From patchwork Wed Nov 22 19:00:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Sommerseth X-Patchwork-Id: 3478 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:53c1:b0:f2:62eb:61c1 with SMTP id u1csp93068dye; Wed, 22 Nov 2023 11:02:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IEzQ7YxTOBInclhGAbgPsTKCJ7B/4z0ssZOJeHaurb4xyZD+fvy269taVLoYRsf2eW7d7M4 X-Received: by 2002:a05:6808:15a1:b0:3b8:42c5:851d with SMTP id t33-20020a05680815a100b003b842c5851dmr2433887oiw.5.1700679734552; Wed, 22 Nov 2023 11:02:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700679734; cv=none; d=google.com; s=arc-20160816; b=ngigaDJJBDVRKup9zsbPiu4+5vBfoFY1PaxUucIGgn7lA3aRgmZv4O7zvK/RiJyP5X R1cLsGV7YcRCZFUd1e+vN3spQDn5/fPWwA0XGWscbRg7p6Ks4u8HjuWDV3G+ou1r/j4D TjZXLen3OrIu+8IVpximLgBG+qR/9njKaczmHCQ3AFZVypmIw7RfE3B7/njK9YUla7ax X+nBCao3xVDL/5sXfP1HPLdgnH5hzBhqeI7URlz+49y/A/5ZV34NVwyfHGB9JmJf5iVl dfasd8QfDoQ4oa5OfXmZczwqC4UekW8vQbro07rlQxFd+RJb+bQ4Xa6DiIQXr7zO0Ehx cffg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=4OFfQfmLXhTvTrMtCQ/y74Elmf0FpXUTg+p1AmX243s=; fh=YXTNqFP/QKxSdndq4335GPlifHLzs2hh7ik63TYw/Qc=; b=RI6WzSD7WqytGJ4svmfgjr/YA9thIMXjx6kMDTt+NXA0fWIPOHrLPW5d62NI1uwltg x3k9oKu1B6lcT0uFq/7TCBu9VMtgD6KGNP1jh/nfq+JMAIImtjEOzNdPZoJkF9/6kqL1 imKdrrLHdI0nOH4KKwxpkIOBTj/Obi1u9+7DC5pFmK3l7hGqN+J2OTJehp1p214t6fmr +vjAspjgmLdQNbeAAEf/3O/E7z0omcfAnLLTQYmeXYQgFc5GfZ5ktu5OIOVSTPfzYuyM /HtIEGtNjRnmJvQq45oK/E8pa9UY9qrMqlq5Xw5lhI/RUO0AXkglPobtQ90tLnlitpKh Rqjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JV0zoxHR; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=HItp5dDX; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=eurephia.org Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id n6-20020a0568080a0600b003b83aaa5a34si63782oij.217.2023.11.22.11.02.14 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Nov 2023 11:02:14 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=JV0zoxHR; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=HItp5dDX; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=eurephia.org Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1r5sTW-0002ay-RQ; Wed, 22 Nov 2023 19:01:27 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1r5sTV-0002ao-3Z for openvpn-devel@lists.sourceforge.net; Wed, 22 Nov 2023 19:01:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=u6pt24Jl91HdwAicjKw1I+DF08uHJ9wdfvRtltt+9fM=; b=JV0zoxHRYVFmp7apj2RAffydz4 bu0bERvt/7FSkYAYq/MBWAJyYODF2NYc14/8UGUUsQecJj8HdTKfjb6Q4qjZWxiqyl9zbECReOQom m+KSVnvcjs/Pgtjwudg6aFtfzNDWGoJtFVKNaZ+KBSPtqHt3q3oRW8RkUyQEitwt6Swk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=u6pt24Jl91HdwAicjKw1I+DF08uHJ9wdfvRtltt+9fM=; b=HItp5dDXVF5r5AyX/5JieqAkZE 8XeCa4gnWxcMCqJ4TmHBxiOtdMqIsMqvOyX+Oh8wGbjoS18/AwQe1quoZHfyW5OhIchp+YjfayxBW geOeJre2LiZbtoT7Xbp+S1YG2gP2GUlLiLW/H6FIQJgCY+zLfEpt8sZjrt6t5dQDg5uQ=; Received: from mx1.basenordic.cloud ([217.170.196.134]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1r5sTU-0004kV-KU for openvpn-devel@lists.sourceforge.net; Wed, 22 Nov 2023 19:01:25 +0000 Received: from localhost (unknown [127.0.0.1]) by mx1.basenordic.cloud (Postfix) with ESMTP id 6C4A7E70C; Wed, 22 Nov 2023 19:01:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at basenordic.cloud Received: from mx1.basenordic.cloud ([127.0.0.1]) by localhost (mx1.basenordic.cloud [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k2fGZDJekocJ; Wed, 22 Nov 2023 20:01:04 +0100 (CET) Received: from xplorer.net (xplorer.sommerseth.xyz [10.35.7.11]) by mx1.basenordic.cloud (Postfix) with ESMTP id DFAC9E708; Wed, 22 Nov 2023 20:00:59 +0100 (CET) From: David Sommerseth To: openvpn-devel@lists.sourceforge.net Date: Wed, 22 Nov 2023 20:00:57 +0100 Message-Id: <20231122190057.120384-1-dazo+openvpn@eurephia.org> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231122143101.58483-1-dazo+openvpn@eurephia.org> References: <20231122143101.58483-1-dazo+openvpn@eurephia.org> MIME-Version: 1.0 X-Spam-Score: -2.3 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: David Sommerseth After removing --tls-export-cert, this function was left in the code base with no other users. This was an oversight in the previous change. Removing it to avoid leaving dead code behind. Content analysis details: (-2.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [217.170.196.134 listed in list.dnswl.org] -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1r5sTU-0004kV-KU Subject: [Openvpn-devel] [PATCH] Remove superfluous x509_write_pem() X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: David Sommerseth Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1783291953424823780?= X-GMAIL-MSGID: =?utf-8?q?1783291953424823780?= From: David Sommerseth After removing --tls-export-cert, this function was left in the code base with no other users. This was an oversight in the previous change. Removing it to avoid leaving dead code behind. Signed-off-by: David Sommerseth Acked-by: Gert Doering --- src/openvpn/ssl_verify_backend.h | 11 ----------- src/openvpn/ssl_verify_mbedtls.c | 7 ------- src/openvpn/ssl_verify_openssl.c | 11 ----------- 3 files changed, 29 deletions(-) diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h index 3b798811..d402b1f2 100644 --- a/src/openvpn/ssl_verify_backend.h +++ b/src/openvpn/ssl_verify_backend.h @@ -249,17 +249,6 @@ result_t x509_verify_cert_ku(openvpn_x509_cert_t *x509, const unsigned *const ex */ result_t x509_verify_cert_eku(openvpn_x509_cert_t *x509, const char *const expected_oid); -/* - * Store the given certificate in pem format in a temporary file in tmp_dir - * - * @param cert Certificate to store - * @param tmp_dir Temporary directory to store the directory - * @param gc gc_arena to store temporary objects in - * - * - */ -result_t x509_write_pem(FILE *peercert_file, openvpn_x509_cert_t *peercert); - /** * Return true iff a CRL is configured, but is not loaded. This can be caused * by e.g. a CRL parsing error, a missing CRL file or CRL file permission diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c index ce213246..56121394 100644 --- a/src/openvpn/ssl_verify_mbedtls.c +++ b/src/openvpn/ssl_verify_mbedtls.c @@ -536,13 +536,6 @@ x509_verify_cert_eku(mbedtls_x509_crt *cert, const char *const expected_oid) return fFound; } -result_t -x509_write_pem(FILE *peercert_file, mbedtls_x509_crt *peercert) -{ - msg(M_WARN, "mbed TLS does not support writing peer certificate in PEM format"); - return FAILURE; -} - bool tls_verify_crl_missing(const struct tls_options *opt) { diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index 3194c232..5afffc1f 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -762,17 +762,6 @@ x509_verify_cert_eku(X509 *x509, const char *const expected_oid) return fFound; } -result_t -x509_write_pem(FILE *peercert_file, X509 *peercert) -{ - if (PEM_write_X509(peercert_file, peercert) < 0) - { - msg(M_NONFATAL, "Failed to write peer certificate in PEM format"); - return FAILURE; - } - return SUCCESS; -} - bool tls_verify_crl_missing(const struct tls_options *opt) {