diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2023-06-08 22:02:41 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2023-06-08 22:02:41 +0000 |
| commit | 13e818adaeee96a8562a4135ced58241d29a9437 (patch) | |
| tree | 2f4cb1c39bf75c856ff84cb7c28c3a6baef2b20a /lib/libcrypto | |
| parent | 339d074149a2d38004a6ead707d91e061eaae181 (diff) | |
Remove dead code.
must_be_ca can no longer be 0 after the proxy cert code got nuked,
so change this to an if. must_be_ca is now -1 for a leaf, or 1 for
a non leaf.
ok tb@
Diffstat (limited to 'lib/libcrypto')
| -rw-r--r-- | lib/libcrypto/x509/x509_vfy.c | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index 0c2144752d5..c4ba3d5b149 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.124 2023/05/28 05:25:24 tb Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.125 2023/06/08 22:02:40 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -754,23 +754,14 @@ x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx) goto end; } ret = X509_check_ca(x); - switch (must_be_ca) { - case -1: + if (must_be_ca == -1) { if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && (ret != 1) && (ret != 0)) { ret = 0; ctx->error = X509_V_ERR_INVALID_CA; } else ret = 1; - break; - case 0: - if (ret != 0) { - ret = 0; - ctx->error = X509_V_ERR_INVALID_NON_CA; - } else - ret = 1; - break; - default: + } else { if ((ret == 0) || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && (ret != 1))) { @@ -778,7 +769,6 @@ x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx) ctx->error = X509_V_ERR_INVALID_CA; } else ret = 1; - break; } if (ret == 0) { ctx->error_depth = i; |