert, &conn->ssl[sockindex].rsa);
@@ -288,16 +275,10 @@ Curl_polarssl_connect(struct connectdata *conn,
 
   if(conn->ssl[sockindex].ssl.peer_cert) {
     /* If the session was resumed, there will be no peer certs */
-#if !defined(HAVE_POLARSSL_GPL)
-    char *buffer = x509parse_cert_info("* ", conn->ssl[sockindex].ssl.peer_cert);
-
-    if(buffer)
-#else
     memset(buffer, 0, sizeof(buffer));
 
     if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ",
                            conn->ssl[sockindex].ssl.peer_cert) != -1)
-#endif
       infof(data, "Dumping cert info:\n%s\n", buffer);
   }
 
@@ -354,9 +335,7 @@ void Curl_polarssl_close(struct connectdata *conn, int sockindex)
   rsa_free(&conn->ssl[sockindex].rsa);
   x509_free(&conn->ssl[sockindex].clicert);
   x509_free(&conn->ssl[sockindex].cacert);
-#if defined(HAVE_POLARSSL_GPL)
   x509_crl_free(&conn->ssl[sockindex].crl);
-#endif
   ssl_free(&conn->ssl[sockindex].ssl);
 }
 

diff --git a/lib/urldata.h b/lib/urldata.h
index 477e4599e7f019210eb168cd5276dfb5e6edec42..2c1b2fc4a3fd8980eb35d8d80e0654950afeef42 100644 (file)
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -249,9 +249,7 @@ struct ssl_connect_data {
   int server_fd;
   x509_cert cacert;
   x509_cert clicert;
-#if defined(HAVE_POLARSSL_GPL)
   x509_crl crl;
-#endif
   rsa_context rsa;
 #endif /* USE_POLARSSL */
 #ifdef USE_NSS