summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509v3')
-rw-r--r--src/lib/libcrypto/x509v3/pcy_lib.c12
-rw-r--r--src/lib/libcrypto/x509v3/pcy_tree.c51
-rw-r--r--src/lib/libcrypto/x509v3/v3_info.c5
-rw-r--r--src/lib/libcrypto/x509v3/v3_utl.c14
4 files changed, 4 insertions, 78 deletions
diff --git a/src/lib/libcrypto/x509v3/pcy_lib.c b/src/lib/libcrypto/x509v3/pcy_lib.c
index 321370e135..6f37064063 100644
--- a/src/lib/libcrypto/x509v3/pcy_lib.c
+++ b/src/lib/libcrypto/x509v3/pcy_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pcy_lib.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */ 1/* $OpenBSD: pcy_lib.c,v 1.5 2015/02/07 13:19:15 doug Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004. 3 * project 2004.
4 */ 4 */
@@ -140,16 +140,6 @@ X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
140 return node->data->valid_policy; 140 return node->data->valid_policy;
141} 141}
142 142
143#if 0
144int
145X509_policy_node_get_critical(const X509_POLICY_NODE *node)
146{
147 if (node_critical(node))
148 return 1;
149 return 0;
150}
151#endif
152
153STACK_OF(POLICYQUALINFO) * 143STACK_OF(POLICYQUALINFO) *
154X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node) 144X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node)
155{ 145{
diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c
index 2c6472a8a1..fa0e161562 100644
--- a/src/lib/libcrypto/x509v3/pcy_tree.c
+++ b/src/lib/libcrypto/x509v3/pcy_tree.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pcy_tree.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */ 1/* $OpenBSD: pcy_tree.c,v 1.13 2015/02/07 13:19:15 doug Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004. 3 * project 2004.
4 */ 4 */
@@ -153,11 +153,6 @@ tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, unsigned int flags)
153 *ptree = NULL; 153 *ptree = NULL;
154 n = sk_X509_num(certs); 154 n = sk_X509_num(certs);
155 155
156#if 0
157 /* Disable policy mapping for now... */
158 flags |= X509_V_FLAG_INHIBIT_MAP;
159#endif
160
161 if (flags & X509_V_FLAG_EXPLICIT_POLICY) 156 if (flags & X509_V_FLAG_EXPLICIT_POLICY)
162 explicit_policy = 0; 157 explicit_policy = 0;
163 else 158 else
@@ -327,19 +322,6 @@ tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache)
327 322
328 for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { 323 for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
329 data = sk_X509_POLICY_DATA_value(cache->data, i); 324 data = sk_X509_POLICY_DATA_value(cache->data, i);
330 /* If a node is mapped any it doesn't have a corresponding
331 * CertificatePolicies entry.
332 * However such an identical node would be created
333 * if anyPolicy matching is enabled because there would be
334 * no match with the parent valid_policy_set. So we create
335 * link because then it will have the mapping flags
336 * right and we can prune it later.
337 */
338#if 0
339 if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) &&
340 !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
341 continue;
342#endif
343 /* Look for matching nodes in previous level */ 325 /* Look for matching nodes in previous level */
344 if (!tree_link_matching_nodes(curr, data)) 326 if (!tree_link_matching_nodes(curr, data))
345 return 0; 327 return 0;
@@ -416,7 +398,6 @@ tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache,
416 X509_POLICY_TREE *tree) 398 X509_POLICY_TREE *tree)
417{ 399{
418 int i; 400 int i;
419 /*X509_POLICY_DATA *data;*/
420 X509_POLICY_NODE *node; 401 X509_POLICY_NODE *node;
421 X509_POLICY_LEVEL *last = curr - 1; 402 X509_POLICY_LEVEL *last = curr - 1;
422 403
@@ -425,36 +406,6 @@ tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache,
425 406
426 if (!tree_link_unmatched(curr, cache, node, tree)) 407 if (!tree_link_unmatched(curr, cache, node, tree))
427 return 0; 408 return 0;
428
429#if 0
430
431 /* Skip any node with any children: we only want unmathced
432 * nodes.
433 *
434 * Note: need something better for policy mapping
435 * because each node may have multiple children
436 */
437 if (node->nchild)
438 continue;
439
440 /* Create a new node with qualifiers from anyPolicy and
441 * id from unmatched node.
442 */
443 data = policy_data_new(NULL, node->data->valid_policy,
444 node_critical(node));
445
446 if (data == NULL)
447 return 0;
448 /* Curr may not have anyPolicy */
449 data->qualifier_set = cache->anyPolicy->qualifier_set;
450 data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
451 if (!level_add_node(curr, data, node, tree)) {
452 policy_data_free(data);
453 return 0;
454 }
455
456#endif
457
458 } 409 }
459 /* Finally add link to anyPolicy */ 410 /* Finally add link to anyPolicy */
460 if (last->anyPolicy) { 411 if (last->anyPolicy) {
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index 862f949b1b..0a4df34078 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: v3_info.c,v 1.19 2014/10/05 18:28:56 miod Exp $ */ 1/* $OpenBSD: v3_info.c,v 1.20 2015/02/07 13:19:15 doug Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -208,8 +208,5 @@ int
208i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a) 208i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
209{ 209{
210 i2a_ASN1_OBJECT(bp, a->method); 210 i2a_ASN1_OBJECT(bp, a->method);
211#ifdef UNDEF
212 i2a_GENERAL_NAME(bp, a->location);
213#endif
214 return 2; 211 return 2;
215} 212}
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
index 99090f3cd2..ee135a0b52 100644
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: v3_utl.c,v 1.23 2014/07/13 16:03:10 beck Exp $ */ 1/* $OpenBSD: v3_utl.c,v 1.24 2015/02/07 13:19:15 doug Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project. 3 * project.
4 */ 4 */
@@ -328,9 +328,6 @@ X509V3_parse_list(const char *line)
328 *p = 0; 328 *p = 0;
329 ntmp = strip_spaces(q); 329 ntmp = strip_spaces(q);
330 q = p + 1; 330 q = p + 1;
331#if 0
332 printf("%s\n", ntmp);
333#endif
334 if (!ntmp) { 331 if (!ntmp) {
335 X509V3err(X509V3_F_X509V3_PARSE_LIST, 332 X509V3err(X509V3_F_X509V3_PARSE_LIST,
336 X509V3_R_INVALID_NULL_NAME); 333 X509V3_R_INVALID_NULL_NAME);
@@ -345,9 +342,6 @@ X509V3_parse_list(const char *line)
345 state = HDR_NAME; 342 state = HDR_NAME;
346 *p = 0; 343 *p = 0;
347 vtmp = strip_spaces(q); 344 vtmp = strip_spaces(q);
348#if 0
349 printf("%s\n", ntmp);
350#endif
351 if (!vtmp) { 345 if (!vtmp) {
352 X509V3err(X509V3_F_X509V3_PARSE_LIST, 346 X509V3err(X509V3_F_X509V3_PARSE_LIST,
353 X509V3_R_INVALID_NULL_VALUE); 347 X509V3_R_INVALID_NULL_VALUE);
@@ -363,9 +357,6 @@ X509V3_parse_list(const char *line)
363 357
364 if (state == HDR_VALUE) { 358 if (state == HDR_VALUE) {
365 vtmp = strip_spaces(q); 359 vtmp = strip_spaces(q);
366#if 0
367 printf("%s=%s\n", ntmp, vtmp);
368#endif
369 if (!vtmp) { 360 if (!vtmp) {
370 X509V3err(X509V3_F_X509V3_PARSE_LIST, 361 X509V3err(X509V3_F_X509V3_PARSE_LIST,
371 X509V3_R_INVALID_NULL_VALUE); 362 X509V3_R_INVALID_NULL_VALUE);
@@ -374,9 +365,6 @@ X509V3_parse_list(const char *line)
374 X509V3_add_value(ntmp, vtmp, &values); 365 X509V3_add_value(ntmp, vtmp, &values);
375 } else { 366 } else {
376 ntmp = strip_spaces(q); 367 ntmp = strip_spaces(q);
377#if 0
378 printf("%s\n", ntmp);
379#endif
380 if (!ntmp) { 368 if (!ntmp) {
381 X509V3err(X509V3_F_X509V3_PARSE_LIST, 369 X509V3err(X509V3_F_X509V3_PARSE_LIST,
382 X509V3_R_INVALID_NULL_NAME); 370 X509V3_R_INVALID_NULL_NAME);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 11:41:05 +0000