From 424aa780fbb645214b92cf09f23c905b93bdf267 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 12 Dec 2017 15:28:27 +0100
Subject: [PATCH 88/89] Revert "p11_child: make sure OCSP checks are done"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This reverts commit 2297cc7d6cd5c38a7d64027165e4e82ca497f418.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit c221b5fb4d3fc511cebcae2f042e43fb1c577bc7)
---
 src/p11_child/p11_child_nss.c | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/src/p11_child/p11_child_nss.c b/src/p11_child/p11_child_nss.c
index bf533f3efe4d680f4c6dbd10a0d2c5a5da371c67..21c508eb1b1b68b3606d0a5eed36573b01f27a19 100644
--- a/src/p11_child/p11_child_nss.c
+++ b/src/p11_child/p11_child_nss.c
@@ -338,23 +338,6 @@ int do_work(TALLOC_CTX *mem_ctx, const char *nss_db,
                       PR_GetError(), PORT_ErrorToString(PR_GetError()));
                 continue;
             }
-
-            /* with 'certificateUsageCheckAllUsages' set
-             * CERT_VerifyCertificateNow() does not do OCSP so it must be done
-             * explicitly */
-            if (cert_verify_opts->do_ocsp) {
-                rv = CERT_CheckOCSPStatus(handle, cert_list_node->cert,
-                                          PR_Now(), NULL);
-                if (rv != SECSuccess) {
-                    DEBUG(SSSDBG_OP_FAILURE,
-                          "Certificate [%s][%s] failed OCSP check [%d][%s], "
-                          "skipping.\n",
-                          cert_list_node->cert->nickname,
-                          cert_list_node->cert->subjectName,
-                          PR_GetError(), PORT_ErrorToString(PR_GetError()));
-                    continue;
-                }
-            }
         }
 
         if (key_id_in != NULL) {
-- 
2.14.3