aboutsummaryrefslogtreecommitdiff
path: root/src/backend/libpq/be-secure-openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend/libpq/be-secure-openssl.c')
-rw-r--r--src/backend/libpq/be-secure-openssl.c78
1 files changed, 0 insertions, 78 deletions
diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index c6cc681b2e7..72e43af3537 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -27,7 +27,6 @@
#include <netinet/tcp.h>
#include <arpa/inet.h>
-#include "common/int.h"
#include "common/string.h"
#include "libpq/libpq.h"
#include "miscadmin.h"
@@ -37,7 +36,6 @@
#include "tcop/tcopprot.h"
#include "utils/builtins.h"
#include "utils/memutils.h"
-#include "utils/timestamp.h"
/*
* These SSL-related #includes must come after all system-provided headers.
@@ -74,7 +72,6 @@ static bool initialize_ecdh(SSL_CTX *context, bool isServerStart);
static const char *SSLerrmessage(unsigned long ecode);
static char *X509_NAME_to_cstring(X509_NAME *name);
-static TimestampTz ASN1_TIME_to_timestamptz(ASN1_TIME *time);
static SSL_CTX *SSL_context = NULL;
static bool SSL_initialized = false;
@@ -1434,24 +1431,6 @@ be_tls_get_peer_issuer_name(Port *port, char *ptr, size_t len)
}
void
-be_tls_get_peer_not_before(Port *port, TimestampTz *ptr)
-{
- if (port->peer)
- *ptr = ASN1_TIME_to_timestamptz(X509_get_notBefore(port->peer));
- else
- *ptr = 0;
-}
-
-void
-be_tls_get_peer_not_after(Port *port, TimestampTz *ptr)
-{
- if (port->peer)
- *ptr = ASN1_TIME_to_timestamptz(X509_get_notAfter(port->peer));
- else
- *ptr = 0;
-}
-
-void
be_tls_get_peer_serial(Port *port, char *ptr, size_t len)
{
if (port->peer)
@@ -1595,63 +1574,6 @@ X509_NAME_to_cstring(X509_NAME *name)
}
/*
- * Convert an ASN1_TIME to a Timestamptz. OpenSSL 1.0.2 doesn't expose a function
- * to convert an ASN1_TIME to a tm struct, it's only available in 1.1.1 and
- * onwards. Instead we can ask for the difference between the ASN1_TIME and a
- * known timestamp and get the actual timestamp that way. Until support for
- * OpenSSL 1.0.2 is retired we have to do it this way.
- */
-static TimestampTz
-ASN1_TIME_to_timestamptz(ASN1_TIME *ASN1_cert_ts)
-{
- int days;
- int seconds;
- const char postgres_epoch[] = "20000101000000Z";
- ASN1_TIME *ASN1_epoch;
- int64 result_days;
- int64 result_seconds;
- int64 result;
-
- /* Create an epoch to compare against */
- ASN1_epoch = ASN1_TIME_new();
- if (!ASN1_epoch)
- ereport(ERROR,
- (errcode(ERRCODE_OUT_OF_MEMORY),
- errmsg("could not allocate memory for ASN1 TIME structure")));
-
- /*
- * Calculate the diff from the epoch to the certificate timestamp.
- * POSTGRES_EPOCH_JDATE cannot be used here since OpenSSL needs an epoch
- * in the ASN.1 format.
- */
- if (!ASN1_TIME_set_string(ASN1_epoch, postgres_epoch) ||
- !ASN1_TIME_diff(&days, &seconds, ASN1_epoch, ASN1_cert_ts))
- ereport(ERROR,
- (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
- errmsg("failed to read certificate validity")));
-
- /*
- * Unlike when freeing other OpenSSL memory structures, there is no error
- * return on freeing ASN1 strings.
- */
- ASN1_TIME_free(ASN1_epoch);
-
- /*
- * Convert the reported date into usecs to be used as a TimestampTz. The
- * date should really not overflow an int64 but rather than trusting the
- * certificate we take overflow into consideration.
- */
- if (pg_mul_s64_overflow(days, USECS_PER_DAY, &result_days) ||
- pg_mul_s64_overflow(seconds, USECS_PER_SEC, &result_seconds) ||
- pg_add_s64_overflow(result_seconds, result_days, &result))
- {
- return 0;
- }
-
- return result;
-}
-
-/*
* Convert TLS protocol version GUC enum to OpenSSL values
*
* This is a straightforward one-to-one mapping, but doing it this way makes