From 9b5d3559fd8b201d62359c027b3c15faccdcce14 Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Fri, 1 Feb 2019 15:09:51 +0100
Subject: Remove client certificate left overs

---
 qmail-smtpd.c | 12 ------------
 1 file changed, 12 deletions(-)

(limited to 'qmail-smtpd.c')

diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 8ae6af3..b2c0263 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -68,8 +68,6 @@ char *relayclient;
 # include "tls.h"
 # include "ssl_timeoutio.h"
 
-# define CLIENTCA "control/clientca.pem"
-# define CLIENTCRL "control/clientcrl.pem"
 # define SERVERCERT "control/servercert.pem"
 
 void tls_init();
@@ -1441,16 +1439,6 @@ void tls_init()
 
   if (!SSL_CTX_use_certificate_chain_file(ctx, servercert))
     { SSL_CTX_free(ctx); tls_err("missing certificate"); return; }
-  SSL_CTX_load_verify_locations(ctx, CLIENTCA, NULL);
-
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-  /* crl checking */
-  store = SSL_CTX_get_cert_store(ctx);
-  if ((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())) &&
-      (X509_load_crl_file(lookup, CLIENTCRL, X509_FILETYPE_PEM) == 1))
-    X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK |
-                                X509_V_FLAG_CRL_CHECK_ALL);
-#endif
 
   /* set the callback here; SSL_set_verify didn't work before 0.9.6c */
   SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_cb);
-- 
cgit v1.2.3