From d1c1c8e0a1a032abf07d11db74f0de396c251355 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Mon, 8 Jun 2015 18:36:21 -0400
Subject: [PATCH] Remove EVP_PKEY_missing_parameters in
 ssl3_check_certificate_for_cipher.

This is a remnant of DSA support. It's not possible to parse out an incomplete
public key for the more reasonable X.509 key types.

Change-Id: I4f4c7b9d3795f5f0635f80a4cec9ca4c778e6c69
Reviewed-on: https://boringssl-review.googlesource.com/5050
Reviewed-by: Adam Langley <agl@google.com>
---
 ssl/s3_clnt.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 124c763b..f0c36efd 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -917,9 +917,7 @@ static int ssl3_check_certificate_for_cipher(X509 *leaf,
                                              const SSL_CIPHER *cipher) {
   int ret = 0;
   EVP_PKEY *pkey = X509_get_pubkey(leaf);
-  if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
-    OPENSSL_PUT_ERROR(SSL, ssl3_get_server_certificate,
-                      SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+  if (pkey == NULL) {
     goto err;
   }