Remove SSL_OP_NETSCAPE_CA_DN_BUG

SSL_OP_NETSCAPE_CA_DN_BUG is not included in SSL_OP_ALL.

Change-Id: I1635ad2721ed2742b1dff189d68bfc67a1c840a6
Reviewed-on: https://boringssl-review.googlesource.com/1102
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_clnt.c

@@ -1962,8 +1962,6 @@ fclose(out);
 		n2s(p,l);
 		if ((l+nc+2) > llen)
 			{
-			if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-				goto cont; /* netscape bugs */
 			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 			OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, SSL_R_CA_DN_TOO_LONG);
 			goto err;
@@ -1972,17 +1970,11 @@ fclose(out);
 		q=p;
 
 		if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
-			{
-			/* If netscape tolerance is on, ignore errors */
-			if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
-				goto cont;
-			else
 			{
 			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 			OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, ERR_R_ASN1_LIB);
 			goto err;
 			}
-			}
 
 		if (q != (p+l))
 			{
@@ -2000,12 +1992,6 @@ fclose(out);
 		nc+=l+2;
 		}
 
-	if (0)
-		{
-cont:
-		ERR_clear_error();
-		}
-
 	/* we should setup a certificate to return.... */
 	s->s3->tmp.cert_req=1;
 	s->s3->tmp.ctype_num=ctype_num;

ssl/s3_srvr.c

@@ -2022,22 +2022,11 @@ int ssl3_send_certificate_request(SSL *s)
 					goto err;
 					}
 				p = ssl_handshake_start(s) + n;
-				if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-					{
 				s2n(j,p);
 				i2d_X509_NAME(name,&p);
 				n+=2+j;
 				nl+=2+j;
 				}
-				else
-					{
-					d=p;
-					i2d_X509_NAME(name,&p);
-					j-=2; s2n(j,d); j+=2;
-					n+=j;
-					nl+=j;
-					}
-				}
 			}
 		/* else no CA names */
 		p = ssl_handshake_start(s) + off;

ssl/ssl.h

@@ -620,7 +620,6 @@ struct ssl_session_st
 #define SSL_OP_PKCS1_CHECK_1				0x0
 #define SSL_OP_PKCS1_CHECK_2				0x0
 
-#define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
 #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
 
 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success