[tor-commits] [tor/master] Remove tor_tls_check_lifetime as unused.

nickm at torproject.org nickm at torproject.org
Wed Sep 5 00:47:14 UTC 2018 

commit 59c1b34b72ec6c55ca4de0c56a9be3da3d1c3e08
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Sep 4 12:09:43 2018 -0400

    Remove tor_tls_check_lifetime as unused.
    
    Everything that might have used it, uses tor_tls_cert_is_valid() instead.
---
 src/lib/tls/tortls.c           | 32 --------------------------------
 src/lib/tls/tortls.h           |  4 ----
 src/test/test_tortls_openssl.c | 40 ----------------------------------------
 3 files changed, 76 deletions(-)

diff --git a/src/lib/tls/tortls.c b/src/lib/tls/tortls.c
index edf421b4d..64c26f7e1 100644
--- a/src/lib/tls/tortls.c
+++ b/src/lib/tls/tortls.c
@@ -433,35 +433,3 @@ tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity)
 
   return rv;
 }
-
-/** Check whether the certificate set on the connection <b>tls</b> is expired
- * give or take <b>past_tolerance</b> seconds, or not-yet-valid give or take
- * <b>future_tolerance</b> seconds. Return 0 for valid, -1 for failure.
- *
- * NOTE: you should call tor_tls_verify before tor_tls_check_lifetime.
- */
-int
-tor_tls_check_lifetime(int severity, tor_tls_t *tls,
-                       time_t now,
-                       int past_tolerance, int future_tolerance)
-{
-  tor_x509_cert_t *cert;
-  int r = -1;
-
-  if (!(cert = tor_tls_get_peer_cert(tls)))
-    goto done;
-
-  if (tor_x509_check_cert_lifetime_internal(severity, cert->cert, now,
-                                            past_tolerance,
-                                            future_tolerance) < 0)
-    goto done;
-
-  r = 0;
- done:
-  tor_x509_cert_free(cert);
-#ifdef ENABLE_OPENSSL
-  tls_log_errors(tls, LOG_WARN, LD_NET, "checking certificate lifetime");
-#endif
-
-  return r;
-}
diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h
index a8bc7370a..459192708 100644
--- a/src/lib/tls/tortls.h
+++ b/src/lib/tls/tortls.h
@@ -100,10 +100,6 @@ int tor_tls_peer_has_cert(tor_tls_t *tls);
 MOCK_DECL(struct tor_x509_cert_t *,tor_tls_get_peer_cert,(tor_tls_t *tls));
 MOCK_DECL(struct tor_x509_cert_t *,tor_tls_get_own_cert,(tor_tls_t *tls));
 int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity);
-int tor_tls_check_lifetime(int severity,
-                           tor_tls_t *tls, time_t now,
-                           int past_tolerance,
-                           int future_tolerance);
 MOCK_DECL(int, tor_tls_read, (tor_tls_t *tls, char *cp, size_t len));
 int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);
 int tor_tls_handshake(tor_tls_t *tls);
diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c
index b7e28f376..3ae0f04b7 100644
--- a/src/test/test_tortls_openssl.c
+++ b/src/test/test_tortls_openssl.c
@@ -961,45 +961,6 @@ test_tortls_verify(void *ignored)
 #endif /* !defined(OPENSSL_OPAQUE) */
 
 #ifndef OPENSSL_OPAQUE
-static void
-test_tortls_check_lifetime(void *ignored)
-{
-  (void)ignored;
-  int ret;
-  tor_tls_t *tls;
-  X509 *validCert = read_cert_from(validCertString);
-  time_t now = time(NULL);
-
-  tls = tor_malloc_zero(sizeof(tor_tls_t));
-  ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), 0, 0);
-  tt_int_op(ret, OP_EQ, -1);
-
-  tls->ssl = tor_malloc_zero(sizeof(SSL));
-  tls->ssl->session = tor_malloc_zero(sizeof(SSL_SESSION));
-  tls->ssl->session->peer = validCert;
-  ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), 0, 0);
-  tt_int_op(ret, OP_EQ, 0);
-
-  ASN1_STRING_free(validCert->cert_info->validity->notBefore);
-  validCert->cert_info->validity->notBefore = ASN1_TIME_set(NULL, now-10);
-  ASN1_STRING_free(validCert->cert_info->validity->notAfter);
-  validCert->cert_info->validity->notAfter = ASN1_TIME_set(NULL, now+60);
-
-  ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), 0, -1000);
-  tt_int_op(ret, OP_EQ, -1);
-
-  ret = tor_tls_check_lifetime(LOG_WARN, tls, time(NULL), -1000, 0);
-  tt_int_op(ret, OP_EQ, -1);
-
- done:
-  tor_free(tls->ssl->session);
-  tor_free(tls->ssl);
-  tor_free(tls);
-  X509_free(validCert);
-}
-#endif /* !defined(OPENSSL_OPAQUE) */
-
-#ifndef OPENSSL_OPAQUE
 static int fixed_ssl_pending_result = 0;
 
 static int
@@ -2469,7 +2430,6 @@ struct testcase_t tortls_openssl_tests[] = {
   INTRUSIVE_TEST_CASE(classify_client_ciphers, 0),
   LOCAL_TEST_CASE(client_is_using_v2_ciphers, 0),
   INTRUSIVE_TEST_CASE(verify, 0),
-  INTRUSIVE_TEST_CASE(check_lifetime, 0),
   INTRUSIVE_TEST_CASE(get_pending_bytes, 0),
   INTRUSIVE_TEST_CASE(SSL_SESSION_get_master_key, 0),
   INTRUSIVE_TEST_CASE(get_tlssecrets, 0),

More information about the tor-commits mailing list