diff options
| author | jsing <> | 2020-05-19 16:35:21 +0000 |
|---|---|---|
| committer | jsing <> | 2020-05-19 16:35:21 +0000 |
| commit | 369bbcd163f15f6e452e14282f0a65dafde2f5ab (patch) | |
| tree | 5ff7e57b9c4172ec2feea5a8c0a76ee21339a4af /src/lib/libssl/ssl_cert.c | |
| parent | 5ce16e8a6720f50f7054baab450a98b2791794fc (diff) | |
| download | openbsd-369bbcd163f15f6e452e14282f0a65dafde2f5ab.tar.gz openbsd-369bbcd163f15f6e452e14282f0a65dafde2f5ab.tar.bz2 openbsd-369bbcd163f15f6e452e14282f0a65dafde2f5ab.zip | |
Replace SSL_PKEY_RSA_ENC/SSL_PKEY_RSA_SIGN with SSL_PKEY_RSA.
Some time prior to SSLeay 0.8.1b, SSL_PKEY_RSA_SIGN got added with the
intention of handling RSA sign only certificates... this incomplete code
had the following comment:
/* check to see if this is a signing only certificate */
/* EAY EAY EAY EAY */
And while the comment was removed in 2005, the incomplete RSA sign-only
handling has remained ever since.
Remove SSL_PKEY_RSA_SIGN and rename SSL_PKEY_RSA_ENC to SSL_PKEY_RSA. While
here also remove the unused SSL_PKEY_DH_RSA.
ok tb@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_cert.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index af8ef329b4..3567b7b426 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_cert.c,v 1.76 2019/05/15 09:13:16 bcook Exp $ */ | 1 | /* $OpenBSD: ssl_cert.c,v 1.77 2020/05/19 16:35:20 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -168,7 +168,7 @@ ssl_cert_new(void) | |||
| 168 | SSLerrorx(ERR_R_MALLOC_FAILURE); | 168 | SSLerrorx(ERR_R_MALLOC_FAILURE); |
| 169 | return (NULL); | 169 | return (NULL); |
| 170 | } | 170 | } |
| 171 | ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); | 171 | ret->key = &(ret->pkeys[SSL_PKEY_RSA]); |
| 172 | ret->references = 1; | 172 | ret->references = 1; |
| 173 | return (ret); | 173 | return (ret); |
| 174 | } | 174 | } |
| @@ -240,15 +240,10 @@ ssl_cert_dup(CERT *cert) | |||
| 240 | * (Nothing at the moment, I think.) | 240 | * (Nothing at the moment, I think.) |
| 241 | */ | 241 | */ |
| 242 | 242 | ||
| 243 | case SSL_PKEY_RSA_ENC: | 243 | case SSL_PKEY_RSA: |
| 244 | case SSL_PKEY_RSA_SIGN: | ||
| 245 | /* We have an RSA key. */ | 244 | /* We have an RSA key. */ |
| 246 | break; | 245 | break; |
| 247 | 246 | ||
| 248 | case SSL_PKEY_DH_RSA: | ||
| 249 | /* We have a DH key. */ | ||
| 250 | break; | ||
| 251 | |||
| 252 | case SSL_PKEY_ECC: | 247 | case SSL_PKEY_ECC: |
| 253 | /* We have an ECC key */ | 248 | /* We have an ECC key */ |
| 254 | break; | 249 | break; |
| @@ -377,7 +372,7 @@ ssl_sess_cert_new(void) | |||
| 377 | SSLerrorx(ERR_R_MALLOC_FAILURE); | 372 | SSLerrorx(ERR_R_MALLOC_FAILURE); |
| 378 | return NULL; | 373 | return NULL; |
| 379 | } | 374 | } |
| 380 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); | 375 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA]); |
| 381 | ret->references = 1; | 376 | ret->references = 1; |
| 382 | 377 | ||
| 383 | return ret; | 378 | return ret; |