Remove current_method from X509_STORE_CTX

Remove current_method: it was intended as a means of retrying lookups bit it was never used. Now that X509_verify_cert() is a "one shot" operation it can never work as intended. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 14:05:39 +01:00 · 2016-07-25 14:05:39 +01:00 · fc9d1ef39c
commit fc9d1ef39c
parent 61d81f0ac9
3 changed files with 2 additions and 10 deletions
--- a/crypto/include/internal/x509_int.h
+++ b/crypto/include/internal/x509_int.h
@ -175,8 +175,6 @@ struct x509_st {
 */
 struct x509_store_ctx_st {      /* X509_STORE_CTX */
    X509_STORE *ctx;
-    /* used when looking up certs */
-    int current_method;
    /* The following are set by the caller */
    /* The cert to check */
    X509 *cert;
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@ -283,19 +283,14 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
    CRYPTO_THREAD_unlock(ctx->lock);

    if (tmp == NULL || type == X509_LU_CRL) {
-        for (i = vs->current_method;
-             i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
+        for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
            lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
            j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
-            if (j < 0) {
-                vs->current_method = j;
-                return j;
-            } else if (j) {
+            if (j) {
                tmp = &stmp;
                break;
            }
        }
-        vs->current_method = 0;
        if (tmp == NULL)
            return 0;
    }
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@ -2216,7 +2216,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
    int ret = 1;

    ctx->ctx = store;
-    ctx->current_method = 0;
    ctx->cert = x509;
    ctx->untrusted = chain;
    ctx->crls = NULL;