diff options
| author | jsing <> | 2015-02-11 02:17:59 +0000 |
|---|---|---|
| committer | jsing <> | 2015-02-11 02:17:59 +0000 |
| commit | c26652e36ac1ecfa50a2d217fdd0c2786495c552 (patch) | |
| tree | fbdd1d67e1520a4c9a99fa7f464f14270c850df6 | |
| parent | bc0dabd4e1a01c82d1011855caaf60a3cd6cab84 (diff) | |
| download | openbsd-c26652e36ac1ecfa50a2d217fdd0c2786495c552.tar.gz openbsd-c26652e36ac1ecfa50a2d217fdd0c2786495c552.tar.bz2 openbsd-c26652e36ac1ecfa50a2d217fdd0c2786495c552.zip | |
More unifdef OPENSSL_NO_RFC3779 that got missed last time around.
Spotted by beck@
| -rw-r--r-- | src/lib/libcrypto/x509/x509.h | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 12 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/x509/x509.h | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/x509/x509_vfy.c | 12 |
4 files changed, 4 insertions, 32 deletions
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index d67a87df0b..ec6668d35e 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509.h,v 1.21 2015/01/28 04:14:31 beck Exp $ */ | 1 | /* $OpenBSD: x509.h,v 1.22 2015/02/11 02:17:59 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -291,10 +291,6 @@ struct x509_st | |||
| 291 | STACK_OF(DIST_POINT) *crldp; | 291 | STACK_OF(DIST_POINT) *crldp; |
| 292 | STACK_OF(GENERAL_NAME) *altname; | 292 | STACK_OF(GENERAL_NAME) *altname; |
| 293 | NAME_CONSTRAINTS *nc; | 293 | NAME_CONSTRAINTS *nc; |
| 294 | #ifndef OPENSSL_NO_RFC3779 | ||
| 295 | STACK_OF(IPAddressFamily) *rfc3779_addr; | ||
| 296 | struct ASIdentifiers_st *rfc3779_asid; | ||
| 297 | #endif | ||
| 298 | #ifndef OPENSSL_NO_SHA | 294 | #ifndef OPENSSL_NO_SHA |
| 299 | unsigned char sha1_hash[SHA_DIGEST_LENGTH]; | 295 | unsigned char sha1_hash[SHA_DIGEST_LENGTH]; |
| 300 | #endif | 296 | #endif |
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 5e3b0a5606..c383fda4f2 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.39 2015/02/10 08:33:10 jsing Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.40 2015/02/11 02:17:59 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -377,16 +377,6 @@ X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 377 | if (!ok) | 377 | if (!ok) |
| 378 | goto end; | 378 | goto end; |
| 379 | 379 | ||
| 380 | #ifndef OPENSSL_NO_RFC3779 | ||
| 381 | /* RFC 3779 path validation, now that CRL check has been done */ | ||
| 382 | ok = v3_asid_validate_path(ctx); | ||
| 383 | if (!ok) | ||
| 384 | goto end; | ||
| 385 | ok = v3_addr_validate_path(ctx); | ||
| 386 | if (!ok) | ||
| 387 | goto end; | ||
| 388 | #endif | ||
| 389 | |||
| 390 | /* If we get this far evaluate policies */ | 380 | /* If we get this far evaluate policies */ |
| 391 | if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) | 381 | if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) |
| 392 | ok = ctx->check_policy(ctx); | 382 | ok = ctx->check_policy(ctx); |
diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h index d67a87df0b..ec6668d35e 100644 --- a/src/lib/libssl/src/crypto/x509/x509.h +++ b/src/lib/libssl/src/crypto/x509/x509.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509.h,v 1.21 2015/01/28 04:14:31 beck Exp $ */ | 1 | /* $OpenBSD: x509.h,v 1.22 2015/02/11 02:17:59 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -291,10 +291,6 @@ struct x509_st | |||
| 291 | STACK_OF(DIST_POINT) *crldp; | 291 | STACK_OF(DIST_POINT) *crldp; |
| 292 | STACK_OF(GENERAL_NAME) *altname; | 292 | STACK_OF(GENERAL_NAME) *altname; |
| 293 | NAME_CONSTRAINTS *nc; | 293 | NAME_CONSTRAINTS *nc; |
| 294 | #ifndef OPENSSL_NO_RFC3779 | ||
| 295 | STACK_OF(IPAddressFamily) *rfc3779_addr; | ||
| 296 | struct ASIdentifiers_st *rfc3779_asid; | ||
| 297 | #endif | ||
| 298 | #ifndef OPENSSL_NO_SHA | 294 | #ifndef OPENSSL_NO_SHA |
| 299 | unsigned char sha1_hash[SHA_DIGEST_LENGTH]; | 295 | unsigned char sha1_hash[SHA_DIGEST_LENGTH]; |
| 300 | #endif | 296 | #endif |
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c index 5e3b0a5606..c383fda4f2 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.39 2015/02/10 08:33:10 jsing Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.40 2015/02/11 02:17:59 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -377,16 +377,6 @@ X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 377 | if (!ok) | 377 | if (!ok) |
| 378 | goto end; | 378 | goto end; |
| 379 | 379 | ||
| 380 | #ifndef OPENSSL_NO_RFC3779 | ||
| 381 | /* RFC 3779 path validation, now that CRL check has been done */ | ||
| 382 | ok = v3_asid_validate_path(ctx); | ||
| 383 | if (!ok) | ||
| 384 | goto end; | ||
| 385 | ok = v3_addr_validate_path(ctx); | ||
| 386 | if (!ok) | ||
| 387 | goto end; | ||
| 388 | #endif | ||
| 389 | |||
| 390 | /* If we get this far evaluate policies */ | 380 | /* If we get this far evaluate policies */ |
| 391 | if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) | 381 | if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) |
| 392 | ok = ctx->check_policy(ctx); | 382 | ok = ctx->check_policy(ctx); |