tls-crl: refactored code for automatic certificate revocation list

- removed dead or unused code
- removed obious comments

core/src/console/console_conf.cc

@@ -188,9 +188,6 @@ void FreeResource(CommonResourceHeader *sres, int type)
       if (res->res_cons.tls_cert.CaCertdir) {
          delete res->res_cons.tls_cert.CaCertdir;
       }
-      if (res->res_cons.tls_cert.crlfile) {
-         delete res->res_cons.tls_cert.crlfile;
-      }
       if (res->res_cons.tls_cert.certfile) {
          delete res->res_cons.tls_cert.certfile;
       }
@@ -227,9 +224,6 @@ void FreeResource(CommonResourceHeader *sres, int type)
       if (res->res_dir.tls_cert.CaCertdir) {
          delete res->res_dir.tls_cert.CaCertdir;
       }
-      if (res->res_dir.tls_cert.crlfile) {
-         delete res->res_dir.tls_cert.crlfile;
-      }
       if (res->res_dir.tls_cert.certfile) {
          delete res->res_dir.tls_cert.certfile;
       }

core/src/dird/dird_conf.cc

@@ -2566,9 +2566,6 @@ void FreeResource(CommonResourceHeader *sres, int type)
       if (res->res_dir.tls_cert.CaCertdir) {
          delete res->res_dir.tls_cert.CaCertdir;
       }
-      if (res->res_dir.tls_cert.crlfile) {
-         delete res->res_dir.tls_cert.crlfile;
-      }
       if (res->res_dir.tls_cert.certfile) {
          delete res->res_dir.tls_cert.certfile;
       }
@@ -2625,9 +2622,6 @@ void FreeResource(CommonResourceHeader *sres, int type)
       if (res->res_con.tls_cert.CaCertdir) {
          delete res->res_con.tls_cert.CaCertdir;
       }
-      if (res->res_con.tls_cert.crlfile) {
-         delete res->res_con.tls_cert.crlfile;
-      }
       if (res->res_con.tls_cert.certfile) {
          delete res->res_con.tls_cert.certfile;
       }
@@ -2676,9 +2670,6 @@ void FreeResource(CommonResourceHeader *sres, int type)
       if (res->res_client.tls_cert.CaCertdir) {
          delete res->res_client.tls_cert.CaCertdir;
       }
-      if (res->res_client.tls_cert.crlfile) {
-         delete res->res_client.tls_cert.crlfile;
-      }
       if (res->res_client.tls_cert.certfile) {
          delete res->res_client.tls_cert.certfile;
       }
@@ -2754,9 +2745,6 @@ void FreeResource(CommonResourceHeader *sres, int type)
       if (res->res_store.tls_cert.CaCertdir) {
          delete res->res_store.tls_cert.CaCertdir;
       }
-      if (res->res_store.tls_cert.crlfile) {
-         delete res->res_store.tls_cert.crlfile;
-      }
       if (res->res_store.tls_cert.certfile) {
          delete res->res_store.tls_cert.certfile;
       }

core/src/filed/filed_conf.cc

@@ -261,9 +261,6 @@ void FreeResource(CommonResourceHeader *sres, int type)
       if (res->res_dir.tls_cert.CaCertdir) {
          delete res->res_dir.tls_cert.CaCertdir;
       }
-      if (res->res_dir.tls_cert.crlfile) {
-         delete res->res_dir.tls_cert.crlfile;
-      }
       if (res->res_dir.tls_cert.certfile) {
          delete res->res_dir.tls_cert.certfile;
       }
@@ -362,9 +359,6 @@ void FreeResource(CommonResourceHeader *sres, int type)
       if (res->res_client.tls_cert.CaCertdir) {
          delete res->res_client.tls_cert.CaCertdir;
       }
-      if (res->res_client.tls_cert.crlfile) {
-         delete res->res_client.tls_cert.crlfile;
-      }
       if (res->res_client.tls_cert.certfile) {
          delete res->res_client.tls_cert.certfile;
       }

core/src/lib/parse_conf.h

@@ -111,8 +111,6 @@ struct s_password {
          "Path of a PEM encoded TLS CA certificate(s) file." }, \
    { "TlsCaCertificateDir", CFG_TYPE_STDSTRDIR, ITEM(res.tls_cert.CaCertdir), 0, 0, NULL, NULL, \
          "Path of a TLS CA certificate directory." }, \
-   { "TlsCertificateRevocationList", CFG_TYPE_STDSTRDIR, ITEM(res.tls_cert.crlfile), 0, 0, NULL, NULL, \
-         "Path of a Certificate Revocation List file." }, \
    { "TlsCertificate", CFG_TYPE_STDSTRDIR, ITEM(res.tls_cert.certfile), 0, 0, NULL, NULL, \
          "Path of a PEM encoded TLS certificate." }, \
    { "TlsKey", CFG_TYPE_STDSTRDIR, ITEM(res.tls_cert.keyfile), 0, 0, NULL, NULL, \

core/src/lib/tls_conf_cert.cc

@@ -34,12 +34,10 @@ uint32_t TlsConfigCert::GetPolicy() const
    return result << TlsConfigCert::policy_offset;
 }
 
