Remove current_method from X509_STORE_CTX
authorDr. Stephen Henson <steve@openssl.org>
Mon, 25 Jul 2016 13:05:39 +0000 (14:05 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 26 Jul 2016 15:23:02 +0000 (16:23 +0100)
Remove current_method: it was intended as a means of retrying
lookups bit it was never used. Now that X509_verify_cert() is
a "one shot" operation it can never work as intended.

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/include/internal/x509_int.h
crypto/x509/x509_lu.c
crypto/x509/x509_vfy.c

index 545f909..3d0b0bd 100644 (file)
@@ -175,8 +175,6 @@ struct x509_st {
  */
 struct x509_store_ctx_st {      /* X509_STORE_CTX */
     X509_STORE *ctx;
-    /* used when looking up certs */
-    int current_method;
     /* The following are set by the caller */
     /* The cert to check */
     X509 *cert;
index 6f5f269..f40f3fc 100644 (file)
@@ -283,19 +283,14 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
     CRYPTO_THREAD_unlock(ctx->lock);
 
     if (tmp == NULL || type == X509_LU_CRL) {
-        for (i = vs->current_method;
-             i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
+        for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
             lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
             j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
-            if (j < 0) {
-                vs->current_method = j;
-                return j;
-            } else if (j) {
+            if (j) {
                 tmp = &stmp;
                 break;
             }
         }
-        vs->current_method = 0;
         if (tmp == NULL)
             return 0;
     }
index a290a5e..abe9caa 100644 (file)
@@ -2216,7 +2216,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
     int ret = 1;
 
     ctx->ctx = store;
-    ctx->current_method = 0;
     ctx->cert = x509;
     ctx->untrusted = chain;
     ctx->crls = NULL;