cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_EC
cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
#endif
}
ret->dh_tmp_auto = cert->dh_tmp_auto;
#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
if (cert->ecdh_tmp) {
ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
if (ret->ecdh_tmp == NULL) {
#endif
#ifndef OPENSSL_NO_RSA
- if (c->rsa_tmp)
- RSA_free(c->rsa_tmp);
+ RSA_free(c->rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
- if (c->dh_tmp)
- DH_free(c->dh_tmp);
+ DH_free(c->dh_tmp);
#endif
-#ifndef OPENSSL_NO_ECDH
- if (c->ecdh_tmp)
- EC_KEY_free(c->ecdh_tmp);
+#ifndef OPENSSL_NO_EC
+ EC_KEY_free(c->ecdh_tmp);
#endif
ssl_cert_clear_certs(c);
OPENSSL_free(c);
}
-int ssl_cert_inst(CERT **o)
-{
- /*
- * Create a CERT if there isn't already one (which cannot really happen,
- * as it is initially created in SSL_CTX_new; but the earlier code
- * usually allows for that one being non-existant, so we follow that
- * behaviour, as it might turn out that there actually is a reason for it
- * -- but I'm not sure that *all* of the existing code could cope with
- * s->cert being NULL, otherwise we could do without the initialization
- * in SSL_CTX_new).
- */
-
- if (o == NULL) {
- SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
- return (0);
- }
- if (*o == NULL) {
- if ((*o = ssl_cert_new()) == NULL) {
- SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
- return (0);
- }
- }
- return (1);
-}
-
int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
{
int i, r;
for (i = 0; i < SSL_PKEY_NUM; i++) {
if (sc->peer_pkeys[i].x509 != NULL)
X509_free(sc->peer_pkeys[i].x509);
-#if 0 /* We don't have the peer's private key.
- * These lines are just * here as a reminder
- * that we're still using a
- * not-quite-appropriate * data structure. */
+#if 0
+ /*
+ * We don't have the peer's private key. These lines are just
+ * here as a reminder that we're still using a not-quite-appropriate
+ * data structure.
+ */
if (sc->peer_pkeys[i].privatekey != NULL)
EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
#endif
}
#ifndef OPENSSL_NO_RSA
- if (sc->peer_rsa_tmp != NULL)
- RSA_free(sc->peer_rsa_tmp);
+ RSA_free(sc->peer_rsa_tmp);
#endif
#ifndef OPENSSL_NO_DH
- if (sc->peer_dh_tmp != NULL)
- DH_free(sc->peer_dh_tmp);
+ DH_free(sc->peer_dh_tmp);
#endif
-#ifndef OPENSSL_NO_ECDH
- if (sc->peer_ecdh_tmp != NULL)
- EC_KEY_free(sc->peer_ecdh_tmp);
+#ifndef OPENSSL_NO_EC
+ EC_KEY_free(sc->peer_ecdh_tmp);
#endif
OPENSSL_free(sc);
}
/* Set suite B flags if needed */
X509_STORE_CTX_set_flags(&ctx, tls1_suiteb(s));
-#if 0
- if (SSL_get_verify_depth(s) >= 0)
- X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
-#endif
X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s);
/*
X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
if (s->ctx->app_verify_callback != NULL)
-#if 1 /* new with OpenSSL 0.9.7 */
i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
-#else
- i = s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
-#endif
else {
i = X509_verify_cert(&ctx);
# if 0
}
if (sk != NULL)
sk_X509_NAME_free(sk);
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
if (x != NULL)
X509_free(x);
if (ret != NULL)
err:
ret = 0;
}
- if (in != NULL)
- BIO_free(in);
+ BIO_free(in);
if (x != NULL)
X509_free(x);