lib-ssl-iostream: Remove unused ssl_iostream_settings.ca_file

author Timo Sirainen <timo.sirainen@open-xchange.com>

Thu, 1 Feb 2024 15:03:41 +0000 (17:03 +0200)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Wed, 12 Feb 2025 10:34:11 +0000 (12:34 +0200)
author Timo Sirainen <timo.sirainen@open-xchange.com>
Thu, 1 Feb 2024 15:03:41 +0000 (17:03 +0200)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Wed, 12 Feb 2025 10:34:11 +0000 (12:34 +0200)
diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c

index 47c9f49e8e9f38673393cfc138598e6b128749b7..0384182877fb66fe9dfa93a53e284444367992b6 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -265,28 +265,15 @@ static int load_ca(X509_STORE *store, const char *ca,
  }
  
  static int
-load_ca_locations(struct ssl_iostream_context *ctx, const char *ca_file,
+load_ca_locations(struct ssl_iostream_context *ctx,
                   const char *ca_dir, const char **error_r)
  {
-       if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, ca_file, ca_dir) != 0)
+       if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, NULL, ca_dir) != 0)
                 return 0;
  
-       if (ca_dir == NULL) {
-               *error_r = t_strdup_printf(
-                       "Can't load CA certs from %s "
-                       "(ssl_client_ca_file setting): %s",
-                       ca_file, openssl_iostream_error());
-       } else if (ca_file == NULL) {
-               *error_r = t_strdup_printf(
-                       "Can't load CA certs from directory %s "
-                       "(ssl_client_ca_dir setting): %s",
-                       ca_dir, openssl_iostream_error());
-       } else {
-               *error_r = t_strdup_printf(
-                       "Can't load CA certs from file %s and directory %s "
-                       "(ssl_client_ca_* settings): %s",
-                       ca_file, ca_dir, openssl_iostream_error());
-       }
+       *error_r = t_strdup_printf("Can't load CA certs from directory %s "
+                                  "(ssl_client_ca_dir setting): %s",
+                                  ca_dir, openssl_iostream_error());
         return -1;
  }
  
@@ -512,7 +499,6 @@ ssl_iostream_context_load_ca(struct ssl_iostream_context *ctx,
  {
         X509_STORE *store;
         STACK_OF(X509_NAME) *xnames = NULL;
-       const char *ca_file, *ca_dir;
         bool have_ca = FALSE;
  
         if (set->ca.content != NULL && set->ca.content[0] != '\0') {
@@ -525,12 +511,8 @@ ssl_iostream_context_load_ca(struct ssl_iostream_context *ctx,
                 ssl_iostream_ctx_verify_remote_cert(ctx, set, xnames);
                 have_ca = TRUE;
         }
-       ca_file = set->ca_file == NULL || *set->ca_file == '\0' ?
-               NULL : set->ca_file;
-       ca_dir = set->ca_dir == NULL || *set->ca_dir == '\0' ?
-               NULL : set->ca_dir;
-       if (ca_file != NULL || ca_dir != NULL) {
-               if (load_ca_locations(ctx, ca_file, ca_dir, error_r) < 0)
+       if (set->ca_dir != NULL && *set->ca_dir != '\0') {
+               if (load_ca_locations(ctx, set->ca_dir, error_r) < 0)
                         return -1;
                 have_ca = TRUE;
         }
diff --git a/src/lib-ssl-iostream/iostream-ssl.c b/src/lib-ssl-iostream/iostream-ssl.c

index 3e0cf6b69cb50b121c22bb0d5192b19c78c0f8da..604a5eba48fa44b3344dac86579fe64741c4c1e5 100644 (file)
--- a/src/lib-ssl-iostream/iostream-ssl.c
+++ b/src/lib-ssl-iostream/iostream-ssl.c
@@ -151,7 +151,6 @@ int io_stream_autocreate_ssl_client(
                         p_memdup(pool, set, sizeof(*set));
                 set_copy->pool = pool;
                 pool_add_external_ref(pool, set->pool);
-               set_copy->ca_file = NULL;
                 set_copy->ca_dir = NULL;
                 settings_free(set);
                 set = set_copy;
@@ -361,7 +360,6 @@ bool ssl_iostream_settings_equals(const struct ssl_iostream_settings *set1,
                 return FALSE;
  
         if (!quick_strcmp(set1->ca.content, set2->ca.content) ||
-           !quick_strcmp(set1->ca_file, set2->ca_file) ||
             !quick_strcmp(set1->ca_dir, set2->ca_dir))
                 return FALSE;
  
diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h

index 5abb06d508805ad570be92a37e0aff3ee10f99ec..578058ff1911323c8fe4a2996d485a2a174dd847 100644 (file)
--- a/src/lib-ssl-iostream/iostream-ssl.h
+++ b/src/lib-ssl-iostream/iostream-ssl.h
@@ -34,7 +34,7 @@ struct ssl_iostream_settings {
         const char *ciphersuites; /* TLSv1.3 only */
         const char *curve_list;
         struct settings_file ca;
-       const char *ca_file, *ca_dir;
+       const char *ca_dir;
         struct ssl_iostream_cert cert;
         /* alternative cert is for providing certificate using
            different key algorithm */
author	Timo Sirainen <timo.sirainen@open-xchange.com>
	Thu, 1 Feb 2024 15:03:41 +0000 (17:03 +0200)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Wed, 12 Feb 2025 10:34:11 +0000 (12:34 +0200)
src/lib-ssl-iostream/iostream-openssl-context.c		patch \| blob \| blame \| history
src/lib-ssl-iostream/iostream-ssl.c		patch \| blob \| blame \| history
src/lib-ssl-iostream/iostream-ssl.h		patch \| blob \| blame \| history