From 0f39bab0df4109bab7effc7428e1d759f36d8642 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 28 Jun 2012 13:02:14 +0000 Subject: [PATCH] Function tls1_check_ec_server_key is now redundant as we make appropriate checks in tls1_check_chain. --- ssl/s3_lib.c | 4 ---- ssl/ssl_locl.h | 1 - ssl/t1_lib.c | 8 -------- 3 files changed, 13 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 993f6e4f15..7d10941767 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3981,10 +3981,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_EC - /* if we are considering an ECC cipher suite that uses our - * certificate check it */ - if (alg_a & (SSL_aECDSA|SSL_aECDH)) - ok = ok && tls1_check_ec_server_key(s); /* if we are considering an ECC cipher suite that uses * an ephemeral EC key check it */ if (alg_k & SSL_kEECDH) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a2fe6ba7eb..c2547ad47f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1149,7 +1149,6 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str); -int tls1_check_ec_server_key(SSL *s); int tls1_check_ec_tmp_key(SSL *s); #endif /* OPENSSL_NO_EC */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index add105d272..46b3a4c9f9 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -563,14 +563,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x) return 0; return tls1_check_ec_key(s, curve_id, &comp_id); } -/* Check EC server key is compatible with client extensions */ -int tls1_check_ec_server_key(SSL *s) - { - CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC; - if (!cpk->x509 || !cpk->privatekey) - return 0; - return tls1_check_cert_param(s, cpk->x509); - } /* Check EC temporary key is compatible with client extensions */ int tls1_check_ec_tmp_key(SSL *s) { -- 2.34.1