Function tls1_check_ec_server_key is now redundant as we make

appropriate checks in tls1_check_chain.
This commit is contained in:
Dr. Stephen Henson 2012-06-28 13:02:14 +00:00
parent d61ff83be9
commit 0f39bab0df
3 changed files with 0 additions and 13 deletions

View File

@ -3981,10 +3981,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_TLSEXT #ifndef OPENSSL_NO_TLSEXT
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
/* if we are considering an ECC cipher suite that uses our
* certificate check it */
if (alg_a & (SSL_aECDSA|SSL_aECDH))
ok = ok && tls1_check_ec_server_key(s);
/* if we are considering an ECC cipher suite that uses /* if we are considering an ECC cipher suite that uses
* an ephemeral EC key check it */ * an ephemeral EC key check it */
if (alg_k & SSL_kEECDH) if (alg_k & SSL_kEECDH)

View File

@ -1149,7 +1149,6 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
int *curves, size_t ncurves); int *curves, size_t ncurves);
int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, int tls1_set_curves_list(unsigned char **pext, size_t *pextlen,
const char *str); const char *str);
int tls1_check_ec_server_key(SSL *s);
int tls1_check_ec_tmp_key(SSL *s); int tls1_check_ec_tmp_key(SSL *s);
#endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_EC */

View File

@ -563,14 +563,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x)
return 0; return 0;
return tls1_check_ec_key(s, curve_id, &comp_id); return tls1_check_ec_key(s, curve_id, &comp_id);
} }
/* Check EC server key is compatible with client extensions */
int tls1_check_ec_server_key(SSL *s)
{
CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;
if (!cpk->x509 || !cpk->privatekey)
return 0;
return tls1_check_cert_param(s, cpk->x509);
}
/* Check EC temporary key is compatible with client extensions */ /* Check EC temporary key is compatible with client extensions */
int tls1_check_ec_tmp_key(SSL *s) int tls1_check_ec_tmp_key(SSL *s)
{ {