From 8469c19270941aeadaeb25fb42c1b92a6a65e0a0 Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Thu, 13 Sep 2012 11:25:07 +0000 Subject: [PATCH] apache mod_ssl SSL_CVERIFY* flags will be taken care of in caNl --- org.gridsite.core/src/canl_mod_gridsite.c | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/org.gridsite.core/src/canl_mod_gridsite.c b/org.gridsite.core/src/canl_mod_gridsite.c index 6ace057..1d265d3 100644 --- a/org.gridsite.core/src/canl_mod_gridsite.c +++ b/org.gridsite.core/src/canl_mod_gridsite.c @@ -104,7 +104,7 @@ #include -#include "mod_ssl-private.h" +#include "canl_mod_ssl-private.h" #include "gridsite.h" @@ -3458,35 +3458,9 @@ int GRST_callback_SSLVerify_wrapper(int ok, X509_STORE_CTX *ctx) int errnum = X509_STORE_CTX_get_error(ctx); int errdepth = X509_STORE_CTX_get_error_depth(ctx); int returned_ok; -#if AP_MODULE_MAGIC_AT_LEAST(20051115,0) - SSLSrvConfigRec *sc = (SSLSrvConfigRec *) ap_get_module_config(s->module_config, &ssl_module); - modssl_ctx_t *mctx = sslconn->is_proxy ? SSLSrvConfigRec_proxy(sc) : SSLSrvConfigRec_server(sc); - int verify; -#endif STACK_OF(X509) *certstack; GRSTx509Chain *grst_chain; -#if AP_MODULE_MAGIC_AT_LEAST(20051115,0) - /* - * Check for optionally acceptable non-verifiable issuer situation - */ - verify = mctx->auth.verify_mode; - - /* TODO MP Could it be done by caNl callback? Is this necessary?*/ - if (ssl_verify_error_is_optional(errnum) && - (verify == SSL_CVERIFY_OPTIONAL_NO_CA)) - { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, - "Certificate Verification: Verifiable Issuer is " - "configured as optional, therefore we're accepting " - "the certificate"); - - sslconn->verify_info = "GENEROUS"; - ok = TRUE; - } - -#endif - /* * GSI Proxy user-cert-as-CA handling: * we skip Invalid CA errors at this stage, since we will check this -- 1.8.2.3