Remove AsyncSSLSocket::{get, set}ClientCertValidationResult().

Summary:
The API deleted here was added to plan for use in proxygen downstream client auth but we ended up using better alternatives. Given how the wangle pipeline works caller to the getter may never get things other than success (if it's error, connection is closed and pipeline won't flow to the point) without complex OpenSSL callback setup. As a result, it's very unlikely to be used in the future.

Let's just remove them to avoid confusion.

Reviewed By: yfeldblum

Differential Revision: D9361517

fbshipit-source-id: 75d1cf71ee88a5a9ec28a151ddd4ea4aaf9506ed

folly/io/async/AsyncSSLSocket.h

@@ -753,36 +753,6 @@ class AsyncSSLSocket : public virtual AsyncSocket {
     return ssl::X509UniquePtr(cert);
   }
 
-  /**
-   * A set of possible outcomes of certificate validation.
-   */
-  enum class CertValidationResult {
-    CERT_VALID, // Cert is valid.
-    CERT_MISSING, // No cert is provided.
-    CERT_INVALID_FUTURE, // Cert has start datetime in the future.
-    CERT_INVALID_EXPIRED, // Cert has expired.
-    CERT_INVALID_BAD_CHAIN, // Cert has bad chain.
-    CERT_INVALID_OTHER, // Cert is invalid due to other reasons.
-  };
-
-  /**
-   * Get the validation result of client cert. If the server side has not
-   * set this value, it will return folly::none; otherwise a value in
-   * CertValidationResult.
-   */
-  const Optional<CertValidationResult> getClientCertValidationResult() {
-    return clientCertValidationResult_;
-  }
-
-  /**
-   * Set the validation result of client cert. Used by server side.
-   * @param result A value of CertValidationResult wrapped by folly::Optional.
-   */
-  void setClientCertValidationResult(
-      const Optional<CertValidationResult>& result) {
-    clientCertValidationResult_ = result;
-  }
-
   /**
    * Force AsyncSSLSocket object to cache local and peer socket addresses.
    * If called with "true" before connect() this function forces full local
@@ -962,8 +932,6 @@ class AsyncSSLSocket : public virtual AsyncSocket {
   folly::SSLContext::SSLVerifyPeerEnum verifyPeer_{
       folly::SSLContext::SSLVerifyPeerEnum::USE_CTX};
 
-  Optional<CertValidationResult> clientCertValidationResult_{none};
-
   // Callback for SSL_CTX_set_verify()
   static int sslVerifyCallback(int preverifyOk, X509_STORE_CTX* ctx);
 

folly/io/async/test/AsyncSSLSocketTest.cpp

@@ -188,24 +188,6 @@ std::string getCommonName(X509* cert) {
   return cn;
 }
 
-TEST(AsyncSSLSocketTest, ClientCertValidationResultTest) {
-  EventBase ev;
-  int fd = 0;
-
-  AsyncSSLSocket::UniquePtr sock(
-      new AsyncSSLSocket(std::make_shared<SSLContext>(), &ev, fd, false));
-
-  // Initially the cert is not validated, so no result is available.
-  EXPECT_EQ(nullptr, get_pointer(sock->getClientCertValidationResult()));
-
-  sock->setClientCertValidationResult(
-      make_optional(AsyncSSLSocket::CertValidationResult::CERT_VALID));
-
-  EXPECT_EQ(
-      AsyncSSLSocket::CertValidationResult::CERT_VALID,
-      *sock->getClientCertValidationResult());
-}
-
 /**
  * Test connecting to, writing to, reading from, and closing the
  * connection to the SSL server.