Google Git
Sign in
boringssl/boringssl.git/a5a3eeb9cc0c131b74562cee3c219a52b0132aa6^!/./ssl/ssl_lib.c
commit
a5a3eeb9cc0c131b74562cee3c219a52b0132aa6
[log]
author
David Benjamin <davidben@chromium.org>
Wed Mar 18 20:26:30 2015 -0400
committer
Adam Langley <agl@google.com>
Thu Mar 19 11:35:46 2015 +0000
tree
1c190bb342b738302783354d82533ad206fa82e2
parent
ced555394f527876910c4299059ab71226f8cc4d [diff] [blame]
Remove ssl_cert_inst()

It created the cert structure in SSL_CTX or SSL if it was NULL, but they can
never be NULL as the comments already said.

(Imported from upstream's 2c3823491d8812560922a58677e3ad2db4b2ec8d.)

Change-Id: I97c7bb306d6f3c18597850db9f08023b2ef74839
Reviewed-on: https://boringssl-review.googlesource.com/4042
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 04f6c54..e17ee5a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -265,21 +265,9 @@
   s->mode = ctx->mode;
   s->max_cert_list = ctx->max_cert_list;
 
-  if (ctx->cert != NULL) {
-    /* Earlier library versions used to copy the pointer to the CERT, not its
-     * contents; only when setting new parameters for the per-SSL copy,
-     * ssl_cert_new would be called (and the direct reference to the
-     * per-SSL_CTX settings would be lost, but those still were indirectly
-     * accessed for various purposes, and for that reason they used to be known
-     * as s->ctx->default_cert). Now we don't look at the SSL_CTX's CERT after
-     * having duplicated it once. */
-
-    s->cert = ssl_cert_dup(ctx->cert);
-    if (s->cert == NULL) {
-      goto err;
-    }
-  } else {
-    s->cert = NULL; /* Cannot really happen (see SSL_CTX_new) */
+  s->cert = ssl_cert_dup(ctx->cert);
+  if (s->cert == NULL) {
+    goto err;
   }
 
   s->read_ahead = ctx->read_ahead;