From patchwork Wed Nov 22 19:01:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Sommerseth X-Patchwork-Id: 3479 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:53c1:b0:f2:62eb:61c1 with SMTP id u1csp93369dye; Wed, 22 Nov 2023 11:02:31 -0800 (PST) X-Google-Smtp-Source: AGHT+IHuMsIL5YEn6Tyd4OK3nrAv7lOgnGxJoBYMu6Ktzg8zhj1ZFzjW9lQoT9hV3BKzqnZBx6hd X-Received: by 2002:a05:6830:308e:b0:6d6:4697:6aac with SMTP id g14-20020a056830308e00b006d646976aacmr3811989ots.3.1700679751604; Wed, 22 Nov 2023 11:02:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700679751; cv=none; d=google.com; s=arc-20160816; b=F9W34d3HhiuReWPwawyAJgwSOiqxEAW1eSE7iSXlWeNh4xBc6GrCkX1w+AbdB5Fw7R kmO5WqUX4fTEeL6Bal/GxjRooCtZ3RgC6XH0/8Q2BLSQy1w37JtYUFIwljqGK0F3s45L LCEsBzxHs8MAWCx/MKnnV0rdZ7iFSD1vJni4l8QitPIUtI4iJACzZTIXBGA048KDzAz+ A37UAtGZwJmB9uWu2sHapXRTYrrILfx89J+1CPvvQLKcHpUX/uBAjqwqklvSwSGFNZD+ Fk8o9Mw266hGoTN5yyXjX7jaZY/jt9jxnquCObnO6wS1bGZcQCeZxRAdI2KVOBbkeNjw N/hA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=WL8UYLHfqv01AVAnlt3qAE8TGv6I2n2+zmntcP8ZM5M=; fh=YXTNqFP/QKxSdndq4335GPlifHLzs2hh7ik63TYw/Qc=; b=r9jwuObGtpKxw9vQ9DWQsAvJpWq7kSA9SyK2mH/5+REFBwWYqKiTSnawMNDFXtv3VM tJMrzsCJVmHsNDyVGmk4ZdBqWR3Z4hEJycD92ec4iHuw7+2ihdbWkqntbPJbjwJAkEnL TA801A94HMXzok0lUp5S/3bpNrPsR+6SUzKt8IWqfnG0ADBG25odk45IRrl+fYqZcU8Z Lj3wBmbigmR2651bx36lYWIg4J6PJqBxgyH3lHKEpRbV4djOmAmn5yP1948zeVCXHee7 ZmyBghlcmN0oRYrKks01i/gtveUiBsKlAuHxbIbu8k4/87U4KLbU8xOULLTbxWmRF8YU T32w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=UoTkbFxU; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cSMDO9od; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=eurephia.org Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id z7-20020a05683010c700b006bf0a6dd33bsi104338oto.96.2023.11.22.11.02.31 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Nov 2023 11:02:31 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=UoTkbFxU; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=cSMDO9od; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=eurephia.org Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1r5sTr-0000Qh-4L; Wed, 22 Nov 2023 19:01:47 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1r5sTq-0000Qb-M3 for openvpn-devel@lists.sourceforge.net; Wed, 22 Nov 2023 19:01:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=sN44QmyqcI0tm/dy2YOWYVmVNefFpEkGylhNDemfOq4=; b=UoTkbFxUJTnUuNjE8cWRcqKFlc 7oBGpSiVpIJLUDRNIaMfs58XMZKdfi62c68YMZQ9euuwZE0D/2C3pYXWVD+M/v87CpyrJxpOwaRgj mk29S5M/fEmmqUaacEfxNymluQTkfDiWeAXB9aJVD/vAfxSkzgfxQ8KUtSjOundJ7Glk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=sN44QmyqcI0tm/dy2YOWYVmVNefFpEkGylhNDemfOq4=; b=cSMDO9odSHQN8R93CtD7TT367o Pqy+zHlPy7XW/+ju8RanLOrfJ0vTX19N7VyiNY69/cwxWpIq7Xo8kPUKnoEmYhnd5hnStdSu9cbp8 F2P9eIfcYBjGfriJ7NdacHLK8zoPgTJ8XX7H7BhZTtgJWZbCEQOA+65Pqp7r2q0WomOo=; Received: from mx1.basenordic.cloud ([217.170.196.134]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1r5sTp-0004lX-MK for openvpn-devel@lists.sourceforge.net; Wed, 22 Nov 2023 19:01:46 +0000 Received: from localhost (unknown [127.0.0.1]) by mx1.basenordic.cloud (Postfix) with ESMTP id 529FCE70C; Wed, 22 Nov 2023 19:01:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at basenordic.cloud Received: from mx1.basenordic.cloud ([127.0.0.1]) by localhost (mx1.basenordic.cloud [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0H3AOax-nhrA; Wed, 22 Nov 2023 20:01:32 +0100 (CET) Received: from xplorer.net (xplorer.sommerseth.xyz [10.35.7.11]) by mx1.basenordic.cloud (Postfix) with ESMTP id 364C7E708; Wed, 22 Nov 2023 20:01:27 +0100 (CET) From: David Sommerseth To: openvpn-devel@lists.sourceforge.net Date: Wed, 22 Nov 2023 20:01:25 +0100 Message-Id: <20231122190125.120500-1-dazo+openvpn@eurephia.org> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231122143110.58520-1-dazo+openvpn@eurephia.org> References: <20231122143110.58520-1-dazo+openvpn@eurephia.org> MIME-Version: 1.0 X-Spam-Score: -2.3 (--) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: David Sommerseth After removing --tls-export-cert, this function was left in the code base with no other users. This was an oversight in the previous change. Removing it to avoid leaving dead code behind. Content analysis details: (-2.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [217.170.196.134 listed in list.dnswl.org] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1r5sTp-0004lX-MK Subject: [Openvpn-devel] [PATCH] Remove superfluous x509_write_pem() X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: David Sommerseth Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1783291970994598690?= X-GMAIL-MSGID: =?utf-8?q?1783291970994598690?= From: David Sommerseth After removing --tls-export-cert, this function was left in the code base with no other users. This was an oversight in the previous change. Removing it to avoid leaving dead code behind. Signed-off-by: David Sommerseth --- src/openvpn/ssl_verify_backend.h | 11 ----------- src/openvpn/ssl_verify_mbedtls.c | 7 ------- src/openvpn/ssl_verify_openssl.c | 11 ----------- 3 files changed, 29 deletions(-) diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h index 3b798811..d402b1f2 100644 --- a/src/openvpn/ssl_verify_backend.h +++ b/src/openvpn/ssl_verify_backend.h @@ -249,17 +249,6 @@ result_t x509_verify_cert_ku(openvpn_x509_cert_t *x509, const unsigned *const ex */ result_t x509_verify_cert_eku(openvpn_x509_cert_t *x509, const char *const expected_oid); -/* - * Store the given certificate in pem format in a temporary file in tmp_dir - * - * @param cert Certificate to store - * @param tmp_dir Temporary directory to store the directory - * @param gc gc_arena to store temporary objects in - * - * - */ -result_t x509_write_pem(FILE *peercert_file, openvpn_x509_cert_t *peercert); - /** * Return true iff a CRL is configured, but is not loaded. This can be caused * by e.g. a CRL parsing error, a missing CRL file or CRL file permission diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c index a1ddf8d0..4596843c 100644 --- a/src/openvpn/ssl_verify_mbedtls.c +++ b/src/openvpn/ssl_verify_mbedtls.c @@ -547,13 +547,6 @@ x509_verify_cert_eku(mbedtls_x509_crt *cert, const char *const expected_oid) return fFound; } -result_t -x509_write_pem(FILE *peercert_file, mbedtls_x509_crt *peercert) -{ - msg(M_WARN, "mbed TLS does not support writing peer certificate in PEM format"); - return FAILURE; -} - bool tls_verify_crl_missing(const struct tls_options *opt) { diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index 3194c232..5afffc1f 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -762,17 +762,6 @@ x509_verify_cert_eku(X509 *x509, const char *const expected_oid) return fFound; } -result_t -x509_write_pem(FILE *peercert_file, X509 *peercert) -{ - if (PEM_write_X509(peercert_file, peercert) < 0) - { - msg(M_NONFATAL, "Failed to write peer certificate in PEM format"); - return FAILURE; - } - return SUCCESS; -} - bool tls_verify_crl_missing(const struct tls_options *opt) {