From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 30 Oct 2023 16:50:18 +0000 (+0100)
Subject: pki: Drop legacy registration for OCSP responders
X-Git-Tag: 5.9.12rc1~2^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e42b2f5cb47837a8e0b22baefd6a231816b8491;p=thirdparty%2Fstrongswan.git

pki: Drop legacy registration for OCSP responders
---

diff --git a/src/pki/commands/ocsp.c b/src/pki/commands/ocsp.c
index 0dc55525fe..0dd5b4a780 100644
--- a/src/pki/commands/ocsp.c
+++ b/src/pki/commands/ocsp.c
@@ -23,7 +23,6 @@
 #include <credentials/certificates/ocsp_request.h>
 #include <credentials/certificates/ocsp_response.h>
 #include <credentials/certificates/ocsp_single_response.h>
-#include <credentials/certificates/ocsp_responder.h>
 
 /*
  * Verifies the optional OCSP request signature generated by an OCSP requestor
@@ -229,7 +228,6 @@ static int ocsp()
 	certificate_t *cacert = NULL, *first_issuer = NULL;
 	ocsp_request_t *ocsp_request;
 	ocsp_status_t ocsp_status = OCSP_SUCCESSFUL;
-	ocsp_responder_t *ocsp_responder = NULL;
 	linked_list_t *responses = NULL;
 	chunk_t encoding = chunk_empty, nonce = chunk_empty;
 	chunk_t issuerNameHash, issuerKeyHash, serialNumber;
@@ -406,16 +404,6 @@ static int ocsp()
 		DBG1(DBG_APP, "nonce:               %#B", &nonce);
 	}
 
-	/* check for an ocsp responder */
-	if (op == OP_RESPOND)
-	{
-		ocsp_responder = lib->get(lib, "ocsp-responder");
-		if (ocsp_responder)
-		{
-			lib->ocsp->add_responder(lib->ocsp, ocsp_responder);
-		}
-	}
-
 	/* enumerate over the ocsp requests and try to identify the issuers */
 	enumerator = ocsp_request->create_request_enumerator(ocsp_request);
 	while (enumerator->enumerate(enumerator, &hashAlgorithm, &issuerNameHash,
@@ -554,10 +542,6 @@ gen:
 	res = 0;
 
 end:
-	if (ocsp_responder)
-	{
-		lib->ocsp->remove_responder(lib->ocsp, ocsp_responder);
-	}
 	DESTROY_IF(key);
 	lib->credmgr->remove_local_set(lib->credmgr, &creds->set);
 	creds->destroy(creds);