Commit 80f9e1c9 authored by IKEDA Soji's avatar IKEDA Soji
Browse files

Remove outdated ca-bundle.crt

Now system default will be used instead.

Cleanup on code.
parent ed42d535
......@@ -27,7 +27,6 @@ nobase_nodist_default_DATA = \
list_aliases.tt2
nobase_default_DATA = \
auth.conf \
ca-bundle.crt \
charset.conf \
crawlers_detection.conf \
create_list.conf \
......
This diff is collapsed.
......@@ -825,21 +825,6 @@ sub checkfiles {
}
}
### Check cafile and capath access
#if (defined $Conf{'cafile'} && $Conf{'cafile'}) {
# unless (-f $Conf{'cafile'} && -r $Conf{'cafile'}) {
# $log->syslog('err', 'Cannot access cafile %s', $Conf{'cafile'});
# $config_err++;
# }
#}
#if (defined $Conf{'capath'} && $Conf{'capath'}) {
# unless (-d $Conf{'capath'} && -x $Conf{'capath'}) {
# $log->syslog('err', 'Cannot access capath %s', $Conf{'capath'});
# $config_err++;
# }
#}
# Check if directory parameters point to the same directory.
my @keys = qw(bounce_path etc home
queue queueauth queuebounce queuebulk queuedigest
......@@ -1907,12 +1892,6 @@ sub _infer_server_specific_parameter_values {
$param->{'config_hash'}{'robot_name'} = '';
#unless (defined $param->{'config_hash'}{'cafile'}
# or defined $param->{'config_hash'}{'capath'}) {
# $param->{'config_hash'}{'cafile'} =
# Sympa::Constants::DEFAULTDIR . '/ca-bundle.crt';
#}
unless (
Sympa::Tools::Data::smart_eq(
$param->{'config_hash'}{'dkim_feature'}, 'on'
......
......@@ -81,25 +81,6 @@ sub _connect {
$log->syslog('err', 'Can\'t load IO::Socket::SSL');
return undef;
}
# Earlier releases of IO::Socket::SSL would fallback SSL_verify_mode
# to SSL_VERIFY_NONE when there are no usable CAfile nor CApath.
# However, recent releases won't: They simply deny connection.
# As a workaround, make ca_file or ca_path parameter mandatory unless
# "none" is explicitly assigned to ca_verify parameter.
#
# Update on 6.2.23b.2: If CAfile or CApath is not specified, system
# default will be used, but if undef was specified, system default
# would be disabled. Now undef won't be specified and the check below
# is useless.
#unless ($self->{ca_verify} and $self->{ca_verify} eq 'none') {
# unless ($self->{ca_file} or $self->{ca_path}) {
# $log->syslog('err',
# 'Neither ca_file nor ca_path parameter is specified');
# return undef;
# }
#}
}
# new() with multiple alternate hosts needs perl-ldap >= 0.27.
......
......@@ -47,12 +47,6 @@ sub get_https {
my $trusted_ca_file = $ssl_data->{'cafile'};
my $trusted_ca_path = $ssl_data->{'capath'};
#unless (-r $trusted_ca_file or -d $trusted_ca_path) {
# $log->syslog('err', 'Incorrect access to cafile %s or capath %s',
# $trusted_ca_file, $trusted_ca_path);
# return undef;
#}
unless ($IO::Socket::SSL::VERSION) {
$log->syslog('err',
'Unable to use SSL library, IO::Socket::SSL required, install it first'
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment