From 71167f8b1c800e07ea68636abbb3428d1f1589df Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 4 Feb 2022 16:34:15 +0000
Subject: Remove a strange inheritance check from addr_validate_path_internal()

The trust anchor can't inherit, but the code says that it can inherit
just not if the leaf tries to inherit from that. This makes no sense
and doesn't match what is done on the asid side.

ok jsing
---
 src/lib/libcrypto/x509/x509_addr.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index cc77f92509..209c5cf397 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509_addr.c,v 1.76 2022/01/06 14:08:15 tb Exp $ */
+/*	$OpenBSD: x509_addr.c,v 1.77 2022/02/04 16:34:15 tb Exp $ */
 /*
  * Contributed to the OpenSSL Project by the American Registry for
  * Internet Numbers ("ARIN").
@@ -1899,9 +1899,6 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
 			if (IPAddressFamily_inheritance(parent_af) == NULL)
 				continue;
 
-			if (sk_IPAddressFamily_find(child, parent_af) < 0)
-				continue;
-
 			if ((ret = verify_error(ctx, cert,
 			    X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0)
 				goto done;
-- 
cgit v1.2.3-55-g6feb