6 files changed, 6 insertions, 95 deletions

diff --git a/src/usr.bin/openssl/apps.c b/src/usr.bin/openssl/apps.c
index fd13371f5d..592a68980a 100644
--- a/src/usr.bin/openssl/apps.c
+++ b/src/usr.bin/openssl/apps.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: apps.c,v 1.62 2022/01/10 12:17:49 tb Exp $ */
+/* $OpenBSD: apps.c,v 1.63 2023/04/14 15:27:13 tb Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -1951,47 +1951,6 @@ pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value)
         return rv;
 }
 
-static void
-nodes_print(BIO *out, const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
-{
-        X509_POLICY_NODE *node;
-        int i;
-
-        BIO_printf(out, "%s Policies:", name);
-        if (nodes) {
-                BIO_puts(out, "\n");
-                for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
-                        node = sk_X509_POLICY_NODE_value(nodes, i);
-                        X509_POLICY_NODE_print(out, node, 2);
-                }
-        } else
-                BIO_puts(out, " <empty>\n");
-}
-
-void
-policies_print(BIO *out, X509_STORE_CTX *ctx)
-{
-        X509_POLICY_TREE *tree;
-        int explicit_policy;
-        int free_out = 0;
-
-        if (out == NULL) {
-                out = BIO_new_fp(stderr, BIO_NOCLOSE);
-                free_out = 1;
-        }
-        tree = X509_STORE_CTX_get0_policy_tree(ctx);
-        explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
-
-        BIO_printf(out, "Require explicit Policy: %s\n",
-            explicit_policy ? "True" : "False");
-
-        nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
-        nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
-
-        if (free_out)
-                BIO_free(out);
-}
-
 /*
  * next_protos_parse parses a comma separated list of strings into a string
  * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
diff --git a/src/usr.bin/openssl/apps.h b/src/usr.bin/openssl/apps.h
index f4fa5361a7..82e0662c88 100644
--- a/src/usr.bin/openssl/apps.h
+++ b/src/usr.bin/openssl/apps.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: apps.h,v 1.31 2022/01/10 12:17:49 tb Exp $ */
+/* $OpenBSD: apps.h,v 1.32 2023/04/14 15:27:13 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -237,7 +237,6 @@ int parse_yesno(const char *str, int def);
 X509_NAME *parse_name(char *str, long chtype, int multirdn);
 int args_verify(char ***pargs, int *pargc, int *badarg, BIO *err,
     X509_VERIFY_PARAM **pm);
-void policies_print(BIO *out, X509_STORE_CTX *ctx);
 int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
 int pkey_ctrl_string(EVP_PKEY_CTX *ctx, char *value);
 int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx, const char *algname,
diff --git a/src/usr.bin/openssl/cms.c b/src/usr.bin/openssl/cms.c
index 0ddf26e5a7..121a413a21 100644
--- a/src/usr.bin/openssl/cms.c
+++ b/src/usr.bin/openssl/cms.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms.c,v 1.33 2023/03/06 14:32:05 tb Exp $ */
+/* $OpenBSD: cms.c,v 1.34 2023/04/14 15:27:13 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -69,7 +69,6 @@
 #include <openssl/cms.h>
 
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
-static int cms_cb(int ok, X509_STORE_CTX *ctx);
 static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
 static CMS_ReceiptRequest *make_receipt_request(
     STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
@@ -1442,7 +1441,6 @@ cms_main(int argc, char **argv)
                 if ((store = setup_verify(bio_err, cfg.CAfile,
                     cfg.CApath)) == NULL)
                         goto end;
-                X509_STORE_set_verify_cb(store, cms_cb);
                 if (cfg.vpm != NULL) {
                         if (!X509_STORE_set1_param(store, cfg.vpm))
                                 goto end;
@@ -1804,26 +1802,6 @@ save_certs(char *signerfile, STACK_OF(X509) *signers)
         return 1;
 }
 
