1 files changed, 1 insertions, 50 deletions
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
index 2c6472a8a1..fa0e161562 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pcy_tree.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: pcy_tree.c,v 1.13 2015/02/07 13:19:15 doug Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
@@ -153,11 +153,6 @@ tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, unsigned int flags)
        *ptree = NULL;
        n = sk_X509_num(certs);
-#if 0
-        /* Disable policy mapping for now... */
-        flags |= X509_V_FLAG_INHIBIT_MAP;
-#endif
        if (flags & X509_V_FLAG_EXPLICIT_POLICY)
                explicit_policy = 0;
        else
@@ -327,19 +322,6 @@ tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache)
        for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
                data = sk_X509_POLICY_DATA_value(cache->data, i);
-                /* If a node is mapped any it doesn't have a corresponding
-                 * CertificatePolicies entry.
-                 * However such an identical node would be created
-                 * if anyPolicy matching is enabled because there would be
-                 * no match with the parent valid_policy_set. So we create
-                 * link because then it will have the mapping flags
-                 * right and we can prune it later.
-                 */
-#if 0
-                if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) &&
-                    !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
-                        continue;
-#endif
                /* Look for matching nodes in previous level */
                if (!tree_link_matching_nodes(curr, data))
                        return 0;
@@ -416,7 +398,6 @@ tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache,
    X509_POLICY_TREE *tree)
 {
        int i;
-        /*X509_POLICY_DATA *data;*/
        X509_POLICY_NODE *node;
        X509_POLICY_LEVEL *last = curr - 1;
@@ -425,36 +406,6 @@ tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache,
                if (!tree_link_unmatched(curr, cache, node, tree))
                        return 0;
-#if 0
-                /* Skip any node with any children: we only want unmathced
-                 * nodes.
-                 *
-                 * Note: need something better for policy mapping
-                 * because each node may have multiple children
-                 */
-                if (node->nchild)
-                        continue;
-                /* Create a new node with qualifiers from anyPolicy and
-                 * id from unmatched node.
-                 */
-                data = policy_data_new(NULL, node->data->valid_policy,
-                    node_critical(node));
-                if (data == NULL)
-                        return 0;
-                /* Curr may not have anyPolicy */
-                data->qualifier_set = cache->anyPolicy->qualifier_set;
-                data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-                if (!level_add_node(curr, data, node, tree)) {
-                        policy_data_free(data);
-                        return 0;
-                }
-#endif
        }
        /* Finally add link to anyPolicy */
        if (last->anyPolicy) {

diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c index 2c6472a8a1..fa0e161562 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c +++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pcy_tree.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */	1	/* $OpenBSD: pcy_tree.c,v 1.13 2015/02/07 13:19:15 doug Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2004.	3	* project 2004.
4	*/	4	*/
@@ -153,11 +153,6 @@ tree_init(X509_POLICY_TREE *ptree, STACK_OF(X509) certs, unsigned int flags)
153	*ptree = NULL;	153	*ptree = NULL;
154	n = sk_X509_num(certs);	154	n = sk_X509_num(certs);
155		155
156	#if 0
157	/* Disable policy mapping for now... */
158	flags \|= X509_V_FLAG_INHIBIT_MAP;
159	#endif
160
161	if (flags & X509_V_FLAG_EXPLICIT_POLICY)	156	if (flags & X509_V_FLAG_EXPLICIT_POLICY)
162	explicit_policy = 0;	157	explicit_policy = 0;
163	else	158	else
@@ -327,19 +322,6 @@ tree_link_nodes(X509_POLICY_LEVEL curr, const X509_POLICY_CACHE cache)
327		322
328	for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {	323	for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
329	data = sk_X509_POLICY_DATA_value(cache->data, i);	324	data = sk_X509_POLICY_DATA_value(cache->data, i);
330	/* If a node is mapped any it doesn't have a corresponding
331	* CertificatePolicies entry.
332	* However such an identical node would be created
333	* if anyPolicy matching is enabled because there would be
334	* no match with the parent valid_policy_set. So we create
335	* link because then it will have the mapping flags
336	* right and we can prune it later.
337	*/
338	#if 0
339	if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) &&
340	!(curr->flags & X509_V_FLAG_INHIBIT_ANY))
341	continue;
342	#endif
343	/* Look for matching nodes in previous level */	325	/* Look for matching nodes in previous level */
344	if (!tree_link_matching_nodes(curr, data))	326	if (!tree_link_matching_nodes(curr, data))
345	return 0;	327	return 0;
@@ -416,7 +398,6 @@ tree_link_any(X509_POLICY_LEVEL curr, const X509_POLICY_CACHE cache,
416	X509_POLICY_TREE *tree)	398	X509_POLICY_TREE *tree)
417	{	399	{
418	int i;	400	int i;
419	/X509_POLICY_DATA data;*/
420	X509_POLICY_NODE *node;	401	X509_POLICY_NODE *node;
421	X509_POLICY_LEVEL *last = curr - 1;	402	X509_POLICY_LEVEL *last = curr - 1;
422		403
@@ -425,36 +406,6 @@ tree_link_any(X509_POLICY_LEVEL curr, const X509_POLICY_CACHE cache,
425		406
426	if (!tree_link_unmatched(curr, cache, node, tree))	407	if (!tree_link_unmatched(curr, cache, node, tree))
427	return 0;	408	return 0;
428
429	#if 0
430
431	/* Skip any node with any children: we only want unmathced
432	* nodes.
433	*
434	* Note: need something better for policy mapping
435	* because each node may have multiple children
436	*/
437	if (node->nchild)
438	continue;
439
440	/* Create a new node with qualifiers from anyPolicy and
441	* id from unmatched node.
442	*/
443	data = policy_data_new(NULL, node->data->valid_policy,
444	node_critical(node));
445
446	if (data == NULL)
447	return 0;
448	/* Curr may not have anyPolicy */
449	data->qualifier_set = cache->anyPolicy->qualifier_set;
450	data->flags \|= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
451	if (!level_add_node(curr, data, node, tree)) {
452	policy_data_free(data);
453	return 0;
454	}
455
456	#endif
457
458	}	409	}
459	/* Finally add link to anyPolicy */	410	/* Finally add link to anyPolicy */
460	if (last->anyPolicy) {	411	if (last->anyPolicy) {