From fad09b90be5a30598349a06adfd7574ef7264599 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 12 Aug 2017 02:55:22 +0000
Subject: Remove support for DSS/DSA, since we removed the cipher suites a
 while back.

ok guenther@
---
 src/lib/libssl/ssl_srvr.c | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

(limited to 'src/lib/libssl/ssl_srvr.c')

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index e370b7571c..a21039e727 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.19 2017/08/11 17:54:41 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.20 2017/08/12 02:55:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2256,17 +2256,6 @@ ssl3_get_cert_verify(SSL *s)
 			goto f_err;
 		}
 	} else
-	if (pkey->type == EVP_PKEY_DSA) {
-		j = DSA_verify(pkey->save_type,
-		    &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
-		    SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
-		if (j <= 0) {
-			/* bad signature */
-			al = SSL_AD_DECRYPT_ERROR;
-			SSLerror(s, SSL_R_BAD_DSA_SIGNATURE);
-			goto f_err;
-		}
-	} else
 	if (pkey->type == EVP_PKEY_EC) {
 		j = ECDSA_verify(pkey->save_type,
 		    &(S3I(s)->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
-- 
cgit v1.2.3-55-g6feb