From 61d19d25e18cff3f5e050331f0a752d309c898f7 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 20 Jun 2019 14:19:11 -0700 Subject: [PATCH] Remove old Broccoli SSL options - ssl_ca_certificate - ssl_private_key - ssl_passphrase --- CHANGES | 8 ++++++++ NEWS | 3 +++ VERSION | 2 +- doc | 2 +- scripts/base/init-bare.zeek | 16 ---------------- src/NetVar.cc | 8 -------- src/NetVar.h | 4 ---- 7 files changed, 13 insertions(+), 30 deletions(-) diff --git a/CHANGES b/CHANGES index 03c4affe55..115d0ef359 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,12 @@ +2.6-478 | 2019-06-20 14:19:11 -0700 + + * Remove old Broccoli SSL options (Jon Siwek, Corelight) + + - ssl_ca_certificate + - ssl_private_key + - ssl_passphrase + 2.6-477 | 2019-06-20 14:00:22 -0700 * Remove unused SerialInfo.h and SerialTypes.h headers (Jon Siwek, Corelight) diff --git a/NEWS b/NEWS index 197419c97d..85c01507a4 100644 --- a/NEWS +++ b/NEWS @@ -418,6 +418,9 @@ Removed Functionality - ``log_encryption_key`` - ``state_dir`` - ``state_write_delay`` + - ``ssl_ca_certificate`` + - ``ssl_private_key`` + - ``ssl_passphrase`` - The following constants were used as part of deprecated functionality in version 2.6 or below and are removed from this release: diff --git a/VERSION b/VERSION index 6aee059b51..97bdea11c7 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-477 +2.6-478 diff --git a/doc b/doc index e5b95022ff..a5f2286834 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit e5b95022ffa68ddf4645228d123cf1ea73a55186 +Subproject commit a5f2286834e404df5eb8291fe078732c6b5763ab diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index f68bf3a545..1a57375d4c 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -4710,22 +4710,6 @@ const report_gaps_for_partial = F &redef; ## controlled for reproducing results. const exit_only_after_terminate = F &redef; -## The CA certificate file to authorize remote Zeeks/Broccolis. -## -## .. zeek:see:: ssl_private_key ssl_passphrase -const ssl_ca_certificate = "" &redef; - -## File containing our private key and our certificate. -## -## .. zeek:see:: ssl_ca_certificate ssl_passphrase -const ssl_private_key = "" &redef; - -## The passphrase for our private key. Keeping this undefined -## causes Zeek to prompt for the passphrase. -## -## .. zeek:see:: ssl_private_key ssl_ca_certificate -const ssl_passphrase = "" &redef; - ## Default mode for Zeek's user-space dynamic packet filter. If true, packets ## that aren't explicitly allowed through, are dropped from any further ## processing. diff --git a/src/NetVar.cc b/src/NetVar.cc index b9230bece7..3ed77ea277 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -165,10 +165,6 @@ StringVal* log_rotate_base_time; StringVal* peer_description; bro_uint_t chunked_io_buffer_soft_cap; -StringVal* ssl_ca_certificate; -StringVal* ssl_private_key; -StringVal* ssl_passphrase; - Val* profiling_file; double profiling_interval; int expensive_profiling_multiple; @@ -244,10 +240,6 @@ void init_general_global_var() internal_val("peer_description")->AsStringVal(); chunked_io_buffer_soft_cap = opt_internal_unsigned("chunked_io_buffer_soft_cap"); - ssl_ca_certificate = internal_val("ssl_ca_certificate")->AsStringVal(); - ssl_private_key = internal_val("ssl_private_key")->AsStringVal(); - ssl_passphrase = internal_val("ssl_passphrase")->AsStringVal(); - packet_filter_default = opt_internal_int("packet_filter_default"); sig_max_group_size = opt_internal_int("sig_max_group_size"); diff --git a/src/NetVar.h b/src/NetVar.h index 9fa4d75fa6..cbb08a1306 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -168,10 +168,6 @@ extern StringVal* log_rotate_base_time; extern StringVal* peer_description; extern bro_uint_t chunked_io_buffer_soft_cap; -extern StringVal* ssl_ca_certificate; -extern StringVal* ssl_private_key; -extern StringVal* ssl_passphrase; - extern Val* profiling_file; extern double profiling_interval; extern int expensive_profiling_multiple;