Commit fc9d1ef3 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Remove current_method from X509_STORE_CTX 



Remove current_method: it was intended as a means of retrying
lookups bit it was never used. Now that X509_verify_cert() is
a "one shot" operation it can never work as intended.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 61d81f0a

crypto/include/internal/x509_int.h

+0 −2
Original line number Diff line number Diff line
@@ -175,8 +175,6 @@ struct x509_st { 
 */

struct x509_store_ctx_st {      /* X509_STORE_CTX */

    X509_STORE *ctx;

    /* used when looking up certs */

    int current_method;

    /* The following are set by the caller */

    /* The cert to check */

    X509 *cert;

crypto/x509/x509_lu.c

+2 −7
Original line number Diff line number Diff line
@@ -283,19 +283,14 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, 
    CRYPTO_THREAD_unlock(ctx->lock);



    if (tmp == NULL || type == X509_LU_CRL) {

        for (i = vs->current_method;

             i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {

        for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {

            lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);

            j = X509_LOOKUP_by_subject(lu, type, name, &stmp);

            if (j < 0) {

                vs->current_method = j;

                return j;

            } else if (j) {

            if (j) {

                tmp = &stmp;

                break;

            }

        }

        vs->current_method = 0;

        if (tmp == NULL)

            return 0;

    }

crypto/x509/x509_vfy.c

+0 −1
Original line number Diff line number Diff line
@@ -2216,7 +2216,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, 
    int ret = 1;



    ctx->ctx = store;

    ctx->current_method = 0;

    ctx->cert = x509;

    ctx->untrusted = chain;

    ctx->crls = NULL;