aboutsummaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2018-09-04 12:09:43 -0400
committerNick Mathewson <nickm@torproject.org>2018-09-04 14:52:35 -0400
commit59c1b34b72ec6c55ca4de0c56a9be3da3d1c3e08 (patch)
tree7a0a83bb4af3ab70a32892659da41e8ef640bb4b /src/lib
parent3cdf0497f9672bc281b0aac2606123249d7b9ddc (diff)
downloadtor-59c1b34b72ec6c55ca4de0c56a9be3da3d1c3e08.tar.gz
tor-59c1b34b72ec6c55ca4de0c56a9be3da3d1c3e08.zip
Remove tor_tls_check_lifetime as unused.
Everything that might have used it, uses tor_tls_cert_is_valid() instead.
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/tls/tortls.c32
-rw-r--r--src/lib/tls/tortls.h4
2 files changed, 0 insertions, 36 deletions
diff --git a/src/lib/tls/tortls.c b/src/lib/tls/tortls.c
index edf421b4db..64c26f7e14 100644
--- a/src/lib/tls/tortls.c
+++ b/src/lib/tls/tortls.c
@@ -433,35 +433,3 @@ tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity)
return rv;
}
-
-/** Check whether the certificate set on the connection <b>tls</b> is expired
- * give or take <b>past_tolerance</b> seconds, or not-yet-valid give or take
- * <b>future_tolerance</b> seconds. Return 0 for valid, -1 for failure.
- *
- * NOTE: you should call tor_tls_verify before tor_tls_check_lifetime.
- */
-int
-tor_tls_check_lifetime(int severity, tor_tls_t *tls,
- time_t now,
- int past_tolerance, int future_tolerance)
-{
- tor_x509_cert_t *cert;
- int r = -1;
-
- if (!(cert = tor_tls_get_peer_cert(tls)))
- goto done;
-
- if (tor_x509_check_cert_lifetime_internal(severity, cert->cert, now,
- past_tolerance,
- future_tolerance) < 0)
- goto done;
-
- r = 0;
- done:
- tor_x509_cert_free(cert);
-#ifdef ENABLE_OPENSSL
- tls_log_errors(tls, LOG_WARN, LD_NET, "checking certificate lifetime");
-#endif
-
- return r;
-}
diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h
index a8bc7370a7..4591927081 100644
--- a/src/lib/tls/tortls.h
+++ b/src/lib/tls/tortls.h
@@ -100,10 +100,6 @@ int tor_tls_peer_has_cert(tor_tls_t *tls);
MOCK_DECL(struct tor_x509_cert_t *,tor_tls_get_peer_cert,(tor_tls_t *tls));
MOCK_DECL(struct tor_x509_cert_t *,tor_tls_get_own_cert,(tor_tls_t *tls));
int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
-int tor_tls_check_lifetime(int severity,
- tor_tls_t *tls, time_t now,
- int past_tolerance,
- int future_tolerance);
MOCK_DECL(int, tor_tls_read, (tor_tls_t *tls, char *cp, size_t len));
int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);
int tor_tls_handshake(tor_tls_t *tls);
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion