[Openvpn-devel] Remove superfluous x509_write_pem()

Message ID 20231122190057.120384-1-dazo+openvpn@eurephia.org
State Accepted
Headers show
Series [Openvpn-devel] Remove superfluous x509_write_pem() | expand

Commit Message

David Sommerseth Nov. 22, 2023, 7 p.m. UTC
From: David Sommerseth <davids@openvpn.net>

After removing --tls-export-cert, this function was left in the code
base with no other users.  This was an oversight in the previous
change.  Removing it to avoid leaving dead code behind.

Signed-off-by: David Sommerseth <davids@openvpn.net>
---
 src/openvpn/ssl_verify_backend.h | 11 -----------
 src/openvpn/ssl_verify_mbedtls.c |  7 -------
 src/openvpn/ssl_verify_openssl.c | 11 -----------
 3 files changed, 29 deletions(-)

Comments

Gert Doering Dec. 6, 2023, 12:15 p.m. UTC | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

Does what it says on the lid.  Test compiled on FreeBSD, but that
brought no surprises as "git grep" confirms this function is no longer
called.

I could have squashed this with the previous patch, but since it hit
the list as two patches, I decided to keep the direct references intact
instead.

Your patch has been applied to the master and release/2.6 branch.

commit f015643fe23d7847ad45b7763f31bfc6baed2159 (master)
commit 5552391a362e16f02e41b056ea18b89b2e49a757 (release/2.6)
Author: David Sommerseth
Date:   Wed Nov 22 20:00:57 2023 +0100

     Remove superfluous x509_write_pem()

     Signed-off-by: David Sommerseth <davids@openvpn.net>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20231122190057.120384-1-dazo+openvpn@eurephia.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27561.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h
index 3b798811..d402b1f2 100644
--- a/src/openvpn/ssl_verify_backend.h
+++ b/src/openvpn/ssl_verify_backend.h
@@ -249,17 +249,6 @@  result_t x509_verify_cert_ku(openvpn_x509_cert_t *x509, const unsigned *const ex
  */
 result_t x509_verify_cert_eku(openvpn_x509_cert_t *x509, const char *const expected_oid);
 
-/*
- * Store the given certificate in pem format in a temporary file in tmp_dir
- *
- * @param cert          Certificate to store
- * @param tmp_dir       Temporary directory to store the directory
- * @param gc            gc_arena to store temporary objects in
- *
- *
- */
-result_t x509_write_pem(FILE *peercert_file, openvpn_x509_cert_t *peercert);
-
 /**
  * Return true iff a CRL is configured, but is not loaded.  This can be caused
  * by e.g. a CRL parsing error, a missing CRL file or CRL file permission
diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c
index ce213246..56121394 100644
--- a/src/openvpn/ssl_verify_mbedtls.c
+++ b/src/openvpn/ssl_verify_mbedtls.c
@@ -536,13 +536,6 @@  x509_verify_cert_eku(mbedtls_x509_crt *cert, const char *const expected_oid)
     return fFound;
 }
 
-result_t
-x509_write_pem(FILE *peercert_file, mbedtls_x509_crt *peercert)
-{
-    msg(M_WARN, "mbed TLS does not support writing peer certificate in PEM format");
-    return FAILURE;
-}
-
 bool
 tls_verify_crl_missing(const struct tls_options *opt)
 {
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 3194c232..5afffc1f 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -762,17 +762,6 @@  x509_verify_cert_eku(X509 *x509, const char *const expected_oid)
     return fFound;
 }
 
-result_t
-x509_write_pem(FILE *peercert_file, X509 *peercert)
-{
-    if (PEM_write_X509(peercert_file, peercert) < 0)
-    {
-        msg(M_NONFATAL, "Failed to write peer certificate in PEM format");
-        return FAILURE;
-    }
-    return SUCCESS;
-}
-
 bool
 tls_verify_crl_missing(const struct tls_options *opt)
 {