-
 std::shared_ptr<TLS_CONTEXT> TlsConfigCert::CreateClientContext() const
 {
    return new_tls_context((!CaCertfile || CaCertfile->empty()) ? nullptr : CaCertfile->c_str(),
                           (!CaCertdir || CaCertdir->empty()) ? nullptr : CaCertdir->c_str(),
-                          (!crlfile || crlfile->empty()) ? nullptr : crlfile->c_str(),
                           (!certfile || certfile->empty()) ? nullptr : certfile->c_str(),
                           (!keyfile || keyfile->empty()) ? nullptr : keyfile->c_str(),
                           TlsPemCallback,
@@ -53,7 +51,6 @@ std::shared_ptr<TLS_CONTEXT> TlsConfigCert::CreateServerContext() const
 {
    return new_tls_context((!CaCertfile || CaCertfile->empty()) ? nullptr : CaCertfile->c_str(),
                           (!CaCertdir || CaCertdir->empty()) ? nullptr : CaCertdir->c_str(),
-                          (!crlfile || crlfile->empty()) ? nullptr : crlfile->c_str(),
                           (!certfile || certfile->empty()) ? nullptr : certfile->c_str(),
                           (!keyfile || keyfile->empty()) ? nullptr : keyfile->c_str(),
                           TlsPemCallback,

core/src/lib/tls_conf_cert.h

@@ -28,7 +28,6 @@ class DLL_IMP_EXP TlsConfigCert : public TlsConfigBase {
    bool VerifyPeer;           /* TLS Verify Peer Certificate */
    std::string *CaCertfile;   /* TLS CA Certificate File */
    std::string *CaCertdir;    /* TLS CA Certificate Directory */
-   std::string *crlfile;      /* TLS CA Certificate Revocation List File */
    std::string *certfile;     /* TLS Client Certificate File */
    std::string *keyfile;      /* TLS Client Key File */
    std::string *cipherlist;   /* TLS Cipher List */
@@ -39,7 +38,7 @@ class DLL_IMP_EXP TlsConfigCert : public TlsConfigBase {
 
    TlsConfigCert()
       : TlsConfigBase(), authenticate(false), VerifyPeer(0),
-        CaCertfile(nullptr), CaCertdir(nullptr), crlfile(nullptr), certfile(nullptr),
+        CaCertfile(nullptr), CaCertdir(nullptr), certfile(nullptr),
         keyfile(nullptr), cipherlist(nullptr), dhfile(nullptr), AllowedCns(nullptr),
         pem_message(nullptr) {}
    ~TlsConfigCert();

core/src/lib/tls_gnutls.cc

@@ -103,7 +103,6 @@ TLS_CONTEXT *new_tls_context(const char *cipherlist, CRYPTO_TLS_PSK_CB) {}
  */
 TLS_CONTEXT *new_tls_context(const char *CaCertfile,
                              const char *CaCertdir,
-                             const char *crlfile,
                              const char *certfile,
                              const char *keyfile,
                              CRYPTO_PEM_PASSWD_CB *pem_callback,
@@ -168,26 +167,6 @@ TLS_CONTEXT *new_tls_context(const char *CaCertfile,
       goto bail_out;
    }
 
-   /*
-    * Try to load the revocation list file, first in PEM format and if that fails in DER format.
-    */
-   if (crlfile) {
-      error = gnutls_certificate_set_x509_crl_file(ctx->gnutls_cred,
-                                                   crlfile,
-                                                   GNUTLS_X509_FMT_PEM);
-      if (error < GNUTLS_E_SUCCESS) {
-         error = gnutls_certificate_set_x509_crl_file(ctx->gnutls_cred,
-                                                      crlfile,
-                                                      GNUTLS_X509_FMT_DER);
-         if (error < GNUTLS_E_SUCCESS) {
-            Jmsg1(NULL, M_ERROR, 0,
-                  _("Error loading certificate revocation list from %s\n"),
-                  crlfile);
-            goto bail_out;
-         }
-      }
-   }
-
    /*
     * Try to load the certificate and the keyfile, first in PEM format and if that fails in DER format.
     */