Changeset adceac0 in mod_gnutls for src/gnutls_hooks.c

Timestamp:

Sep 26, 2018, 3:21:32 PM (2 years ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

debian/master, master, proxy-ticket

Children:

2ec3e54

Parents:

cb6476c

Message:

Remove unneeded server variables "cert_cn" and "cert_san"

"cert_san" wasn't used or assigned at all, "cert_cn" filled but used
only in a redundant check for assignment and a log message that's
better served by the server name of the virtual host.

File:

• src/gnutls_hooks.c (modified) (3 diffs)

src/gnutls_hooks.c

@@ -358 +358 @@
             return -1;
         }
-}
-
-/* Read the common name or the alternative name of the certificate.
- * We only support a single name per certificate.
- *
- * Returns negative on error.
- */
-static int read_crt_cn(server_rec * s, apr_pool_t * p, gnutls_x509_crt_t cert, char **cert_cn) {
-
-    int rv = 0;
-    size_t data_len;
-
-
-    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
-    *cert_cn = NULL;
-
-    data_len = 0;
-    rv = gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, NULL, &data_len);
-
-    if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER && data_len > 1) {
-        *cert_cn = apr_palloc(p, data_len);
-        rv = gnutls_x509_crt_get_dn_by_oid(cert,
-                GNUTLS_OID_X520_COMMON_NAME,
-                0, 0, *cert_cn,
-                &data_len);
-    } else { /* No CN return subject alternative name */
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-                "No common name found in certificate for '%s:%d'. Looking for subject alternative name...",
-                s->server_hostname, s->port);
-        rv = 0;
-        /* read subject alternative name */
-        for (int i = 0; !(rv < 0); i++)
-        {
-            data_len = 0;
-            rv = gnutls_x509_crt_get_subject_alt_name(cert, i,
-                    NULL,
-                    &data_len,
-                    NULL);
-
-            if (rv == GNUTLS_E_SHORT_MEMORY_BUFFER
-                    && data_len > 1) {
-                /* FIXME: not very efficient. What if we have several alt names
-                 * before DNSName?
-                 */
-                *cert_cn = apr_palloc(p, data_len + 1);
-
-                rv = gnutls_x509_crt_get_subject_alt_name
-                        (cert, i, *cert_cn, &data_len, NULL);
-                (*cert_cn)[data_len] = 0;
-
-                if (rv == GNUTLS_SAN_DNSNAME)
-                    break;
-            }
-        }
-    }
-
-    return rv;
 }
 
@@ -752 +695 @@
         }
 
-        if (sc->enabled == GNUTLS_ENABLED_TRUE) {
-            rv = -1;
-            if (sc->certs_x509_chain_num > 0) {
-                rv = read_crt_cn(s, pconf, sc->certs_x509_crt_chain[0], &sc->cert_cn);
-            }
-
-            if (rv < 0) {
-                ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
-                                                        "GnuTLS: Cannot find a certificate for host '%s:%d'!",
-                                                        s->server_hostname, s->port);
-                sc->cert_cn = NULL;
-                continue;
-            }
-        }
-
         if (sc->enabled == GNUTLS_ENABLED_TRUE
             && sc->proxy_enabled == GNUTLS_ENABLED_TRUE
@@ -956 +884 @@
             &gnutls_module);
 
-    if (tsc->enabled != GNUTLS_ENABLED_TRUE || tsc->cert_cn == NULL) {
+    if (tsc->enabled != GNUTLS_ENABLED_TRUE) {
         return 0;
     }