Suppress DANE TLSA reflection when verification fails

[openssl.git] / crypto / x509 / x509type.c

diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
index 033175257a7738bdf61175f571dca37db252b2fc..870b47f8515d1fd31728f27f2aac88fcc4c69ede 100644 (file)
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -1,4 +1,3 @@
-/* crypto/x509/x509type.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -57,7 +56,7 @@
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
@@ -71,14 +70,14 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
         return (0);
 
     if (pkey == NULL)
-        pk = X509_get_pubkey(x);
+        pk = X509_get0_pubkey(x);
     else
         pk = pkey;
 
     if (pk == NULL)
         return (0);
 
-    switch (pk->type) {
+    switch (EVP_PKEY_id(pk)) {
     case EVP_PKEY_RSA:
         ret = EVP_PK_RSA | EVP_PKT_SIGN;
 /*              if (!sign only extension) */
@@ -93,15 +92,16 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
     case EVP_PKEY_DH:
         ret = EVP_PK_DH | EVP_PKT_EXCH;
         break;
-    case NID_id_GostR3410_94:
     case NID_id_GostR3410_2001:
+    case NID_id_GostR3410_2012_256:
+    case NID_id_GostR3410_2012_512:
         ret = EVP_PKT_EXCH | EVP_PKT_SIGN;
         break;
     default:
         break;
     }
 
-    i = OBJ_obj2nid(x->sig_alg->algorithm);
+    i = X509_get_signature_nid(x);
     if (i && OBJ_find_sigid_algs(i, NULL, &i)) {
 
         switch (i) {
@@ -121,10 +121,5 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
         }
     }
 
-    /* /8 because it's 1024 bits we look for, not bytes */
-    if (EVP_PKEY_size(pk) <= 1024 / 8)
-        ret |= EVP_PKT_EXP;
-    if (pkey == NULL)
-        EVP_PKEY_free(pk);
     return (ret);
 }