vici: Remove obsolete certificate registration for hash-and-URL

diff --git a/src/libcharon/plugins/vici/vici_authority.c b/src/libcharon/plugins/vici/vici_authority.c
index bac3eb3884527f88c670c854c0f3bc4404ca1b7f..a91ece0903fbca0fad197ccf4c7efa5c6c5af010 100644 (file)
--- a/src/libcharon/plugins/vici/vici_authority.c
+++ b/src/libcharon/plugins/vici/vici_authority.c
@@ -87,11 +87,6 @@ struct authority_t {
         */
        linked_list_t *ocsp_uris;
 
-       /**
-        * Hashes of certificates issued by this CA
-        */
-       linked_list_t *hashes;
-
        /**
         * Base URI used for certificates from this CA
         */
@@ -109,7 +104,6 @@ static authority_t *authority_create(char *name)
                .name = strdup(name),
                .crl_uris = linked_list_create(),
                .ocsp_uris = linked_list_create(),
-               .hashes = linked_list_create(),
        );
 
        return authority;
@@ -122,7 +116,6 @@ static void authority_destroy(authority_t *this)
 {
        this->crl_uris->destroy_function(this->crl_uris, free);
        this->ocsp_uris->destroy_function(this->ocsp_uris, free);
-       this->hashes->destroy_offset(this->hashes, offsetof(identification_t, destroy));
        DESTROY_IF(this->cert);
        free(this->cert_uri_base);
        free(this->name);
@@ -738,48 +731,6 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
                        (void*)create_inner_cdp, data, (void*)cdp_data_destroy);
 }
 
-METHOD(vici_authority_t, check_for_hash_and_url, void,
-       private_vici_authority_t *this, certificate_t* cert)
-{
-       authority_t *authority;
-       enumerator_t *enumerator;
-       hasher_t *hasher;
-
-       hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-       if (hasher == NULL)
-       {
-               DBG1(DBG_CFG, "unable to use hash-and-url: sha1 not supported");
-               return;
-       }
-
-       this->lock->write_lock(this->lock);
-       enumerator = this->authorities->create_enumerator(this->authorities);
-       while (enumerator->enumerate(enumerator, &authority))
-       {
-               if (authority->cert_uri_base &&
-                       cert->issued_by(cert, authority->cert, NULL))
-               {
-                       chunk_t hash, encoded;
-
-                       if (cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
-                       {
-                               if (hasher->allocate_hash(hasher, encoded, &hash))
-                               {
-                                       authority->hashes->insert_last(authority->hashes,
-                                               identification_create_from_encoding(ID_KEY_ID, hash));
-                                       chunk_free(&hash);
-                               }
-                               chunk_free(&encoded);
-                       }
-                       break;
-               }
-       }
-       enumerator->destroy(enumerator);
-       this->lock->unlock(this->lock);
-
-       hasher->destroy(hasher);
-}
-
 METHOD(vici_authority_t, destroy, void,
        private_vici_authority_t *this)
 {
@@ -808,7 +759,6 @@ vici_authority_t *vici_authority_create(vici_dispatcher_t *dispatcher,
                                .create_cdp_enumerator = _create_cdp_enumerator,
                                .cache_cert = (void*)nop,
                        },
-                       .check_for_hash_and_url = _check_for_hash_and_url,
                        .destroy = _destroy,
                },
                .dispatcher = dispatcher,

diff --git a/src/libcharon/plugins/vici/vici_authority.h b/src/libcharon/plugins/vici/vici_authority.h
index dbeabae62035e6ee3e6d058a5e98e36bab4eae05..58f542cdd97e131a793aa35cf679ff2da63e554b 100644 (file)
--- a/src/libcharon/plugins/vici/vici_authority.h
+++ b/src/libcharon/plugins/vici/vici_authority.h
@@ -36,13 +36,6 @@ struct vici_authority_t {
         */
        credential_set_t set;
 
-       /**
-        * Check if a certificate can be made available through hash and URL.
-        *
-        * @param cert          end entity certificate
-        */
-       void (*check_for_hash_and_url)(vici_authority_t *this, certificate_t* cert);
-
        /**
         * Destroy a vici_authority_t.
         */

diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 1ff0754f440393dd054099f7869e5fafd710644a..49ebea44b04a5c56f41de5c0e0fad6b57d4eee04 100644 (file)
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -1417,14 +1417,8 @@ CALLBACK(parse_cert_policy, bool,
  */
 static bool add_cert(auth_data_t *auth, auth_rule_t rule, certificate_t *cert)
 {
-       vici_authority_t *authority;
        vici_cred_t *cred;
 
-       if (rule == AUTH_RULE_SUBJECT_CERT)
-       {
-               authority = auth->request->this->authority;
-               authority->check_for_hash_and_url(authority, cert);
-       }
        cred = auth->request->this->cred;
        cert = cred->add_cert(cred, cert);
        auth->cfg->add(auth->cfg, rule, cert);