Skip to content

Commit 2745eda

Browse files
finnegancarrollfinnegancarroll
committed
Remove cert revocation settings for aux.
Signed-off-by: Finn Carroll <[email protected]>
1 parent ca85266 commit 2745eda

File tree

2 files changed

+0
-46
lines changed

2 files changed

+0
-46
lines changed

src/main/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPlugin.java

-35
Original file line numberDiff line numberDiff line change
@@ -698,41 +698,6 @@ public List<Setting<?>> getSettings() {
698698
settings.add(
699699
Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_PEMTRUSTEDCAS_FILEPATH, Property.NodeScope, Property.Filtered)
700700
);
701-
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_CRL_FILE, Property.NodeScope, Property.Filtered));
702-
settings.add(Setting.boolSetting(SSLConfigConstants.SECURITY_SSL_AUX_CRL_VALIDATE, false, Property.NodeScope, Property.Filtered));
703-
settings.add(
704-
Setting.boolSetting(
705-
SSLConfigConstants.SECURITY_SSL_AUX_CRL_PREFER_CRLFILE_OVER_OCSP,
706-
false,
707-
Property.NodeScope,
708-
Property.Filtered
709-
)
710-
);
711-
settings.add(
712-
Setting.boolSetting(
713-
SSLConfigConstants.SECURITY_SSL_AUX_CRL_CHECK_ONLY_END_ENTITIES,
714-
true,
715-
Property.NodeScope,
716-
Property.Filtered
717-
)
718-
);
719-
settings.add(
720-
Setting.boolSetting(SSLConfigConstants.SECURITY_SSL_AUX_CRL_DISABLE_CRLDP, false, Property.NodeScope, Property.Filtered)
721-
);
722-
settings.add(
723-
Setting.boolSetting(SSLConfigConstants.SECURITY_SSL_AUX_CRL_DISABLE_OCSP, false, Property.NodeScope, Property.Filtered)
724-
);
725-
settings.add(
726-
Setting.longSetting(SSLConfigConstants.SECURITY_SSL_AUX_CRL_VALIDATION_DATE, -1, -1, Property.NodeScope, Property.Filtered)
727-
);
728-
settings.add(
729-
Setting.boolSetting(
730-
SSLConfigConstants.SECURITY_SSL_AUX_ENFORCE_CERT_RELOAD_DN_VERIFICATION,
731-
true,
732-
Property.NodeScope,
733-
Property.Filtered
734-
)
735-
);
736701

737702
return settings;
738703
}

src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java

-11
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,6 @@ public final class SSLConfigConstants {
115115
*/
116116
public static final String AUX_SETTINGS = "aux";
117117
public static final String SSL_AUX_PREFIX = SSL_PREFIX + AUX_SETTINGS + ".";
118-
public static final String SSL_AUX_CRL_PREFIX = SSL_AUX_PREFIX + "crl.";
119118

120119
// aux enable settings
121120
public static final boolean SECURITY_SSL_AUX_ENABLED_DEFAULT = false; // aux transports are optional
@@ -140,18 +139,8 @@ public final class SSLConfigConstants {
140139
public static final String SECURITY_SSL_AUX_TRUSTSTORE_TYPE = SSL_AUX_PREFIX + TRUSTSTORE_TYPE;
141140
public static final String SECURITY_SSL_AUX_TRUSTSTORE_ALIAS = SSL_AUX_PREFIX + TRUSTSTORE_ALIAS;
142141
public static final String SECURITY_SSL_AUX_TRUSTSTORE_FILEPATH = SSL_AUX_PREFIX + TRUSTSTORE_FILEPATH;
143-
public static final String SECURITY_SSL_AUX_ENFORCE_CERT_RELOAD_DN_VERIFICATION = SSL_AUX_PREFIX + ENFORCE_CERT_RELOAD_DN_VERIFICATION;
144142
public static final String SECURITY_SSL_AUX_PEMTRUSTEDCAS_FILEPATH = SSL_AUX_PREFIX + PEM_TRUSTED_CAS_FILEPATH;
145143

146-
// aux cert revocation list settings
147-
public static final String SECURITY_SSL_AUX_CRL_FILE = SSL_AUX_CRL_PREFIX + "file_path";
148-
public static final String SECURITY_SSL_AUX_CRL_VALIDATE = SSL_AUX_CRL_PREFIX + "validate";
149-
public static final String SECURITY_SSL_AUX_CRL_PREFER_CRLFILE_OVER_OCSP = SSL_AUX_CRL_PREFIX + "prefer_crlfile_over_ocsp";
150-
public static final String SECURITY_SSL_AUX_CRL_CHECK_ONLY_END_ENTITIES = SSL_AUX_CRL_PREFIX + "check_only_end_entities";
151-
public static final String SECURITY_SSL_AUX_CRL_DISABLE_OCSP = SSL_AUX_CRL_PREFIX + "disable_ocsp";
152-
public static final String SECURITY_SSL_AUX_CRL_DISABLE_CRLDP = SSL_AUX_CRL_PREFIX + "disable_crldp";
153-
public static final String SECURITY_SSL_AUX_CRL_VALIDATION_DATE = SSL_AUX_CRL_PREFIX + "validation_date";
154-
155144
/**
156145
* Transport layer (node-to-node) settings.
157146
* Transport layer acts both as client and server within the cluster.

0 commit comments

Comments
 (0)