From 3c8e40888023ea3a64023ce924efeff05ee35993 Mon Sep 17 00:00:00 2001
From: bcook <>
Date: Wed, 15 May 2019 09:13:16 +0000
Subject: s3 is never NULL since s2 (formerly used for SSLv2) does not exist,
 so there is no need to check for it. Fixes COV-165788, identified with help
 from Alex Bumstead.

ok jsing@
---
 src/lib/libssl/ssl_cert.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src/lib/libssl/ssl_cert.c')

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 4641ac92d0..af8ef329b4 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.75 2019/04/13 18:04:05 tb Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.76 2019/05/15 09:13:16 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -508,8 +508,7 @@ SSL_get_client_CA_list(const SSL *s)
 {
 	if (s->internal->type == SSL_ST_CONNECT) {
 		/* We are in the client. */
-		if (((s->version >> 8) == SSL3_VERSION_MAJOR) &&
-		    (s->s3 != NULL))
+		if ((s->version >> 8) == SSL3_VERSION_MAJOR)
 			return (S3I(s)->tmp.ca_names);
 		else
 			return (NULL);
-- 
cgit v1.2.3-55-g6feb