Remove remnants of old OCSP stapling API.

Probably we'll want some simpler server-side API later. But, as things stand, all consumers of these functions are #ifdef'd out and have to be because the requisite OCSP_RESPONSE types are gone. Change-Id: Ic82b2ab3feca14c56656da3ceb3651819e3eb377 Reviewed-on: https://boringssl-review.googlesource.com/4551 Reviewed-by: Adam Langley <agl@google.com>
2015-04-26 12:14:53 -04:00 · 2015-04-26 12:14:53 -04:00 · f32d6b292e
commit f32d6b292e
parent 9a727c21c1
4 changed files with 0 additions and 26 deletions
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@ -874,11 +874,6 @@ struct ssl_ctx_st {
  int (*tlsext_ticket_key_cb)(SSL *ssl, uint8_t *name, uint8_t *iv,
                              EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);

-  /* certificate status request info */
-  /* Callback for status request */
-  int (*tlsext_status_cb)(SSL *ssl, void *arg);
-  void *tlsext_status_arg;
-
  /* Server-only: psk_identity_hint is the default identity hint to send in
   * PSK-based key exchanges. */
  char *psk_identity_hint;
@ -1606,8 +1601,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
 #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
 #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64

 #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72

--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@ -338,13 +338,6 @@ OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign,
 #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
  SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys))

-#define SSL_CTX_set_tlsext_status_cb(ssl, cb)                   \
-  SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, \
-                        (void (*)(void))cb)
-
-#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
-  SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, (void *)arg)
-
 #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb)               \
  SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \
                        (void (*)(void))cb)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -937,11 +937,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) {
      return 1;
    }

-    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
-      ctx->tlsext_status_arg = parg;
-      return 1;
-      break;
-
    case SSL_CTRL_SET_CURVES:
      return tls1_set_curves(&ctx->tlsext_ellipticcurvelist,
                             &ctx->tlsext_ellipticcurvelist_length, parg, larg);
@ -1051,10 +1046,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) {
      ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
      break;

-    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
-      ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
-      break;
-
    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
      ctx->tlsext_ticket_key_cb = (int (
          *)(SSL *, uint8_t *, uint8_t *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1780,9 +1780,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) {
    ret->options |= SSL_OP_NO_TICKET;
  }

-  ret->tlsext_status_cb = 0;
-  ret->tlsext_status_arg = NULL;
-
  ret->next_protos_advertised_cb = 0;
  ret->next_proto_select_cb = 0;
  ret->psk_identity_hint = NULL;