diff options
| author | jsing <> | 2014-07-12 18:10:21 +0000 |
|---|---|---|
| committer | jsing <> | 2014-07-12 18:10:21 +0000 |
| commit | 8deb65464a3cb7ec72e4a7723794d23ffef777ba (patch) | |
| tree | 0628cb4a72d8d5ead579f9fcb013407493e64eae /src/lib/libssl/s3_clnt.c | |
| parent | 0522a20bddabef58bf9331c597fede231dffaabb (diff) | |
| download | openbsd-8deb65464a3cb7ec72e4a7723794d23ffef777ba.tar.gz openbsd-8deb65464a3cb7ec72e4a7723794d23ffef777ba.tar.bz2 openbsd-8deb65464a3cb7ec72e4a7723794d23ffef777ba.zip | |
need_cert is now always true, so remove the variable and associated
conditionals.
ok miod@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/s3_clnt.c | 54 |
1 files changed, 21 insertions, 33 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 7d6681b3ac..8c622f4974 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_clnt.c,v 1.79 2014/07/12 13:11:53 jsing Exp $ */ | 1 | /* $OpenBSD: s3_clnt.c,v 1.80 2014/07/12 18:10:21 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -994,8 +994,6 @@ ssl3_get_server_certificate(SSL *s) | |||
| 994 | SESS_CERT *sc; | 994 | SESS_CERT *sc; |
| 995 | EVP_PKEY *pkey = NULL; | 995 | EVP_PKEY *pkey = NULL; |
| 996 | 996 | ||
| 997 | int need_cert = 1; | ||
| 998 | |||
| 999 | n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, | 997 | n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, |
| 1000 | SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); | 998 | SSL3_ST_CR_CERT_B, -1, s->max_cert_list, &ok); |
| 1001 | 999 | ||
| @@ -1093,8 +1091,7 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1093 | 1091 | ||
| 1094 | pkey = X509_get_pubkey(x); | 1092 | pkey = X509_get_pubkey(x); |
| 1095 | 1093 | ||
| 1096 | if (need_cert && ((pkey == NULL) || | 1094 | if (pkey == NULL || EVP_PKEY_missing_parameters(pkey))) { |
| 1097 | EVP_PKEY_missing_parameters(pkey))) { | ||
| 1098 | x = NULL; | 1095 | x = NULL; |
| 1099 | al = SSL3_AL_FATAL; | 1096 | al = SSL3_AL_FATAL; |
| 1100 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1097 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| @@ -1103,7 +1100,7 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1103 | } | 1100 | } |
| 1104 | 1101 | ||
| 1105 | i = ssl_cert_type(x, pkey); | 1102 | i = ssl_cert_type(x, pkey); |
| 1106 | if (need_cert && i < 0) { | 1103 | if (i < 0) { |
| 1107 | x = NULL; | 1104 | x = NULL; |
| 1108 | al = SSL3_AL_FATAL; | 1105 | al = SSL3_AL_FATAL; |
| 1109 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, | 1106 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| @@ -1111,30 +1108,21 @@ ssl3_get_server_certificate(SSL *s) | |||
| 1111 | goto f_err; | 1108 | goto f_err; |
| 1112 | } | 1109 | } |
| 1113 | 1110 | ||
| 1114 | if (need_cert) { | 1111 | sc->peer_cert_type = i; |
| 1115 | sc->peer_cert_type = i; | 1112 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
| 1116 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | 1113 | /* |
| 1117 | /* | 1114 | * Why would the following ever happen? |
| 1118 | * Why would the following ever happen? | 1115 | * We just created sc a couple of lines ago. |
| 1119 | * We just created sc a couple of lines ago. | 1116 | */ |
| 1120 | */ | 1117 | if (sc->peer_pkeys[i].x509 != NULL) |
| 1121 | if (sc->peer_pkeys[i].x509 != NULL) | 1118 | X509_free(sc->peer_pkeys[i].x509); |
| 1122 | X509_free(sc->peer_pkeys[i].x509); | 1119 | sc->peer_pkeys[i].x509 = x; |
| 1123 | sc->peer_pkeys[i].x509 = x; | 1120 | sc->peer_key = &(sc->peer_pkeys[i]); |
| 1124 | sc->peer_key = &(sc->peer_pkeys[i]); | 1121 | |
| 1125 | 1122 | if (s->session->peer != NULL) | |
| 1126 | if (s->session->peer != NULL) | 1123 | X509_free(s->session->peer); |
| 1127 | X509_free(s->session->peer); | 1124 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
| 1128 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | 1125 | s->session->peer = x; |
| 1129 | s->session->peer = x; | ||
| 1130 | } else { | ||
| 1131 | sc->peer_cert_type = i; | ||
| 1132 | sc->peer_key = NULL; | ||
| 1133 | |||
| 1134 | if (s->session->peer != NULL) | ||
| 1135 | X509_free(s->session->peer); | ||
| 1136 | s->session->peer = NULL; | ||
| 1137 | } | ||
| 1138 | s->session->verify_result = s->verify_result; | 1126 | s->session->verify_result = s->verify_result; |
| 1139 | 1127 | ||
| 1140 | x = NULL; | 1128 | x = NULL; |
| @@ -2621,8 +2609,8 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2621 | 2609 | ||
| 2622 | idx = sc->peer_cert_type; | 2610 | idx = sc->peer_cert_type; |
| 2623 | if (idx == SSL_PKEY_ECC) { | 2611 | if (idx == SSL_PKEY_ECC) { |
| 2624 | if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, | 2612 | if (ssl_check_srvr_ecc_cert_and_alg( |
| 2625 | s) == 0) { | 2613 | sc->peer_pkeys[idx].x509, s) == 0) { |
| 2626 | /* check failed */ | 2614 | /* check failed */ |
| 2627 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | 2615 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, |
| 2628 | SSL_R_BAD_ECC_CERT); | 2616 | SSL_R_BAD_ECC_CERT); |
| @@ -2635,7 +2623,7 @@ ssl3_check_cert_and_algorithm(SSL *s) | |||
| 2635 | i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey); | 2623 | i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey); |
| 2636 | EVP_PKEY_free(pkey); | 2624 | EVP_PKEY_free(pkey); |
| 2637 | 2625 | ||
| 2638 | /* Check that we have a certificate if we require one */ | 2626 | /* Check that we have a certificate if we require one. */ |
| 2639 | if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { | 2627 | if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) { |
| 2640 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, | 2628 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, |
| 2641 | SSL_R_MISSING_RSA_SIGNING_CERT); | 2629 | SSL_R_MISSING_RSA_SIGNING_CERT); |