Return-Path: 
 <cvs-return-49101-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-cvs-archive@www.apache.org
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D7449104B8
	for <apmail-httpd-cvs-archive@www.apache.org>;
 Sun,  1 Dec 2013 11:58:08 +0000 (UTC)
Received: (qmail 94286 invoked by uid 500); 1 Dec 2013 11:58:06 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 94151 invoked by uid 500); 1 Dec 2013 11:58:05 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 94139 invoked by uid 99); 1 Dec 2013 11:58:04 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 01 Dec 2013 11:58:04 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED,T_FRT_SLUT
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 01 Dec 2013 11:58:02 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id B0A78238889B;
	Sun,  1 Dec 2013 11:57:42 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1546805 - in /httpd/httpd/trunk/modules/ssl:
 ssl_engine_init.c
 ssl_util_ssl.c ssl_util_ssl.h
Date: Sun, 01 Dec 2013 11:57:42 -0000
To: cvs@httpd.apache.org
From: kbrand@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20131201115742.B0A78238889B@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: kbrand
Date: Sun Dec  1 11:57:42 2013
New Revision: 1546805

URL: http://svn.apache.org/r1546805
Log:
SGC became dead in January 2000, effectively
(http://www.gpo.gov/fdsys/pkg/FR-2000-01-14/pdf/00-983.pdf)
Almost 14 years later, there's certainly no longer any need
to spit out some fancy log message.

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
    httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
    httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1546805&r1=1546804&r2=1546805&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Sun Dec  1 11:57:42 2013
@@ -959,13 +959,6 @@ static void ssl_check_public_cert(server
      * Some information about the certificate(s)
      */
 
-    if (SSL_X509_isSGC(cert)) {
-        ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01905)
-                     "%s server certificate enables "
-                     "Server Gated Cryptography (SGC)",
-                     ssl_asn1_keystr(type));
-    }
-
     if (SSL_X509_getBC(cert, &is_ca, &pathlen)) {
         if (is_ca) {
             ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(01906)

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c?rev=1546805&r1=1546804&r2=1546805&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Sun Dec  1 11:57:42 2013
@@ -188,29 +188,6 @@ int SSL_smart_shutdown(SSL *ssl)
 **  _________________________________________________________________
 */
 
-/* check whether cert contains extended key usage with a SGC tag */
-BOOL SSL_X509_isSGC(X509 *cert)
-{
-    int ext_nid;
-    EXTENDED_KEY_USAGE *sk;
-    BOOL is_sgc;
-    int i;
-
-    is_sgc = FALSE;
-    sk = X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL);
-    if (sk) {
-        for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
-            ext_nid = OBJ_obj2nid(sk_ASN1_OBJECT_value(sk, i));
-            if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
-                is_sgc = TRUE;
-                break;
-            }
-        }
-    EXTENDED_KEY_USAGE_free(sk);
-    }
-    return is_sgc;
-}
-
 /* retrieve basic constraints ingredients */
 BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
 {

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h?rev=1546805&r1=1546804&r2=1546805&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.h Sun Dec  1 11:57:42 2013
@@ -63,7 +63,6 @@ void        SSL_set_app_data2(SSL *, voi
 X509       *SSL_read_X509(char *, X509 **, pem_password_cb *);
 EVP_PKEY   *SSL_read_PrivateKey(char *, EVP_PKEY **, pem_password_cb *, void *);
 int         SSL_smart_shutdown(SSL *ssl);
-BOOL        SSL_X509_isSGC(X509 *);
 BOOL        SSL_X509_getBC(X509 *, int *, int *);
 char       *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne);
 char       *SSL_X509_NAME_to_string(apr_pool_t *, X509_NAME *, int);