-/* Minimal callback just to output policy info (if any) */
-
-static int
-cms_cb(int ok, X509_STORE_CTX *ctx)
-{
-        int error;
-
-        error = X509_STORE_CTX_get_error(ctx);
-
-        verify_err = error;
-
-        if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) &&
-            ((error != X509_V_OK) || (ok != 2)))
-                return ok;
-
-        policies_print(NULL, ctx);
-
-        return ok;
-}
-
 static void
 gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
 {
diff --git a/src/usr.bin/openssl/s_cb.c b/src/usr.bin/openssl/s_cb.c
index 73f45c25c5..d503b8cf27 100644
--- a/src/usr.bin/openssl/s_cb.c
+++ b/src/usr.bin/openssl/s_cb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_cb.c,v 1.20 2022/08/31 07:12:30 tb Exp $ */
+/* $OpenBSD: s_cb.c,v 1.21 2023/04/14 15:27:13 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -189,11 +189,8 @@ verify_callback(int ok, X509_STORE_CTX * ctx)
                 BIO_printf(bio_err, "\n");
                 break;
         case X509_V_ERR_NO_EXPLICIT_POLICY:
-                policies_print(bio_err, ctx);
                 break;
         }
-        if (err == X509_V_OK && ok == 2)
-                policies_print(bio_err, ctx);
 
         BIO_printf(bio_err, "verify return:%d\n", ok);
         return (ok);
diff --git a/src/usr.bin/openssl/smime.c b/src/usr.bin/openssl/smime.c
index e54c8d0b84..46bfa08679 100644
--- a/src/usr.bin/openssl/smime.c
+++ b/src/usr.bin/openssl/smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: smime.c,v 1.19 2023/03/06 14:32:06 tb Exp $ */
+/* $OpenBSD: smime.c,v 1.20 2023/04/14 15:27:13 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -70,7 +70,6 @@
 #include <openssl/x509v3.h>
 
 static int save_certs(char *signerfile, STACK_OF(X509) *signers);
-static int smime_cb(int ok, X509_STORE_CTX *ctx);
 
 #define SMIME_OP        0x10
 #define SMIME_IP        0x20
@@ -933,7 +932,6 @@ smime_main(int argc, char **argv)
                 if ((store = setup_verify(bio_err, cfg.CAfile,
                     cfg.CApath)) == NULL)
                         goto end;
-                X509_STORE_set_verify_cb(store, smime_cb);
                 if (cfg.vpm != NULL) {
                         if (!X509_STORE_set1_param(store, cfg.vpm))
                                 goto end;
@@ -1103,20 +1101,3 @@ save_certs(char *signerfile, STACK_OF(X509) *signers)
 
         return 1;
 }
-
-/* Minimal callback just to output policy info (if any) */
-static int
-smime_cb(int ok, X509_STORE_CTX *ctx)
-{
-        int error;
-
-        error = X509_STORE_CTX_get_error(ctx);
-
-        if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) &&
-            ((error != X509_V_OK) || (ok != 2)))
-                return ok;
-
-        policies_print(NULL, ctx);
-
-        return ok;
-}
diff --git a/src/usr.bin/openssl/verify.c b/src/usr.bin/openssl/verify.c
index b412623991..b4e0f33f6a 100644
--- a/src/usr.bin/openssl/verify.c
+++ b/src/usr.bin/openssl/verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: verify.c,v 1.16 2023/03/06 14:32:06 tb Exp $ */
+/* $OpenBSD: verify.c,v 1.17 2023/04/14 15:27:13 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -427,7 +427,6 @@ cb(int ok, X509_STORE_CTX *ctx)
                     X509_verify_cert_error_string(cert_error));
                 switch (cert_error) {
                 case X509_V_ERR_NO_EXPLICIT_POLICY:
-                        policies_print(NULL, ctx);
                 case X509_V_ERR_CERT_HAS_EXPIRED:
 
                         /*
@@ -452,8 +451,6 @@ cb(int ok, X509_STORE_CTX *ctx)
                 return ok;
 
         }
-        if (cert_error == X509_V_OK && ok == 2)
-                policies_print(NULL, ctx);
         if (!cfg.verbose)
                 ERR_clear_error();
         return (ok);