diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/tls/tortls.c | 32 | ||||
-rw-r--r-- | src/lib/tls/tortls.h | 4 | ||||
-rw-r--r-- | src/test/test_tortls_openssl.c | 40 |
3 files changed, 0 insertions, 76 deletions
diff --git a/src/lib/tls/tortls.c b/src/lib/tls/tortls.c index edf421b4db..64c26f7e14 100644 --- a/src/lib/tls/tortls.c +++ b/src/lib/tls/tortls.c @@ -433,35 +433,3 @@ tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity) return rv; } - -/** Check whether the certificate set on the connection <b>tls</b> is expired - * give or take <b>past_tolerance</b> seconds, or not-yet-valid give or take - * <b>future_tolerance</b> seconds. Return 0 for valid, -1 for failure. - * - * NOTE: you should call tor_tls_verify before tor_tls_check_lifetime. - */ -int -tor_tls_check_lifetime(int severity, tor_tls_t *tls, - time_t now, - int past_tolerance, int future_tolerance) -{ - tor_x509_cert_t *cert; - int r = -1; - - if (!(cert = tor_tls_get_peer_cert(tls))) - goto done; - - if (tor_x509_check_cert_lifetime_internal(severity, cert->cert, now, - past_tolerance, - future_tolerance) < 0) - goto done; - - r = 0; - done: - tor_x509_cert_free(cert); -#ifdef ENABLE_OPENSSL - tls_log_errors(tls, LOG_WARN, LD_NET, "checking certificate lifetime"); -#endif - - return r; -} diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h index a8bc7370a7..4591927081 100644 --- a/src/lib/tls/tortls.h +++ b/src/lib/tls/tortls.h @@ -100,10 +100,6 @@ int tor_tls_peer_has_cert(tor_tls_t *tls); MOCK_DECL(struct tor_x509_cert_t *,tor_tls_get_peer_cert,(tor_tls_t *tls)); MOCK_DECL(struct tor_x509_cert_t *,tor_tls_get_own_cert,(tor_tls_t *tls)); int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity); -int tor_tls_check_lifetime(int severity, - tor_tls_t *tls, time_t now, - int past_tolerance, - int future_tolerance); MOCK_DECL(int, tor_tls_read, (tor_tls_t *tls, char *cp, size_t len)); int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n); int tor_tls_handshake(tor_tls_t *tls); diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c index b7e28f3768..3ae0f04b7d 100644 --- a/src/test/test_tortls_openssl.c +++ b/src/test/test_tortls_openssl.c @@ -961,45 +961,6 @@ test_tortls_verify(void *ignored) #endif /* !defined(OPENSSL_OPAQUE) */ #ifndef OPENSSL_OPAQUE -static void -test_tortls_check_lifetime(void *ignored) -{ - (void)ignored; - int ret; - tor_tls_t *tls; - X509 *validCert = read_cert_from(validCertString); - time_t now = time(NULL); - - tls = tor_malloc_zero(sizeof(tor_tls_t)); - ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), 0, 0); - tt_int_op(ret, OP_EQ, -1); - - tls->ssl = tor_malloc_zero(sizeof(SSL)); - tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION)); - tls->ssl->session->peer = validCert; - ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), 0, 0); - tt_int_op(ret, OP_EQ, 0); - - ASN1_STRING_free(validCert->cert_info->validity->notBefore); - validCert->cert_info->validity->notBefore = ASN1_TIME_set(NULL, now-10); - ASN1_STRING_free(validCert->cert_info->validity->notAfter); - validCert->cert_info->validity->notAfter = ASN1_TIME_set(NULL, now+60); - - ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), 0, -1000); - tt_int_op(ret, OP_EQ, -1); - - ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), -1000, 0); - tt_int_op(ret, OP_EQ, -1); - - done: - tor_free(tls->ssl->session); - tor_free(tls->ssl); - tor_free(tls); - X509_free(validCert); -} -#endif /* !defined(OPENSSL_OPAQUE) */ - -#ifndef OPENSSL_OPAQUE static int fixed_ssl_pending_result = 0; static int @@ -2469,7 +2430,6 @@ struct testcase_t tortls_openssl_tests[] = { INTRUSIVE_TEST_CASE(classify_client_ciphers, 0), LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0), INTRUSIVE_TEST_CASE(verify, 0), - INTRUSIVE_TEST_CASE(check_lifetime, 0), INTRUSIVE_TEST_CASE(get_pending_bytes, 0), INTRUSIVE_TEST_CASE(SSL_SESSION_get_master_key, 0), INTRUSIVE_TEST_CASE(get_tlssecrets, 0), |