From c26652e36ac1ecfa50a2d217fdd0c2786495c552 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Wed, 11 Feb 2015 02:17:59 +0000 Subject: More unifdef OPENSSL_NO_RFC3779 that got missed last time around. Spotted by beck@ --- src/lib/libcrypto/x509/x509.h | 6 +----- src/lib/libcrypto/x509/x509_vfy.c | 12 +----------- src/lib/libssl/src/crypto/x509/x509.h | 6 +----- src/lib/libssl/src/crypto/x509/x509_vfy.c | 12 +----------- 4 files changed, 4 insertions(+), 32 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index d67a87df0b..ec6668d35e 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.21 2015/01/28 04:14:31 beck Exp $ */ +/* $OpenBSD: x509.h,v 1.22 2015/02/11 02:17:59 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -291,10 +291,6 @@ struct x509_st STACK_OF(DIST_POINT) *crldp; STACK_OF(GENERAL_NAME) *altname; NAME_CONSTRAINTS *nc; -#ifndef OPENSSL_NO_RFC3779 - STACK_OF(IPAddressFamily) *rfc3779_addr; - struct ASIdentifiers_st *rfc3779_asid; -#endif #ifndef OPENSSL_NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; #endif diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 5e3b0a5606..c383fda4f2 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.39 2015/02/10 08:33:10 jsing Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.40 2015/02/11 02:17:59 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -377,16 +377,6 @@ X509_verify_cert(X509_STORE_CTX *ctx) if (!ok) goto end; -#ifndef OPENSSL_NO_RFC3779 - /* RFC 3779 path validation, now that CRL check has been done */ - ok = v3_asid_validate_path(ctx); - if (!ok) - goto end; - ok = v3_addr_validate_path(ctx); - if (!ok) - goto end; -#endif - /* If we get this far evaluate policies */ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) ok = ctx->check_policy(ctx); diff --git a/src/lib/libssl/src/crypto/x509/x509.h b/src/lib/libssl/src/crypto/x509/x509.h index d67a87df0b..ec6668d35e 100644 --- a/src/lib/libssl/src/crypto/x509/x509.h +++ b/src/lib/libssl/src/crypto/x509/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.21 2015/01/28 04:14:31 beck Exp $ */ +/* $OpenBSD: x509.h,v 1.22 2015/02/11 02:17:59 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -291,10 +291,6 @@ struct x509_st STACK_OF(DIST_POINT) *crldp; STACK_OF(GENERAL_NAME) *altname; NAME_CONSTRAINTS *nc; -#ifndef OPENSSL_NO_RFC3779 - STACK_OF(IPAddressFamily) *rfc3779_addr; - struct ASIdentifiers_st *rfc3779_asid; -#endif #ifndef OPENSSL_NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; #endif diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c index 5e3b0a5606..c383fda4f2 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.39 2015/02/10 08:33:10 jsing Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.40 2015/02/11 02:17:59 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -377,16 +377,6 @@ X509_verify_cert(X509_STORE_CTX *ctx) if (!ok) goto end; -#ifndef OPENSSL_NO_RFC3779 - /* RFC 3779 path validation, now that CRL check has been done */ - ok = v3_asid_validate_path(ctx); - if (!ok) - goto end; - ok = v3_addr_validate_path(ctx); - if (!ok) - goto end; -#endif - /* If we get this far evaluate policies */ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) ok = ctx->check_policy(ctx); -- cgit v1.2.3-55-g6feb