Revert "OPENSSL_NO_xxx cleanup: RFC3779"

[openssl.git] / crypto / x509 / x509_vfy.c

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 1376e4486bceead7ff935ea487876d9701e04473..6169db1e1c0d895fd8efbbcdf6ae7ba1557b45db 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -485,6 +485,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     if (!ok)
         goto end;
 
+#ifndef OPENSSL_NO_RFC3779
     /* RFC 3779 path validation, now that CRL check has been done */
     ok = v3_asid_validate_path(ctx);
     if (!ok)
@@ -492,6 +493,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     ok = v3_addr_validate_path(ctx);
     if (!ok)
         goto end;
+#endif
 
     /* If we get this far evaluate policies */
     if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
@@ -2259,13 +2261,12 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 
 X509_STORE_CTX *X509_STORE_CTX_new(void)
 {
-    X509_STORE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+    X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
     if (!ctx) {
         X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    memset(ctx, 0, sizeof(*ctx));
     return ctx;
 }