From 55282fa20f46c193bd4a89ad5bcd048048a8734d Mon Sep 17 00:00:00 2001
From: Michael Paquier <michael@paquier.xyz>
Date: Sat, 28 Sep 2019 15:22:49 +0900
Subject: [PATCH] Remove code relevant to OpenSSL 0.9.6 in
 be/fe-secure-openssl.c

HEAD supports OpenSSL 0.9.8 and newer versions, and this code likely got
forgotten as its surrounding comments mention an incorrect version
number.

Author: Michael Paquier
Reviewed-by: Peter Eisentraut
Discussion: https://postgr.es/m/20190927032311.GB8485@paquier.xyz
---
 src/backend/libpq/be-secure-openssl.c    |  9 ---------
 src/interfaces/libpq/fe-secure-openssl.c | 12 ------------
 2 files changed, 21 deletions(-)

diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index c97c811e63..a0ae5c5046 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -269,17 +269,8 @@ be_tls_init(bool isServerStart)
 			/* Set the flags to check against the complete CRL chain */
 			if (X509_STORE_load_locations(cvstore, ssl_crl_file, NULL) == 1)
 			{
-				/* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
-#ifdef X509_V_FLAG_CRL_CHECK
 				X509_STORE_set_flags(cvstore,
 									 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
-#else
-				ereport(LOG,
-						(errcode(ERRCODE_CONFIG_FILE_ERROR),
-						 errmsg("SSL certificate revocation list file \"%s\" ignored",
-								ssl_crl_file),
-						 errdetail("SSL library does not support certificate revocation lists.")));
-#endif
 			}
 			else
 			{
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
index c8b8d07039..c8dddfb5fd 100644
--- a/src/interfaces/libpq/fe-secure-openssl.c
+++ b/src/interfaces/libpq/fe-secure-openssl.c
@@ -869,20 +869,8 @@ initialize_SSL(PGconn *conn)
 			if (fnbuf[0] != '\0' &&
 				X509_STORE_load_locations(cvstore, fnbuf, NULL) == 1)
 			{
-				/* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
-#ifdef X509_V_FLAG_CRL_CHECK
 				X509_STORE_set_flags(cvstore,
 									 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
-#else
-				char	   *err = SSLerrmessage(ERR_get_error());
-
-				printfPQExpBuffer(&conn->errorMessage,
-								  libpq_gettext("SSL library does not support CRL certificates (file \"%s\")\n"),
-								  fnbuf);
-				SSLerrfree(err);
-				SSL_CTX_free(SSL_context);
-				return -1;
-#endif
 			}
 			/* if not found, silently ignore;  we do not require CRL */
 			ERR_clear_error();
-- 
2.40.0