Function tls1_check_ec_server_key is now redundant as we make
authorDr. Stephen Henson <steve@openssl.org>
Thu, 28 Jun 2012 13:02:14 +0000 (13:02 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 28 Jun 2012 13:02:14 +0000 (13:02 +0000)
appropriate checks in tls1_check_chain.

ssl/s3_lib.c
ssl/ssl_locl.h
ssl/t1_lib.c

index 993f6e4..7d10941 100644 (file)
@@ -3981,10 +3981,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 
 #ifndef OPENSSL_NO_TLSEXT
 #ifndef OPENSSL_NO_EC
-               /* if we are considering an ECC cipher suite that uses our
-                * certificate check it */
-               if (alg_a & (SSL_aECDSA|SSL_aECDH))
-                       ok = ok && tls1_check_ec_server_key(s);
                /* if we are considering an ECC cipher suite that uses
                 * an ephemeral EC key check it */
                if (alg_k & SSL_kEECDH)
index a2fe6ba..c2547ad 100644 (file)
@@ -1149,7 +1149,6 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
                        int *curves, size_t ncurves);
 int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, 
                                const char *str);
-int tls1_check_ec_server_key(SSL *s);
 int tls1_check_ec_tmp_key(SSL *s);
 #endif /* OPENSSL_NO_EC */
 
index add105d..46b3a4c 100644 (file)
@@ -563,14 +563,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x)
                return 0;
        return tls1_check_ec_key(s, curve_id, &comp_id);
        }
-/* Check EC server key is compatible with client extensions */
-int tls1_check_ec_server_key(SSL *s)
-       {
-       CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;
-       if (!cpk->x509 || !cpk->privatekey)
-               return 0;
-       return tls1_check_cert_param(s, cpk->x509);
-       }
 /* Check EC temporary key is compatible with client extensions */
 int tls1_check_ec_tmp_key(SSL *s)
        {