Remove old Broccoli SSL options

- ssl_ca_certificate - ssl_private_key - ssl_passphrase
2025-10-02 06:38:20 +00:00 · 2019-06-20 14:19:11 -07:00 · 2019-06-20 14:19:11 -07:00 · 61d19d25e1
commit 61d19d25e1
parent b9d3d4d63b
7 changed files with 13 additions and 30 deletions
--- a/8
+++ b/8
@ -1,4 +1,12 @@

+2.6-478 | 2019-06-20 14:19:11 -0700
+
+  * Remove old Broccoli SSL options (Jon Siwek, Corelight)
+
+    - ssl_ca_certificate
+    - ssl_private_key
+    - ssl_passphrase
+
 2.6-477 | 2019-06-20 14:00:22 -0700

  * Remove unused SerialInfo.h and SerialTypes.h headers (Jon Siwek, Corelight)
--- a/3
+++ b/3
@ -418,6 +418,9 @@ Removed Functionality
    - ``log_encryption_key``
    - ``state_dir``
    - ``state_write_delay``
+    - ``ssl_ca_certificate``
+    - ``ssl_private_key``
+    - ``ssl_passphrase``

 - The following constants were used as part of deprecated functionality in version 2.6
  or below and are removed from this release:
--- a/2
+++ b/2
@ -1 +1 @@
-2.6-477
+2.6-478
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit e5b95022ffa68ddf4645228d123cf1ea73a55186
+Subproject commit a5f2286834e404df5eb8291fe078732c6b5763ab
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -4710,22 +4710,6 @@ const report_gaps_for_partial = F &redef;
 ## controlled for reproducing results.
 const exit_only_after_terminate = F &redef;

-## The CA certificate file to authorize remote Zeeks/Broccolis.
-##
-## .. zeek:see:: ssl_private_key ssl_passphrase
-const ssl_ca_certificate = "<undefined>" &redef;
-
-## File containing our private key and our certificate.
-##
-## .. zeek:see:: ssl_ca_certificate ssl_passphrase
-const ssl_private_key = "<undefined>" &redef;
-
-## The passphrase for our private key. Keeping this undefined
-## causes Zeek to prompt for the passphrase.
-##
-## .. zeek:see:: ssl_private_key ssl_ca_certificate
-const ssl_passphrase = "<undefined>" &redef;
-
 ## Default mode for Zeek's user-space dynamic packet filter. If true, packets
 ## that aren't explicitly allowed through, are dropped from any further
 ## processing.
--- a/src/NetVar.cc
+++ b/src/NetVar.cc
@ -165,10 +165,6 @@ StringVal* log_rotate_base_time;
 StringVal* peer_description;
 bro_uint_t chunked_io_buffer_soft_cap;

-StringVal* ssl_ca_certificate;
-StringVal* ssl_private_key;
-StringVal* ssl_passphrase;
-
 Val* profiling_file;
 double profiling_interval;
 int expensive_profiling_multiple;
@ -244,10 +240,6 @@ void init_general_global_var()
 		internal_val("peer_description")->AsStringVal();
 	chunked_io_buffer_soft_cap = opt_internal_unsigned("chunked_io_buffer_soft_cap");

-	ssl_ca_certificate = internal_val("ssl_ca_certificate")->AsStringVal();
-	ssl_private_key = internal_val("ssl_private_key")->AsStringVal();
-	ssl_passphrase = internal_val("ssl_passphrase")->AsStringVal();
-
 	packet_filter_default = opt_internal_int("packet_filter_default");

 	sig_max_group_size = opt_internal_int("sig_max_group_size");
--- a/src/NetVar.h
+++ b/src/NetVar.h
@ -168,10 +168,6 @@ extern StringVal* log_rotate_base_time;
 extern StringVal* peer_description;
 extern bro_uint_t chunked_io_buffer_soft_cap;

-extern StringVal* ssl_ca_certificate;
-extern StringVal* ssl_private_key;
-extern StringVal* ssl_passphrase;
-
 extern Val* profiling_file;
 extern double profiling_interval;
 extern int expensive_profiling_multiple;
 @ -1 +1 @@
 .6-477
 .6-478