2 files changed, 0 insertions, 24 deletions

diff --git a/qmail-smtpd.8 b/qmail-smtpd.8
index 5920dd9..849599c 100644
--- a/qmail-smtpd.8
+++ b/qmail-smtpd.8
@@ -124,18 +124,6 @@ environment variable is not set.
 For more information, please have a look at doc/README.qregex.
 
 .TP 5
-.I clientca.pem
-A list of Certifying Authority (CA) certificates that are used to verify
-the client-presented certificates during a TLS-encrypted session.
-
-.TP 5
-.I clientcrl.pem
-A list of Certificate Revocation Lists (CRLs). If present it
-should contain the CRLs of the CAs in 
-.I clientca.pem 
-and client certs will be checked for revocation.
-
-.TP 5
 .I badrcptto
 Unacceptable envelope recipient addresses.
 .B qmail-smtpd
diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 8ae6af3..b2c0263 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -68,8 +68,6 @@ char *relayclient;
 # include "tls.h"
 # include "ssl_timeoutio.h"
 
-# define CLIENTCA "control/clientca.pem"
-# define CLIENTCRL "control/clientcrl.pem"
 # define SERVERCERT "control/servercert.pem"
 
 void tls_init();
@@ -1441,16 +1439,6 @@ void tls_init()
 
   if (!SSL_CTX_use_certificate_chain_file(ctx, servercert))
     { SSL_CTX_free(ctx); tls_err("missing certificate"); return; }
-  SSL_CTX_load_verify_locations(ctx, CLIENTCA, NULL);
-
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-  /* crl checking */
-  store = SSL_CTX_get_cert_store(ctx);
-  if ((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) &&
-      (X509_load_crl_file(lookup, CLIENTCRL, X509_FILETYPE_PEM) == 1))
-    X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK |
-                                X509_V_FLAG_CRL_CHECK_ALL);
-#endif
 
   /* set the callback here; SSL_set_verify didn't work before 0.9.6c */
   SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_cb);