From: op <op@openbsd.org>
Date: Sun, 18 Jun 2023 19:08:52 +0000 (+0000)
Subject: remove ca_verify_cb().  was initially used for debugging, then the
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e723f96065578fe517f66e0f4c59e350eb920bc8;p=openbsd

remove ca_verify_cb().  was initially used for debugging, then the
logging went away but the no-op callback remained.

noticed by tb@
---

diff --git a/usr.sbin/smtpd/ca.c b/usr.sbin/smtpd/ca.c
index 5c163ef70b1..ccbcb10e307 100644
--- a/usr.sbin/smtpd/ca.c
+++ b/usr.sbin/smtpd/ca.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ca.c,v 1.44 2023/06/18 11:43:49 op Exp $	*/
+/*	$OpenBSD: ca.c,v 1.45 2023/06/18 19:08:52 op Exp $	*/
 
 /*
  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
@@ -29,8 +29,6 @@
 #include "log.h"
 #include "ssl.h"
 
-static int	 ca_verify_cb(int, X509_STORE_CTX *);
-
 static int	 rsae_send_imsg(int, const unsigned char *, unsigned char *,
 		    RSA *, int, unsigned int);
 static int	 rsae_pub_enc(int, const unsigned char *, unsigned char *,
@@ -152,26 +150,6 @@ ca_init(void)
 	}
 }
 
-static int
-ca_verify_cb(int ok, X509_STORE_CTX *ctx)
-{
-	switch (X509_STORE_CTX_get_error(ctx)) {
-	case X509_V_OK:
-		break;
-        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-		break;
-        case X509_V_ERR_CERT_NOT_YET_VALID:
-        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-		break;
-        case X509_V_ERR_CERT_HAS_EXPIRED:
-        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-		break;
-        case X509_V_ERR_NO_EXPLICIT_POLICY:
-		break;
-	}
-	return ok;
-}
-
 int
 ca_X509_verify(void *certificate, void *chain, const char *CAfile,
     const char *CRLfile, const char **errstr)
@@ -196,8 +174,6 @@ ca_X509_verify(void *certificate, void *chain, const char *CAfile,
 	if (X509_STORE_CTX_init(xsc, store, certificate, chain) != 1)
 		goto end;
 
-	X509_STORE_CTX_set_verify_cb(xsc, ca_verify_cb);
-
 	ret = X509_verify_cert(xsc);
 
 end: