From db70dc2cdac6dec2366138fe1f46bf433ee1c2c8 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Mon, 31 May 2021 14:27:04 +1000
Subject: [PATCH] apps: remove TODOs

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
---
 apps/cmp.c              | 6 ------
 apps/dhparam.c          | 7 +++----
 apps/lib/apps.c         | 3 ---
 apps/lib/cmp_mock_srv.c | 2 --
 apps/lib/http_server.c  | 1 -
 apps/rsa.c              | 2 +-
 apps/x509.c             | 1 -
 7 files changed, 4 insertions(+), 18 deletions(-)

diff --git a/apps/cmp.c b/apps/cmp.c
index 5912090701..03530f2584 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -643,10 +643,6 @@ static X509 *load_cert_pwd(const char *uri, const char *pass, const char *desc)
     return cert;
 }
 
-/*
- * TODO potentially move this and related functions to apps/lib/
- * or even better extend OSSL_STORE with type OSSL_STORE_INFO_CRL
- */
 static X509_REQ *load_csr_autofmt(const char *infile, const char *desc)
 {
     X509_REQ *csr;
@@ -1051,7 +1047,6 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
         }
         X509_free(cert);
     }
-    /* TODO find a cleaner solution not requiring type casts */
     if (!setup_certs(opt_rsp_extracerts,
                      "CMP extra certificates for mock server", srv_ctx,
                      (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_chainOut))
@@ -1318,7 +1313,6 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
         /* enable and parameterize server hostname/IP address check */
         if (!truststore_set_host_etc(trust_store,
                                      opt_tls_host != NULL ? opt_tls_host : host))
-            /* TODO: is the server host name correct for TLS via proxy? */
             goto err;
         SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
     }
diff --git a/apps/dhparam.c b/apps/dhparam.c
index ba3119b2ce..982b2db549 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -273,10 +273,9 @@ int dhparam_main(int argc, char **argv)
                 */
                 keytype = "DHX";
                 /*
-                    * BIO_reset() returns 0 for success for file BIOs only!!!
-                    * This won't work for stdin (and never has done)
-                    * TODO: We should fix this at some point
-                    */
+                 * BIO_reset() returns 0 for success for file BIOs only!!!
+                 * This won't work for stdin (and never has done)
+                 */
                 if (BIO_reset(in) == 0)
                     done = 0;
             }
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 12a17fceed..3d6588ba23 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -885,7 +885,6 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
     const char *input_type;
     OSSL_PARAM itp[2];
     const OSSL_PARAM *params = NULL;
-    /* TODO make use of the engine reference 'eng' when loading pkeys */
 
     if (ppkey != NULL) {
         *ppkey = NULL;
@@ -2258,8 +2257,6 @@ int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const char *md,
         if (!adapt_keyid_ext(cert, ext_ctx, "authorityKeyIdentifier",
                              "keyid, issuer", !self_sign))
             goto end;
-
-        /* TODO any further measures for ensuring default RFC 5280 compliance */
     }
 
     if (mctx != NULL && do_sign_init(mctx, pkey, md, sigopts) > 0)
diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
index 1e6a27210c..1caaa2f0eb 100644
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@@ -204,7 +204,6 @@ static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
     }
     if (ctx->certOut != NULL
             && (*certOut = X509_dup(ctx->certOut)) == NULL)
-        /* TODO better return a cert produced from data in request template */
         goto err;
     if (ctx->chainOut != NULL
             && (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL)
@@ -312,7 +311,6 @@ static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
     if (sk_ASN1_UTF8STRING_num(errorDetails) <= 0) {
         BIO_printf(bio_err, "errorDetails absent\n");
     } else {
-        /* TODO could use sk_ASN1_UTF8STRING2text() if exported */
         BIO_printf(bio_err, "errorDetails: ");
         for (i = 0; i < sk_ASN1_UTF8STRING_num(errorDetails); i++) {
             if (i > 0)
diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c
index 46065d2dd0..1858d04ccb 100644
--- a/apps/lib/http_server.c
+++ b/apps/lib/http_server.c
@@ -405,7 +405,6 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
         log_message(prog, LOG_WARNING,
                     "HTTP request does not begin with %sPOST: %s",
                     accept_get ? "GET or " : "", reqbuf);
-        /* TODO provide better diagnosis in case client tries TLS */
         (void)http_server_send_status(cbio, 400, "Bad Request");
         goto out;
     }
diff --git a/apps/rsa.c b/apps/rsa.c
index 5710893c7a..c4f65cac10 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -25,7 +25,7 @@
 #include <openssl/encoder.h>
 
 /*
- * TODO: This include is to get OSSL_KEYMGMT_SELECT_*, which feels a bit
+ * This include is to get OSSL_KEYMGMT_SELECT_*, which feels a bit
  * much just for those macros...  they might serve better as EVP macros.
  */
 #include <openssl/core_dispatch.h>
diff --git a/apps/x509.c b/apps/x509.c
index 9632d72260..8ec6ba2db5 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -745,7 +745,6 @@ int x509_main(int argc, char **argv)
 
     if (!noout || text || next_serial)
         OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
-    /* TODO: why is this strange object created (and no error checked)? */
 
     if (alias)
         X509_alias_set1(x, (unsigned char *)alias, -1);
-- 
2.39.5