From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Thu, 13 Dec 2012 21:39:46 +0000 (+0200)
Subject: SSL server certificate validator implementation: remove "#if 1 //USE_SSL_CERT_VALIDAT... 
X-Git-Tag: SQUID_3_4_0_1~448
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a5efc5d824b90efb86f9de667a75035cb29423cd;p=thirdparty%2Fsquid.git

SSL server certificate validator implementation: remove "#if 1 //USE_SSL_CERT_VALIDATOR" conditionals
---

diff --git a/src/forward.cc b/src/forward.cc
index 8b5adde407..a6ab3daae8 100644
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -72,11 +72,9 @@
 #include "urn.h"
 #include "whois.h"
 #if USE_SSL
-#if 1 // USE_SSL_CERT_VALIDATOR
 #include "ssl/cert_validate_message.h"
 #include "ssl/Config.h"
 #include "ssl/helper.h"
-#endif
 #include "ssl/support.h"
 #include "ssl/ErrorDetail.h"
 #include "ssl/ServerBump.h"
@@ -744,7 +742,6 @@ FwdState::negotiateSSL(int fd)
         serverConnection()->getPeer()->sslSession = SSL_get1_session(ssl);
     }
 
-#if 1 // USE_SSL_CERT_VALIDATOR
     if (Ssl::TheConfig.ssl_crt_validator) {
         Ssl::CertValidationRequest validationRequest;
         // WARNING: The STACK_OF(*) OpenSSL objects does not support locking.
@@ -786,12 +783,10 @@ FwdState::negotiateSSL(int fd)
             return;
         }
     }
-#endif // USE_SSL_CERT_VALIDATOR
 
     dispatch();
 }
 
-#if 1 // USE_SSL_CERT_VALIDATOR
 void
 FwdState::sslCrtvdHandleReplyWrapper(void *data, const HelperReply &reply)
 {
@@ -928,8 +923,6 @@ FwdState::sslCrtvdCheckForErrors(Ssl::CertValidationResponse &resp, Ssl::ErrorDe
     return errs;
 }
 
-#endif // USE_SSL_CERT_VALIDATOR
-
 void
 FwdState::initiateSSL()
 {
@@ -992,20 +985,16 @@ FwdState::initiateSSL()
             Ssl::setClientSNI(ssl, hostname);
     }
 
-#if 1 // USE_SSL_CERT_VALIDATOR
     // If CertValidation Helper used do not lookup checklist for errors,
     // but keep a list of errors to send it to CertValidator
     if (!Ssl::TheConfig.ssl_crt_validator) {
-#endif
         // Create the ACL check list now, while we have access to more info.
         // The list is used in ssl_verify_cb() and is freed in ssl_free().
         if (acl_access *acl = Config.ssl_client.cert_error) {
             ACLFilledChecklist *check = new ACLFilledChecklist(acl, request, dash_str);
             SSL_set_ex_data(ssl, ssl_ex_index_cert_error_check, check);
         }
-#if 1 // USE_SSL_CERT_VALIDATOR
     }
-#endif
 
     // store peeked cert to check SQUID_X509_V_ERR_CERT_CHANGE
     X509 *peeked_cert;
diff --git a/src/main.cc b/src/main.cc
index 1bd6718647..5b53224429 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -767,10 +767,8 @@ mainReconfigureStart(void)
     Ssl::Helper::GetInstance()->Shutdown();
 #endif
 #if USE_SSL
-#if 1 // USE_SSL_CERT_VALIDATOR
     if (Ssl::CertValidationHelper::GetInstance())
         Ssl::CertValidationHelper::GetInstance()->Shutdown();
-#endif
     Ssl::TheGlobalContextStorage.reconfigureStart();
 #endif
     redirectShutdown();
@@ -853,7 +851,7 @@ mainReconfigureFinish(void *)
 #if USE_SSL_CRTD
     Ssl::Helper::GetInstance()->Init();
 #endif
-#if USE_SSL // && USE_SSL_CERT_VALIDATOR
+#if USE_SSL
     if (Ssl::CertValidationHelper::GetInstance())
         Ssl::CertValidationHelper::GetInstance()->Init();
 #endif
@@ -1054,7 +1052,7 @@ mainInitialize(void)
     Ssl::Helper::GetInstance()->Init();
 #endif
 
-#if USE_SSL // && USE_SSL_CERT_VALIDATOR
+#if USE_SSL
     if (Ssl::CertValidationHelper::GetInstance())
         Ssl::CertValidationHelper::GetInstance()->Init();
 #endif
@@ -1852,7 +1850,7 @@ SquidShutdown()
 #if USE_SSL_CRTD
     Ssl::Helper::GetInstance()->Shutdown();
 #endif
-#if USE_SSL //&& USE_SSL_CERT_VALIDATOR
+#if USE_SSL
     if (Ssl::CertValidationHelper::GetInstance())
         Ssl::CertValidationHelper::GetInstance()->Shutdown();
 #endif
diff --git a/src/ssl/helper.cc b/src/ssl/helper.cc
index c5b9fff4d1..a025d05c21 100644
--- a/src/ssl/helper.cc
+++ b/src/ssl/helper.cc
@@ -108,9 +108,6 @@ void Ssl::Helper::sslSubmit(CrtdMessage const & message, HLPCB * callback, void
 }
 #endif //USE_SSL_CRTD
 
-#if 1 // USE_SSL_CERT_VALIDATOR
-/*ssl_crtd_validator*/
-
 Ssl::CertValidationHelper * Ssl::CertValidationHelper::GetInstance()
 {
     static Ssl::CertValidationHelper sslHelper;
@@ -193,4 +190,3 @@ void Ssl::CertValidationHelper::sslSubmit(CrtdMessage const & message, HLPCB * c
     msg += '\n';
     helperSubmit(ssl_crt_validator, msg.c_str(), callback, data);
 }
-#endif // USE_SSL_CERT_VALIDATOR
diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index f4b15197e5..fbdb2849fc 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -290,12 +290,10 @@ ssl_verify_cb(int ok, X509_STORE_CTX * ctx)
             filledCheck->sslErrors = NULL;
             filledCheck->serverCert.reset(NULL);
         }
-#if 1 // USE_SSL_CERT_VALIDATOR
         // If the certificate validator is used then we need to allow all errors and
         // pass them to certficate validator for more processing
         else if (Ssl::TheConfig.ssl_crt_validator)
             ok = 1;
-#endif
     }
 
     if (!dont_verify_domain && server) {}