X509_verify_cert(): Garbage collect the unused roots variable

roots was used to store the trusted stack or pull the roots out of the
X509_STORE before beck unmooned Ethel in x509_vfy.c r1.88. Since then
this variable is effectively unused. It seems the STACK_OF(3) madness
is too complicated for -Wunused-but-set-variable to notice.

ok miod

1 files changed, 1 insertions, 4 deletions

diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index bb94d55dab..461e1d2ef2 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.120 2023/04/30 14:59:52 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.121 2023/05/08 05:37:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -592,7 +592,6 @@ X509_verify_cert_legacy(X509_STORE_CTX *ctx)
 int
 X509_verify_cert(X509_STORE_CTX *ctx)
 {
-        STACK_OF(X509) *roots = NULL;
         struct x509_verify_ctx *vctx = NULL;
         int chain_count = 0;
 
@@ -656,8 +655,6 @@ X509_verify_cert(X509_STORE_CTX *ctx)
         }
         x509_verify_ctx_free(vctx);
 
-        sk_X509_pop_free(roots, X509_free);
-
         /* if we succeed we have a chain in ctx->chain */
         return (chain_count > 0 && ctx->chain != NULL);
 }