[glib-networking/mcatanzaro/openssl-ocsp] openssl: remove version guards around OCSP code

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking/mcatanzaro/openssl-ocsp] openssl: remove version guards around OCSP code
Date: Thu, 16 Dec 2021 14:19:34 +0000 (UTC)

commit 809e76326185b77833da94b7274d7404c5cb36ed
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Thu Dec 16 08:18:54 2021 -0600

    openssl: remove version guards around OCSP code
    
    OpenSSL's OCSP support is quite old now.

 tls/openssl/gtlsclientconnection-openssl.c | 4 ----
 tls/openssl/gtlsdatabase-openssl.c         | 4 ----
 tls/openssl/openssl-include.h              | 2 --
 3 files changed, 10 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 40f85785..2fc8149f 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -213,7 +213,6 @@ static GTlsCertificateFlags
 verify_ocsp_response (GTlsClientConnectionOpenssl *openssl,
                       GTlsCertificate             *peer_certificate)
 {
-#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
   SSL *ssl = NULL;
   OCSP_RESPONSE *resp = NULL;
   GTlsDatabase *database;
@@ -242,9 +241,6 @@ verify_ocsp_response (GTlsClientConnectionOpenssl *openssl,
   return g_tls_database_openssl_verify_ocsp_response (G_TLS_DATABASE_OPENSSL (database),
                                                       peer_certificate,
                                                       resp);
-#else
-  return 0;
-#endif
 }
 
 static GTlsCertificateFlags
diff --git a/tls/openssl/gtlsdatabase-openssl.c b/tls/openssl/gtlsdatabase-openssl.c
index 6ae34958..e7a7ef9a 100644
--- a/tls/openssl/gtlsdatabase-openssl.c
+++ b/tls/openssl/gtlsdatabase-openssl.c
@@ -348,7 +348,6 @@ g_tls_database_openssl_new (GError **error)
   return g_initable_new (G_TYPE_TLS_DATABASE_OPENSSL, NULL, error, NULL);
 }
 
-#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
 static gboolean
 check_for_ocsp_must_staple (X509 *cert)
 {
@@ -371,7 +370,6 @@ check_for_ocsp_must_staple (X509 *cert)
   sk_ASN1_INTEGER_pop_free (features, ASN1_INTEGER_free);
   return FALSE;
 }
-#endif
 
 GTlsCertificateFlags
 g_tls_database_openssl_verify_ocsp_response (GTlsDatabaseOpenssl *self,
@@ -379,7 +377,6 @@ g_tls_database_openssl_verify_ocsp_response (GTlsDatabaseOpenssl *self,
                                              OCSP_RESPONSE       *resp)
 {
   GTlsCertificateFlags errors = 0;
-#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
   GTlsDatabaseOpensslPrivate *priv;
   STACK_OF(X509) *chain_openssl = NULL;
   OCSP_BASICRESP *basic_resp = NULL;
@@ -481,6 +478,5 @@ end:
   if (resp)
     OCSP_RESPONSE_free (resp);
 
-#endif
   return errors;
 }
diff --git a/tls/openssl/openssl-include.h b/tls/openssl/openssl-include.h
index 408d9ddd..6dc65162 100644
--- a/tls/openssl/openssl-include.h
+++ b/tls/openssl/openssl-include.h
@@ -51,6 +51,4 @@
 #include <openssl/x509_vfy.h>
 #include <openssl/x509v3.h>
 #include <openssl/crypto.h>
-#if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP)
 #include <openssl/ocsp.h>
-#endif

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]