Have 'make clean' clean away the log files.

[openssl.git] / ssl / ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 11839612f25a58d0379982dadd5c0b133f045659..555b1d7d826b6006a7fbc8c3dcce3f89de1f2074 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -167,13 +167,12 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void)
 
 CERT *ssl_cert_new(void)
 {
-    CERT *ret = OPENSSL_malloc(sizeof(*ret));
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
 
     if (ret == NULL) {
         SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
         return (NULL);
     }
-    memset(ret, 0, sizeof(*ret));
 
     ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
     ret->references = 1;
@@ -185,7 +184,7 @@ CERT *ssl_cert_new(void)
 
 CERT *ssl_cert_dup(CERT *cert)
 {
-    CERT *ret = OPENSSL_malloc(sizeof(*ret));
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
     int i;
 
     if (ret == NULL) {
@@ -193,8 +192,6 @@ CERT *ssl_cert_dup(CERT *cert)
         return (NULL);
     }
 
-    memset(ret, 0, sizeof(*ret));
-
     ret->key = &ret->pkeys[cert->key - cert->pkeys];
 
 #ifndef OPENSSL_NO_RSA
@@ -1031,8 +1028,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
         if (sk_X509_num(chain) > 0) {
             /* See if last cert is self signed */
             x = sk_X509_value(chain, sk_X509_num(chain) - 1);
-            X509_check_purpose(x, -1, 0);
-            if (x->ex_flags & EXFLAG_SS) {
+            if (X509_get_extension_flags(x) & EXFLAG_SS) {
                 x = sk_X509_pop(chain);
                 X509_free(x);
             }