kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove EVP_PKEY_missing_parameters in ssl3_check_certificate_for_cipher.

Browse Source 
This is a remnant of DSA support. It's not possible to parse out an incomplete
public key for the more reasonable X.509 key types.

Change-Id: I4f4c7b9d3795f5f0635f80a4cec9ca4c778e6c69
Reviewed-on: https://boringssl-review.googlesource.com/5050
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2015-06-08 18:36:21 -04:00 committed by Adam Langley
parent 436bf82ee8
commit d1c1c8e0a1
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/s3_clnt.c
View File

@ -917,9 +917,7 @@ static int ssl3_check_certificate_for_cipher(X509 *leaf,
const SSL_CIPHER *cipher) { const SSL_CIPHER *cipher) {
int ret = 0; int ret = 0;
EVP_PKEY *pkey = X509_get_pubkey(leaf); EVP_PKEY *pkey = X509_get_pubkey(leaf);
if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { if (pkey == NULL) {
OPENSSL_PUT_ERROR(SSL, ssl3_get_server_certificate,
SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
goto err; goto err;
} }