From 126e37716fc4c5dc55805b721c38f5ef94c75612 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Mon, 31 May 2021 14:29:34 +1000
Subject: [PATCH] ocsp: remove TODOs

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
---
 crypto/ocsp/ocsp_vfy.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 5e829fa9727..7a4a45d537d 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -51,12 +51,11 @@ static int ocsp_verify_signer(X509 *signer, int response,
             && X509_get_ext_by_NID(signer, NID_id_pkix_OCSP_noCheck, -1) >= 0)
         /*
          * Locally disable revocation status checking for OCSP responder cert.
-         * Done here for CRLs; TODO should be done also for OCSP-based checks.
+         * Done here for CRLs; should be done also for OCSP-based checks.
          */
         X509_VERIFY_PARAM_clear_flags(vp, X509_V_FLAG_CRL_CHECK);
     X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
     X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
-    /* TODO: why is X509_TRUST_OCSP_REQUEST set? Seems to get ignored. */
 
     ret = X509_verify_cert(ctx);
     if (ret <= 0) {
-- 
2.47.3