Drop TLS authentication mode invalid

cgzones · cgzones · commit fa283d495b76 · 2024-10-30T10:37:19.000+01:00
The mode `invalid` is treated the same as `no`, and the ReadMe also says
the default to be `no`.
Also `invalid` has currently no string representation.
diff --git a/src/netlog/netlog-dtls.c b/src/netlog/netlog-dtls.c
@@ -113,7 +113,7 @@ int dtls_connect(DTLSManager *m, SocketAddress *address) {
         m->bio = TAKE_PTR(bio);
 
         /* Certification verification  */
-        if (m->auth_mode != OPEN_SSL_CERTIFICATE_AUTH_MODE_NONE && m->auth_mode != OPEN_SSL_CERTIFICATE_AUTH_MODE_INVALID) {
+        if (m->auth_mode != OPEN_SSL_CERTIFICATE_AUTH_MODE_NONE) {
                 log_debug("DTLS: enable certificate verification");
 
                 SSL_set_ex_data(ssl, 0, m);
diff --git a/src/netlog/netlog-manager.c b/src/netlog/netlog-manager.c
@@ -634,7 +634,7 @@ int manager_new(const char *state_file, const char *cursor, Manager **ret) {
                 .state_file = strdup(state_file),
                 .protocol = SYSLOG_TRANSMISSION_PROTOCOL_UDP,
                 .log_format = SYSLOG_TRANSMISSION_LOG_FORMAT_RFC_5424,
-                .auth_mode = OPEN_SSL_CERTIFICATE_AUTH_MODE_INVALID,
+                .auth_mode = OPEN_SSL_CERTIFICATE_AUTH_MODE_NONE,
                 .connection_retry_usec = DEFAULT_CONNECTION_RETRY_USEC,
                 .ratelimit = (const RateLimit) {
                         RATELIMIT_INTERVAL_USEC,
diff --git a/src/netlog/netlog-tls.c b/src/netlog/netlog-tls.c
@@ -212,7 +212,7 @@ int tls_connect(TLSManager *m, SocketAddress *address) {
                                        "TLS: Failed to SSL_set_fd: %s",
                                        ERR_error_string(ERR_get_error(), NULL));
         /* Certification verification  */
-        if (m->auth_mode != OPEN_SSL_CERTIFICATE_AUTH_MODE_NONE && m->auth_mode != OPEN_SSL_CERTIFICATE_AUTH_MODE_INVALID) {
+        if (m->auth_mode != OPEN_SSL_CERTIFICATE_AUTH_MODE_NONE) {
                 log_debug("TLS: enable certificate verification");
 
                 SSL_set_ex_data(ssl, 0, m);
diff --git a/src/netlog/netlog-tls.h b/src/netlog/netlog-tls.h
@@ -14,7 +14,6 @@ typedef enum OpenSSLCertificateAuthMode {
         OPEN_SSL_CERTIFICATE_AUTH_MODE_DENY     = 1 << 2,
         OPEN_SSL_CERTIFICATE_AUTH_MODE_WARN     = 1 << 3,
         OPEN_SSL_CERTIFICATE_AUTH_MODE_MAX      = 1 << 4,
-        OPEN_SSL_CERTIFICATE_AUTH_MODE_INVALID  = -1,
 } OpenSSLCertificateAuthMode;
 
 typedef struct TLSManager TLSManager;
