Revert "Fix verify algorithm."

This reverts commit 47daa155a31b0a54ce09ad2ed4d55fad74096dab.

The above commit was backported to the 1.0.2 branch as part of backporting
the alternative chain verify algorithm changes. However it has been pointed
out (credit to Shigeki Ohtsu) that this is unnecessary in 1.0.2 as this
commit is a work around for loop checking that only exists in master.

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index c0f6a5dfff82dd24370bbcd9de8d81d46de0aac7..f3e9c56b0917158b83ebf69002f893cc1f3a5994 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -370,16 +370,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
             && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
             && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
             while (j-- > 1) {
-                STACK_OF(X509) *chtmp = ctx->chain;
                 xtmp2 = sk_X509_value(ctx->chain, j - 1);
-                /*
-                 * Temporarily set chain to NULL so we don't discount
-                 * duplicates: the same certificate could be an untrusted
-                 * CA found in the trusted store.
-                 */
-                ctx->chain = NULL;
                 ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
-                ctx->chain = chtmp;
                 if (ok < 0)
                     goto end;
                 /* Check if we found an alternate chain */