diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-07-25 14:05:39 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-07-26 16:23:02 +0100 |
commit | fc9d1ef39c97c06f83fd40a6f94c0af4da3887ea (patch) | |
tree | d0029e8beff52847e41812553ae5bc6a562de36d /crypto | |
parent | 61d81f0ac91cc0e8612c55f46432839f25a4c71a (diff) | |
download | openssl-fc9d1ef39c97c06f83fd40a6f94c0af4da3887ea.zip openssl-fc9d1ef39c97c06f83fd40a6f94c0af4da3887ea.tar.gz openssl-fc9d1ef39c97c06f83fd40a6f94c0af4da3887ea.tar.bz2 |
Remove current_method from X509_STORE_CTX
Remove current_method: it was intended as a means of retrying
lookups bit it was never used. Now that X509_verify_cert() is
a "one shot" operation it can never work as intended.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/include/internal/x509_int.h | 2 | ||||
-rw-r--r-- | crypto/x509/x509_lu.c | 9 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 1 |
3 files changed, 2 insertions, 10 deletions
diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h index 545f909..3d0b0bd 100644 --- a/crypto/include/internal/x509_int.h +++ b/crypto/include/internal/x509_int.h @@ -175,8 +175,6 @@ struct x509_st { */ struct x509_store_ctx_st { /* X509_STORE_CTX */ X509_STORE *ctx; - /* used when looking up certs */ - int current_method; /* The following are set by the caller */ /* The cert to check */ X509 *cert; diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 6f5f269..f40f3fc 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -283,19 +283,14 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, CRYPTO_THREAD_unlock(ctx->lock); if (tmp == NULL || type == X509_LU_CRL) { - for (i = vs->current_method; - i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { + for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); j = X509_LOOKUP_by_subject(lu, type, name, &stmp); - if (j < 0) { - vs->current_method = j; - return j; - } else if (j) { + if (j) { tmp = &stmp; break; } } - vs->current_method = 0; if (tmp == NULL) return 0; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index a290a5e..abe9caa 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2216,7 +2216,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, int ret = 1; ctx->ctx = store; - ctx->current_method = 0; ctx->cert = x509; ctx->untrusted = chain; ctx->crls = NULL; |