Remove ssl_cert_inst()

{

    int ret = 0;

#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)

    if (

# ifndef OPENSSL_NO_RSA

           cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||

# endif

# ifndef OPENSSL_NO_DSA

           cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||

# endif

           0) {

        if (!ssl_cert_inst(&s->cert)) {

            SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);

            return (0);

        }

    }

#endif

    switch (cmd) {

    case SSL_CTRL_GET_SESSION_REUSED:

        ret = s->hit;

{

    int ret = 0;

#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)

    if (

# ifndef OPENSSL_NO_RSA

           cmd == SSL_CTRL_SET_TMP_RSA_CB ||

# endif

# ifndef OPENSSL_NO_DSA

           cmd == SSL_CTRL_SET_TMP_DH_CB ||

# endif

           0) {

        if (!ssl_cert_inst(&s->cert)) {

            SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);

            return (0);

        }

    }

#endif

    switch (cmd) {

#ifndef OPENSSL_NO_RSA

    case SSL_CTRL_SET_TMP_RSA_CB:

    OPENSSL_free(c);

}

int ssl_cert_inst(CERT **o)

{

    /*

     * Create a CERT if there isn't already one (which cannot really happen,

     * as it is initially created in SSL_CTX_new; but the earlier code

     * usually allows for that one being non-existant, so we follow that

     * behaviour, as it might turn out that there actually is a reason for it

     * -- but I'm not sure that *all* of the existing code could cope with

     * s->cert being NULL, otherwise we could do without the initialization

     * in SSL_CTX_new).

     */

    if (o == NULL) {

        SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);

        return (0);

    }

    if (*o == NULL) {

        if ((*o = ssl_cert_new()) == NULL) {

            SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);

            return (0);

        }

    }

    return (1);

}

int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)

{

    int i, r;

    {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "ssl_bytes_to_cipher_list"},

    {ERR_FUNC(SSL_F_SSL_CERT_ADD0_CHAIN_CERT), "ssl_cert_add0_chain_cert"},

    {ERR_FUNC(SSL_F_SSL_CERT_DUP), "ssl_cert_dup"},

    {ERR_FUNC(SSL_F_SSL_CERT_INST), "ssl_cert_inst"},

    {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},

    {ERR_FUNC(SSL_F_SSL_CERT_NEW), "ssl_cert_new"},

    {ERR_FUNC(SSL_F_SSL_CERT_SET0_CHAIN), "ssl_cert_set0_chain"},

    s->mode = ctx->mode;

    s->max_cert_list = ctx->max_cert_list;

    if (ctx->cert != NULL) {

    /*

     * Earlier library versions used to copy the pointer to the CERT, not

     * its contents; only when setting new parameters for the per-SSL

     * used to be known as s->ctx->default_cert). Now we don't look at the

     * SSL_CTX's CERT after having duplicated it once.

     */

    s->cert = ssl_cert_dup(ctx->cert);

    if (s->cert == NULL)

        goto err;

    } else

        s->cert = NULL;         /* Cannot really happen (see SSL_CTX_new) */

    s->read_ahead = ctx->read_ahead;

    s->msg_callback = ctx->msg_callback;

CERT *ssl_cert_new(void);

CERT *ssl_cert_dup(CERT *cert);

void ssl_cert_set_default_md(CERT *cert);

int ssl_cert_inst(CERT **o);

void ssl_cert_clear_certs(CERT *c);

void ssl_cert_free(CERT *c);

SESS_CERT *ssl_sess_cert_new(void);