From 6aa10be664c9af184dcc1e9838b2de0dde06a23c Mon Sep 17 00:00:00 2001
From: Ben Kibbey <bjk@luxsci.net>
Date: Sun, 13 Jan 2013 11:22:43 -0500
Subject: [PATCH] Remove the "tls_use_crl" configuration parameter.

The "tls_access" parameter can be used instead.
---
 doc/config.example |  3 ---
 doc/pwmd.texi      |  7 -------
 src/rcfile.c       |  1 -
 src/tls.c          | 31 -------------------------------
 4 files changed, 42 deletions(-)

diff --git a/doc/config.example b/doc/config.example
index 46505e15..75adcb9b 100644
--- a/doc/config.example
+++ b/doc/config.example
@@ -130,9 +130,6 @@
 # The GnuTLS cipher suite and protocol to use.
 #tls_cipher_suite=SECURE256
 
-# When true and exists, ~/.pwmd/crl.pem will be used as an X509 CRL.
-#tls_use_crl=true
-
 # END GLOBAL SETTINGS
 
 # File specific settings are allowed by placing the filename in braces. Each
diff --git a/doc/pwmd.texi b/doc/pwmd.texi
index 81d0507c..fbf8717d 100644
--- a/doc/pwmd.texi
+++ b/doc/pwmd.texi
@@ -463,13 +463,6 @@ will disable waiting. The default is @code{3}.
 @item tls_cipher_suite = string
 The GnuTLS cipher suite and protocol to use. See the GnuTLS documentation for
 information about the format of this string. The default is @code{SECURE256}.
-
-@item tls_use_crl = boolean
-When @code{true}, enabling reading of @file{~/.pwmd/crl.pem}. This
-file is a x509 Certificate Revokation List and can be used to deny
-certificates stored in it. The default is @code{true}. @command{pwmd}
-will need to be either restarted or sent the @code{SIGHUP} signal to
-recognize any changes to this file.
 @end table
 
 @node Pinentry, Commands, TLS, Configuration
diff --git a/src/rcfile.c b/src/rcfile.c
index 3322f99a..af55f86c 100644
--- a/src/rcfile.c
+++ b/src/rcfile.c
@@ -91,7 +91,6 @@ static struct config_params_s
   {  "tcp_interface",           PARAM_CHARP,            NULL},
   {  "tls_timeout",             PARAM_INT,              "300"},
   {  "tls_cipher_suite",	PARAM_CHARP,		"SECURE256"},
-  {  "tls_use_crl",		PARAM_BOOL,		"1"},
   {  "tls_access",		PARAM_CHARPP,		NULL},
   {  "pinentry_path",           PARAM_CHARP,            PINENTRY_PATH},
   {  "pinentry_timeout",        PARAM_INT,              DEFAULT_PINENTRY_TIMEOUT},
diff --git a/src/tls.c b/src/tls.c
index e7d74a09..37286490 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -306,37 +306,6 @@ tls_init_params ()
       goto fail;
     }
 
-  MUTEX_LOCK (&rcfile_mutex);
-
-  if (config_get_boolean ("global", "tls_use_crl"))
-    {
-      MUTEX_UNLOCK (&rcfile_mutex);
-      tmp = str_asprintf ("%s/crl.pem", homedir);
-      if (!tmp)
-	{
-	  rc = GPG_ERR_ENOMEM;
-	  goto fail;
-	}
-
-      if (access (tmp, R_OK) == -1 && errno == ENOENT)
-	log_write ("%s: %s", tmp, gnutls_strerror (n));
-      else
-	{
-	  n = gnutls_certificate_set_x509_crl_file (x509_cred, tmp,
-						    GNUTLS_X509_FMT_PEM);
-	  if (n < 0)
-	    {
-	      log_write ("%s: %s", tmp, gnutls_strerror (n));
-	      xfree (tmp);
-	      goto fail;
-	    }
-	}
-
-      xfree (tmp);
-    }
-  else
-    MUTEX_UNLOCK (&rcfile_mutex);
-
   tmp = str_asprintf ("%s/ca-cert.pem", homedir);
   if (!tmp)
     {
-- 
2.11.4.GIT