X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/fa7225c82381bac4432a6edf16f53b5370238d85..6b200bc335dc93c5516ccb52f14bd896d8c7fad7:/OSX/libsecurity_codesigning/lib/policyengine.cpp

diff --git a/OSX/libsecurity_codesigning/lib/policyengine.cpp b/OSX/libsecurity_codesigning/lib/policyengine.cpp
index f9fc17ed..05c44598 100644
--- a/OSX/libsecurity_codesigning/lib/policyengine.cpp
+++ b/OSX/libsecurity_codesigning/lib/policyengine.cpp
@@ -616,49 +616,16 @@ void PolicyEngine::evaluateInstall(CFURLRef path, SecAssessmentFlags flags, CFDi
 //
 // Create a suitable policy array for verification of installer signatures.
 //
-#if !SECTRUST_OSX
-static SecPolicyRef makeCRLPolicy()
-{
-	CFRef<SecPolicyRef> policy;
-	MacOSError::check(SecPolicyCopy(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_REVOCATION_CRL, &policy.aref()));
-	CSSM_APPLE_TP_CRL_OPTIONS options;
-	memset(&options, 0, sizeof(options));
-	options.Version = CSSM_APPLE_TP_CRL_OPTS_VERSION;
-	options.CrlFlags = CSSM_TP_ACTION_FETCH_CRL_FROM_NET | CSSM_TP_ACTION_CRL_SUFFICIENT;
-	CSSM_DATA optData = { sizeof(options), (uint8 *)&options };
-	MacOSError::check(SecPolicySetValue(policy, &optData));
-	return policy.yield();
-}
-
-static SecPolicyRef makeOCSPPolicy()
-{
-	CFRef<SecPolicyRef> policy;
-	MacOSError::check(SecPolicyCopy(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_REVOCATION_OCSP, &policy.aref()));
-	CSSM_APPLE_TP_OCSP_OPTIONS options;
-	memset(&options, 0, sizeof(options));
-	options.Version = CSSM_APPLE_TP_OCSP_OPTS_VERSION;
-	options.Flags = CSSM_TP_ACTION_OCSP_SUFFICIENT;
-	CSSM_DATA optData = { sizeof(options), (uint8 *)&options };
-	MacOSError::check(SecPolicySetValue(policy, &optData));
-	return policy.yield();
-}
-#else
 static SecPolicyRef makeRevocationPolicy()
 {
 	CFRef<SecPolicyRef> policy(SecPolicyCreateRevocation(kSecRevocationUseAnyAvailableMethod));
 	return policy.yield();
 }
-#endif
 
 static CFTypeRef installerPolicy()
 {
 	CFRef<SecPolicyRef> base = SecPolicyCreateBasicX509();
-#if !SECTRUST_OSX
-	CFRef<SecPolicyRef> crl = makeCRLPolicy();
-	CFRef<SecPolicyRef> ocsp = makeOCSPPolicy();
-#else
 	CFRef<SecPolicyRef> revoc = makeRevocationPolicy();
-#endif
 	return makeCFArray(2, base.get(), revoc.get());
 }