summaryrefslogtreecommitdiff
path: root/src/core/network-openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/core/network-openssl.c')
-rw-r--r--src/core/network-openssl.c39
1 files changed, 0 insertions, 39 deletions
diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c
index 4c6b75dd..e28c8c14 100644
--- a/src/core/network-openssl.c
+++ b/src/core/network-openssl.c
@@ -32,11 +32,6 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
-#ifdef HAVE_DANE
-#include <validator/validator.h>
-#include <validator/val_dane.h>
-#endif
-
/* ssl i/o channel object */
typedef struct
{
@@ -207,40 +202,6 @@ static gboolean irssi_ssl_verify(SSL *ssl, SSL_CTX *ctx, const char* hostname, i
{
long result;
-#ifdef HAVE_DANE
- int dane_ret;
- struct val_daneparams daneparams;
- struct val_danestatus *danestatus = NULL;
-
- // Check if a TLSA record is available.
- daneparams.port = port;
- daneparams.proto = DANE_PARAM_PROTO_TCP;
-
- dane_ret = val_getdaneinfo(NULL, hostname, &daneparams, &danestatus);
-
- if (dane_ret == VAL_DANE_NOERROR) {
- signal_emit("tlsa available", 1, server);
- }
-
- if (danestatus != NULL) {
- int do_certificate_check = 1;
-
- if (val_dane_check(NULL, ssl, danestatus, &do_certificate_check) != VAL_DANE_NOERROR) {
- g_warning("DANE: TLSA record for hostname %s port %d could not be verified", hostname, port);
- signal_emit("tlsa verification failed", 1, server);
- val_free_dane(danestatus);
- return FALSE;
- }
-
- signal_emit("tlsa verification success", 1, server);
- val_free_dane(danestatus);
-
- if (do_certificate_check == 0) {
- return TRUE;
- }
- }
-#endif
-
result = SSL_get_verify_result(ssl);
if (result != X509_V_OK) {
g_warning("Could not verify TLS servers certificate: %s", X509_verify_cert_error_string(result));
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-22 18:06:25 +0000