Function tls1_check_ec_server_key is now redundant as we make

appropriate checks in tls1_check_chain.
2024-11-27 05:21:51 +08:00 · 2012-06-28 13:02:14 +00:00 · 2012-06-28 13:02:14 +00:00 · 0f39bab0df
commit 0f39bab0df
parent d61ff83be9
3 changed files with 0 additions and 13 deletions
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@ -3981,10 +3981,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,

 #ifndef OPENSSL_NO_TLSEXT
 #ifndef OPENSSL_NO_EC
-		/* if we are considering an ECC cipher suite that uses our
-		 * certificate check it */
-		if (alg_a & (SSL_aECDSA|SSL_aECDH))
-			ok = ok && tls1_check_ec_server_key(s);
 		/* if we are considering an ECC cipher suite that uses
 		 * an ephemeral EC key check it */
 		if (alg_k & SSL_kEECDH)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -1149,7 +1149,6 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
 			int *curves, size_t ncurves);
 int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, 
 				const char *str);
-int tls1_check_ec_server_key(SSL *s);
 int tls1_check_ec_tmp_key(SSL *s);
 #endif /* OPENSSL_NO_EC */

--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -563,14 +563,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x)
 		return 0;
 	return tls1_check_ec_key(s, curve_id, &comp_id);
 	}
-/* Check EC server key is compatible with client extensions */
-int tls1_check_ec_server_key(SSL *s)
-	{
-	CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;
-	if (!cpk->x509 || !cpk->privatekey)
-		return 0;
-	return tls1_check_cert_param(s, cpk->x509);
-	}
 /* Check EC temporary key is compatible with client extensions */
 int tls1_check_ec_tmp_key(SSL *s)
 	{