Reformatting tls.c/tls.h

1388d630 · Robert Dubner · 3f93da6a · 1388d630 · 1388d630
Commit 1388d630 authored Oct 15, 2021 by Robert Dubner
--- a/contrib/slapd-modules/radiusov/tls.c
+++ b/contrib/slapd-modules/radiusov/tls.c
@@ -710,24 +710,6 @@ tls_init_ctx(SSL_CONFIGURATION *conf)
        SSL_CTX_set_cert_store(ctx, certstore);
        }

-    conf->ca_path_last_reload = time(NULL);
-    conf->old_x509_store = NULL;
-
-    /*
-     * Disable reloading of cert store if we're not using CA path
-     */
-    if (!conf->ca_path)
-        {
-        conf->ca_path_reload_interval = 0;
-        }
-
-    if (conf->ca_path_reload_interval > 0 && conf->ca_path_reload_interval < 300)
-        {
-        Debug(  LDAP_DEBUG_ANY,
-                "ca_path_reload_interval is set too low, reset it to 300\n");
-        conf->ca_path_reload_interval = 300;
-        }
-
    /*
     *  We never want SSLv3.
     */
@@ -888,63 +870,6 @@ tls_init_ctx(SSL_CONFIGURATION *conf)
    return ctx;
    }

-#if 0
-void
-tls_establish_default_configuration(TLS_SERVER_CONF *conf)
-    {
-    DENTER;
-    // These values copied from a default FreeRADIUS instance trap at
-    // their tls_init_ctx()
-
-    // char const  *private_key_password;
-    // char const  *private_key_file;
-    // char const  *certificate_file;
-    // char const  *ca_path;
-    // char const  *ca_file;
-    // char const  *dh_file;
-    // int     include_length;
-    // int     file_type;
-    // int     auto_chain;
-    // int     disable_single_dh_use;
-    // int     min_version;
-    // int     max_version;
-    // char const  *tls_min_version;
-    // char const  *tls_max_version;
-    // uint32_t    fragment_size;
-    // int     check_crl;
-    // int     check_all_crl;
-    // uint32_t    ca_path_reload_interval;
-    // uint32_t    ca_path_last_reload;
-    // X509_STORE  *old_x509_store;
-    // char const  *cipher_list;
-    // char const  *ecdh_curve;
-
-    memset(conf,0,sizeof(TLS_SERVER_CONF));
-
-    conf->private_key_password      = "whatever";
-    conf->private_key_file          = "/usr/local/etc/raddb/certs/server.pem";
-    conf->certificate_file          = "/usr/local/etc/raddb/certs/server.pem";
-    conf->ca_path                   = "/usr/local/etc/raddb/certs";
-    conf->ca_file                   = "/usr/local/etc/raddb/certs/ca.pem";
-    conf->dh_file                   = "/usr/local/etc/raddb/certs/dh";
-    conf->file_type                 = (1);
-    conf->auto_chain                = (1);
-    conf->disable_single_dh_use     = (0);
-    conf->min_version               = 0;
-    conf->max_version               = 0;
-    conf->tls_min_version           = "1.2";
-    conf->tls_max_version           = "1.2";
-    conf->fragment_size             = 994;
-    conf->check_crl                 = (0);
-    conf->check_all_crl             = (0);
-    conf->ca_path_reload_interval   = 0;
-    conf->ca_path_last_reload       = 0;
-    conf->old_x509_store            = NULL;
-    conf->cipher_list               = "DEFAULT";
-    conf->ecdh_curve                = "prime256v1";
-    }
-#endif
-
 void
 tls_session_information(STATE *tls_session)
    {

--- a/contrib/slapd-modules/radiusov/tls.h
+++ b/contrib/slapd-modules/radiusov/tls.h
@@ -46,7 +46,6 @@ typedef struct _TLS_INFO
    int     version;
    } TLS_INFO;

-
 typedef struct _SSL_CONFIGURATION
    {
    // This structure is used after creating a new SSL_CTX context, but before
@@ -79,9 +78,6 @@ typedef struct _SSL_CONFIGURATION
    size_t   fragment_size;         // Relevant when using UDP packets, where
    //                              // we have to control packet size

-    size_t ca_path_reload_interval; // In seconds
-    X509_STORE *old_x509_store;     // Persists when creating a new one, so that
-    //                              // race conditions are avoided
    int tls_min_version;            // As of 2021-09-17, probably TLS1_2_VERSION
    int tls_max_version;            // As of 2021-09-17, probably TLS1_3_VERSION
    //                              // or TLS_MAX_VERSION, or zero for "max supported
@@ -94,13 +90,13 @@ typedef struct _SSL_CONFIGURATION
    int check_cert_issuer;
    int check_cert_cn;
    int file_type;                  // Certificate file type; 1 = PEM, 2 = ASN1
-    char *ca_file;            // Certificate Authority file
-    char *ca_path;            // Path to a group of CA files
-    char *certificate_file;   // Path to the primary certificate
-    char *private_key_file;   // Path to the primary certificate's private
+    char *ca_file;                  // Certificate Authority file
+    char *ca_path;                  // Path to a group of CA files
+    char *certificate_file;         // Path to the primary certificate
+    char *private_key_file;         // Path to the primary certificate's private
    //                              // key file
    char *private_key_password;     // Needed when the private key is
-    //                              // Password protected
+    //                              // password protected
    //
    //char *ecdh_curve;
    char *cipher_list;