diff options
| author | beck <> | 2023-06-08 22:02:40 +0000 |
|---|---|---|
| committer | beck <> | 2023-06-08 22:02:40 +0000 |
| commit | 1f2afbe94d636a3a190f232ac4f952353d8d0780 (patch) | |
| tree | efd188662e4f7f1ec47565137dcb6664fb7ead2e | |
| parent | ccc698d6521b756838b52dca551ee9cd47bdd283 (diff) | |
| download | openbsd-1f2afbe94d636a3a190f232ac4f952353d8d0780.tar.gz openbsd-1f2afbe94d636a3a190f232ac4f952353d8d0780.tar.bz2 openbsd-1f2afbe94d636a3a190f232ac4f952353d8d0780.zip | |
Remove dead code.
must_be_ca can no longer be 0 after the proxy cert code got nuked,
so change this to an if. must_be_ca is now -1 for a leaf, or 1 for
a non leaf.
ok tb@
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 0c2144752d..c4ba3d5b14 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.124 2023/05/28 05:25:24 tb Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.125 2023/06/08 22:02:40 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -754,23 +754,14 @@ x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 754 | goto end; | 754 | goto end; |
| 755 | } | 755 | } |
| 756 | ret = X509_check_ca(x); | 756 | ret = X509_check_ca(x); |
| 757 | switch (must_be_ca) { | 757 | if (must_be_ca == -1) { |
| 758 | case -1: | ||
| 759 | if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && | 758 | if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && |
| 760 | (ret != 1) && (ret != 0)) { | 759 | (ret != 1) && (ret != 0)) { |
| 761 | ret = 0; | 760 | ret = 0; |
| 762 | ctx->error = X509_V_ERR_INVALID_CA; | 761 | ctx->error = X509_V_ERR_INVALID_CA; |
| 763 | } else | 762 | } else |
| 764 | ret = 1; | 763 | ret = 1; |
| 765 | break; | 764 | } else { |
| 766 | case 0: | ||
| 767 | if (ret != 0) { | ||
| 768 | ret = 0; | ||
| 769 | ctx->error = X509_V_ERR_INVALID_NON_CA; | ||
| 770 | } else | ||
| 771 | ret = 1; | ||
| 772 | break; | ||
| 773 | default: | ||
| 774 | if ((ret == 0) || | 765 | if ((ret == 0) || |
| 775 | ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && | 766 | ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && |
| 776 | (ret != 1))) { | 767 | (ret != 1))) { |
| @@ -778,7 +769,6 @@ x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 778 | ctx->error = X509_V_ERR_INVALID_CA; | 769 | ctx->error = X509_V_ERR_INVALID_CA; |
| 779 | } else | 770 | } else |
| 780 | ret = 1; | 771 | ret = 1; |
| 781 | break; | ||
| 782 | } | 772 | } |
| 783 | if (ret == 0) { | 773 | if (ret == 0) { |
| 784 | ctx->error_depth = i; | 774 | ctx->error_depth = i; |