Merge r1546805 from trunk:

SGC became dead in January 2000, effectively
(http://www.gpo.gov/fdsys/pkg/FR-2000-01-14/pdf/00-983.pdf)
Almost 14 years later, there's certainly no longer any need
to spit out some fancy log message.

Submitted by: kbrand
Reviewed by: covener, trawick

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1555787 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index ec5ac5c6963f0749b85cd65400cec9502f55a3c3..d77da480aaf1fa5af08731ed64f84a7bf94993f3 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -98,11 +98,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * mod_ssl: drop obsolete SGC log message (strong crypto for the 1990ies)
-    trunk patch: https://svn.apache.org/r1546805
-    2.4.x patch: trunk patch works
-    +1: kbrand, trawick, covener
-
   * configure: Look for config*.m4 files only in the correct directories.
     trunk patch: https://svn.apache.org/r1542615
     2.4.x patch: trunk patch works

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 59a466b6d4b1d9bf6eedf68b576493082eef5909..8d3cb4e4d298d95cbdc9f1bdab3521971dce7962 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -942,13 +942,6 @@ static void ssl_check_public_cert(server_rec *s,
      * Some information about the certificate(s)
      */
 
-    if (SSL_X509_isSGC(cert)) {
-        ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01905)
-                     "%s server certificate enables "
-                     "Server Gated Cryptography (SGC)",
-                     ssl_asn1_keystr(type));
-    }
-
     if (SSL_X509_getBC(cert, &is_ca, &pathlen)) {
         if (is_ca) {
             ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(01906)

diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index 9f4cfa2c71798d8b2a1878c6d7be98c96e447103..d2e3be366d5c9c5a51d388aa9876e4677840313d 100644 (file)
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -188,29 +188,6 @@ int SSL_smart_shutdown(SSL *ssl)
 **  _________________________________________________________________
 */
 
-/* check whether cert contains extended key usage with a SGC tag */
-BOOL SSL_X509_isSGC(X509 *cert)
-{
-    int ext_nid;
-    EXTENDED_KEY_USAGE *sk;
-    BOOL is_sgc;
-    int i;
-
-    is_sgc = FALSE;
-    sk = X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL);
-    if (sk) {
-        for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
-            ext_nid = OBJ_obj2nid(sk_ASN1_OBJECT_value(sk, i));
-            if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
-                is_sgc = TRUE;
-                break;
-            }
-        }
-    EXTENDED_KEY_USAGE_free(sk);
-    }
-    return is_sgc;
-}
-
 /* retrieve basic constraints ingredients */
 BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
 {

diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h
index 4b882db289f0832c757589b20e00d65c487e2c11..80a7b98ede377e6a49dd709e91a13e640d60f03c 100644 (file)
--- a/modules/ssl/ssl_util_ssl.h
+++ b/modules/ssl/ssl_util_ssl.h
@@ -63,7 +63,6 @@ void        SSL_set_app_data2(SSL *, void *);
 X509       *SSL_read_X509(char *, X509 **, pem_password_cb *);
 EVP_PKEY   *SSL_read_PrivateKey(char *, EVP_PKEY **, pem_password_cb *, void *);
 int         SSL_smart_shutdown(SSL *ssl);
-BOOL        SSL_X509_isSGC(X509 *);
 BOOL        SSL_X509_getBC(X509 *, int *, int *);
 char       *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne);
 char       *SSL_X509_NAME_to_string(apr_pool_t *, X509_NAME *, int);