Google Git
Sign in
boringssl / boringssl / 436bf82ee8a585dfa432c03265409b4154cc6042
commit436bf82ee8a585dfa432c03265409b4154cc6042[log] [tgz]
authorDavid Benjamin <davidben@chromium.org>Sun Jun 07 19:50:37 2015 -0400
committerAdam Langley <agl@google.com>Mon Jun 08 22:27:12 2015 +0000
tree0218dc017faac99ec888b1ba0a3a21476332e8af
parent8923c0bc53ec1c63f2a6706a54552aae667a78b4 [diff]
Prune ssl3_check_cert_and_algorithm.

Most of the logic was redundant with checks already made in
ssl3_get_server_certificate. The DHE check was missing an ECDHE half
(and was impossible). The ECDSA check allowed an ECDSA certificate for
RSA. The only non-redundant check was a key usage check which,
strangely, is only done for ECDSA ciphers.

(Although this function called X509_certificate_type and checked sign
bits, those bits in X509_certificate_type are purely a function of the
key type and don't do anything.)

Change-Id: I8df7eccc0ffff49e4cfd778bd91058eb253b13cb
Reviewed-on: https://boringssl-review.googlesource.com/5047
Reviewed-by: Adam Langley <agl@google.com>
4 files changed
tree: 0218dc017faac99ec888b1ba0a3a21476332e8af
  1. crypto/
  2. decrepit/
  3. doc/
  4. include/
  5. ssl/
  6. tool/
  7. util/
  8. .clang-format
  9. .gitignore
  10. BUILDING
  11. CMakeLists.txt
  12. codereview.settings
  13. LICENSE
  14. STYLE