From: Dr. Stephen Henson <steve@openssl.org>
Date: Mon, 25 Jul 2016 13:05:39 +0000 (+0100)
Subject: Remove current_method from X509_STORE_CTX
X-Git-Tag: OpenSSL_1_1_0-pre6~77
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=fc9d1ef39c97c06f83fd40a6f94c0af4da3887ea;ds=inline

Remove current_method from X509_STORE_CTX

Remove current_method: it was intended as a means of retrying
lookups bit it was never used. Now that X509_verify_cert() is
a "one shot" operation it can never work as intended.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---

diff --git a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h
index 545f90990f..3d0b0bde03 100644
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@@ -175,8 +175,6 @@ struct x509_st {
  */
 struct x509_store_ctx_st {      /* X509_STORE_CTX */
     X509_STORE *ctx;
-    /* used when looking up certs */
-    int current_method;
     /* The following are set by the caller */
     /* The cert to check */
     X509 *cert;
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 6f5f269232..f40f3fc081 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -283,19 +283,14 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
     CRYPTO_THREAD_unlock(ctx->lock);
 
     if (tmp == NULL || type == X509_LU_CRL) {
-        for (i = vs->current_method;
-             i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
+        for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
             lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
             j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
-            if (j < 0) {
-                vs->current_method = j;
-                return j;
-            } else if (j) {
+            if (j) {
                 tmp = &stmp;
                 break;
             }
         }
-        vs->current_method = 0;
         if (tmp == NULL)
             return 0;
     }
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index a290a5e6b3..abe9caae13 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2216,7 +2216,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
     int ret = 1;
 
     ctx->ctx = store;
-    ctx->current_method = 0;
     ctx->cert = x509;
     ctx->untrusted = chain;
     ctx->crls = NULL;