[evolution-data-server] CamelTCPStreamSSL: Remove dead code.
- From: Matthew Barnes <mbarnes src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [evolution-data-server] CamelTCPStreamSSL: Remove dead code.
- Date: Mon, 23 Sep 2013 16:10:09 +0000 (UTC)
commit 428b8dbe248e02baa22929fbc3ed8cbf453cc139
Author: Matthew Barnes <mbarnes redhat com>
Date: Sun Sep 22 12:04:38 2013 -0400
CamelTCPStreamSSL: Remove dead code.
camel/camel-tcp-stream-ssl.c | 118 ------------------------------------------
1 files changed, 0 insertions(+), 118 deletions(-)
---
diff --git a/camel/camel-tcp-stream-ssl.c b/camel/camel-tcp-stream-ssl.c
index 4ac2317..f23cec0 100644
--- a/camel/camel-tcp-stream-ssl.c
+++ b/camel/camel-tcp-stream-ssl.c
@@ -137,124 +137,6 @@ tcp_stream_ssl_finalize (GObject *object)
G_OBJECT_CLASS (camel_tcp_stream_ssl_parent_class)->finalize (object);
}
-#if 0
-/* Since this is default implementation, let NSS handle it. */
-static SECStatus
-ssl_get_client_auth (gpointer data,
- PRFileDesc *sockfd,
- struct CERTDistNamesStr *caNames,
- struct CERTCertificateStr **pRetCert,
- struct SECKEYPrivateKeyStr **pRetKey)
-{
- SECStatus status = SECFailure;
- SECKEYPrivateKey *privkey;
- CERTCertificate *cert;
- gpointer proto_win;
-
- proto_win = SSL_RevealPinArg (sockfd);
-
- if ((gchar *) data) {
- cert = PK11_FindCertFromNickname ((gchar *) data, proto_win);
- if (cert) {
- privKey = PK11_FindKeyByAnyCert (cert, proto_win);
- if (privkey) {
- status = SECSuccess;
- } else {
- CERT_DestroyCertificate (cert);
- }
- }
- } else {
- /* no nickname given, automatically find the right cert */
- CERTCertNicknames *names;
- gint i;
-
- names = CERT_GetCertNicknames (
- CERT_GetDefaultCertDB (),
- SEC_CERT_NICKNAMES_USER,
- proto_win);
-
- if (names != NULL) {
- for (i = 0; i < names->numnicknames; i++) {
- cert = PK11_FindCertFromNickname (
- names->nicknames[i], proto_win);
- if (!cert)
- continue;
-
- /* Only check unexpired certs */
- if (CERT_CheckCertValidTimes (cert, PR_Now (), PR_FALSE) != secCertTimeValid)
{
- CERT_DestroyCertificate (cert);
- continue;
- }
-
- status = NSS_CmpCertChainWCANames (cert, caNames);
- if (status == SECSuccess) {
- privkey = PK11_FindKeyByAnyCert (cert, proto_win);
- if (privkey)
- break;
-
- status = SECFailure;
- break;
- }
-
- CERT_FreeNicknames (names);
- }
- }
- }
-
- if (status == SECSuccess) {
- *pRetCert = cert;
- *pRetKey = privkey;
- }
-
- return status;
-}
-#endif
-
-#if 0
-/* Since this is the default NSS implementation, no need for us to use this. */
-static SECStatus
-ssl_auth_cert (gpointer data,
- PRFileDesc *sockfd,
- PRBool checksig,
- PRBool is_server)
-{
- CERTCertificate *cert;
- SECStatus status;
- gpointer pinarg;
- gchar *host;
-
- cert = SSL_PeerCertificate (sockfd);
- pinarg = SSL_RevealPinArg (sockfd);
- status = CERT_VerifyCertNow (
- (CERTCertDBHandle *) data, cert,
- checksig, certUsageSSLClient, pinarg);
-
- if (status != SECSuccess)
- return SECFailure;
-
- /* Certificate is OK. Since this is the client side of an SSL
- * connection, we need to verify that the name field in the cert
- * matches the desired hostname. This is our defense against
- * man-in-the-middle attacks.
- */
-
- /* SSL_RevealURL returns a hostname, not a URL. */
- host = SSL_RevealURL (sockfd);
-
- if (host && *host) {
- status = CERT_VerifyCertName (cert, host);
- } else {
- PR_SetError (SSL_ERROR_BAD_CERT_DOMAIN, 0);
- status = SECFailure;
- }
-
- if (host)
- PR_Free (host);
-
- return secStatus;
-}
-#endif
-
CamelCert *camel_certdb_nss_cert_get (CamelCertDB *certdb, CERTCertificate *cert, const gchar *hostname);
CamelCert *camel_certdb_nss_cert_convert (CamelCertDB *certdb, CERTCertificate *cert);
void camel_certdb_nss_cert_set (CamelCertDB *certdb, CamelCert *ccert, CERTCertificate *cert);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
