From 9b5d3559fd8b201d62359c027b3c15faccdcce14 Mon Sep 17 00:00:00 2001 From: manuel Date: Fri, 1 Feb 2019 15:09:51 +0100 Subject: Remove client certificate left overs --- qmail-smtpd.8 | 12 ------------ qmail-smtpd.c | 12 ------------ 2 files changed, 24 deletions(-) diff --git a/qmail-smtpd.8 b/qmail-smtpd.8 index 5920dd9..849599c 100644 --- a/qmail-smtpd.8 +++ b/qmail-smtpd.8 @@ -123,18 +123,6 @@ control file but is read only if the environment variable is not set. For more information, please have a look at doc/README.qregex. -.TP 5 -.I clientca.pem -A list of Certifying Authority (CA) certificates that are used to verify -the client-presented certificates during a TLS-encrypted session. - -.TP 5 -.I clientcrl.pem -A list of Certificate Revocation Lists (CRLs). If present it -should contain the CRLs of the CAs in -.I clientca.pem -and client certs will be checked for revocation. - .TP 5 .I badrcptto Unacceptable envelope recipient addresses. diff --git a/qmail-smtpd.c b/qmail-smtpd.c index 8ae6af3..b2c0263 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c @@ -68,8 +68,6 @@ char *relayclient; # include "tls.h" # include "ssl_timeoutio.h" -# define CLIENTCA "control/clientca.pem" -# define CLIENTCRL "control/clientcrl.pem" # define SERVERCERT "control/servercert.pem" void tls_init(); @@ -1441,16 +1439,6 @@ void tls_init() if (!SSL_CTX_use_certificate_chain_file(ctx, servercert)) { SSL_CTX_free(ctx); tls_err("missing certificate"); return; } - SSL_CTX_load_verify_locations(ctx, CLIENTCA, NULL); - -#if OPENSSL_VERSION_NUMBER >= 0x00907000L - /* crl checking */ - store = SSL_CTX_get_cert_store(ctx); - if ((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) && - (X509_load_crl_file(lookup, CLIENTCRL, X509_FILETYPE_PEM) == 1)) - X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | - X509_V_FLAG_CRL_CHECK_ALL); -#endif /* set the callback here; SSL_set_verify didn't work before 0.9.6c */ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_cb); -- cgit v1.2.3