From 55282fa20f46c193bd4a89ad5bcd048048a8734d Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Sat, 28 Sep 2019 15:22:49 +0900 Subject: Remove code relevant to OpenSSL 0.9.6 in be/fe-secure-openssl.c HEAD supports OpenSSL 0.9.8 and newer versions, and this code likely got forgotten as its surrounding comments mention an incorrect version number. Author: Michael Paquier Reviewed-by: Peter Eisentraut Discussion: https://postgr.es/m/20190927032311.GB8485@paquier.xyz --- src/backend/libpq/be-secure-openssl.c | 9 --------- 1 file changed, 9 deletions(-) (limited to 'src/backend/libpq/be-secure-openssl.c') diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c index c97c811e63a..a0ae5c5046c 100644 --- a/src/backend/libpq/be-secure-openssl.c +++ b/src/backend/libpq/be-secure-openssl.c @@ -269,17 +269,8 @@ be_tls_init(bool isServerStart) /* Set the flags to check against the complete CRL chain */ if (X509_STORE_load_locations(cvstore, ssl_crl_file, NULL) == 1) { - /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */ -#ifdef X509_V_FLAG_CRL_CHECK X509_STORE_set_flags(cvstore, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); -#else - ereport(LOG, - (errcode(ERRCODE_CONFIG_FILE_ERROR), - errmsg("SSL certificate revocation list file \"%s\" ignored", - ssl_crl_file), - errdetail("SSL library does not support certificate revocation lists."))); -#endif } else { -- cgit v1.2.3