From f32d6b292e6cfb22c2b59b5015f1d621e63343f4 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Sun, 26 Apr 2015 12:14:53 -0400 Subject: [PATCH] Remove remnants of old OCSP stapling API. Probably we'll want some simpler server-side API later. But, as things stand, all consumers of these functions are #ifdef'd out and have to be because the requisite OCSP_RESPONSE types are gone. Change-Id: Ic82b2ab3feca14c56656da3ceb3651819e3eb377 Reviewed-on: https://boringssl-review.googlesource.com/4551 Reviewed-by: Adam Langley --- include/openssl/ssl.h | 7 ------- include/openssl/tls1.h | 7 ------- ssl/s3_lib.c | 9 --------- ssl/ssl_lib.c | 3 --- 4 files changed, 26 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index ff23010e..8e74c85d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -874,11 +874,6 @@ struct ssl_ctx_st { int (*tlsext_ticket_key_cb)(SSL *ssl, uint8_t *name, uint8_t *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc); - /* certificate status request info */ - /* Callback for status request */ - int (*tlsext_status_cb)(SSL *ssl, void *arg); - void *tlsext_status_arg; - /* Server-only: psk_identity_hint is the default identity hint to send in * PSK-based key exchanges. */ char *psk_identity_hint; @@ -1606,8 +1601,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 -#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 3e3f8122..b33e035c 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -338,13 +338,6 @@ OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx), SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys)) -#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ - SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB, \ - (void (*)(void))cb) - -#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ - SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG, 0, (void *)arg) - #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl, SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB, \ (void (*)(void))cb) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3538459a..24884313 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -937,11 +937,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { return 1; } - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: - ctx->tlsext_status_arg = parg; - return 1; - break; - case SSL_CTRL_SET_CURVES: return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, &ctx->tlsext_ellipticcurvelist_length, parg, larg); @@ -1051,10 +1046,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) { ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; break; - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: - ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; - break; - case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: ctx->tlsext_ticket_key_cb = (int ( *)(SSL *, uint8_t *, uint8_t *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 36841113..c84b6036 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1780,9 +1780,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) { ret->options |= SSL_OP_NO_TICKET; } - ret->tlsext_status_cb = 0; - ret->tlsext_status_arg = NULL; - ret->next_protos_advertised_cb = 0; ret->next_proto_select_cb = 0; ret->psk_identity_hint = NULL;