Google Git
Sign in
boringssl/boringssl/9c890d4b70b3859efcd949be1476868a2a9ce0ff^!/.
commit
9c890d4b70b3859efcd949be1476868a2a9ce0ff
[log]
author
Alex Chernyakhovsky <achernya@google.com>
Sat Jul 05 00:53:11 2014 -0400
committer
Adam Langley <agl@google.com>
Mon Jul 07 20:21:59 2014 +0000
tree
dbed7a2b056ef0c656dc7785f6614b6211bf6cb9
parent
3c5034e97ca6eb204f06b030c70fc6644bb217d4 [diff]
Remove SSL_OP_NETSCAPE_CA_DN_BUG

SSL_OP_NETSCAPE_CA_DN_BUG is not included in SSL_OP_ALL.

Change-Id: I1635ad2721ed2742b1dff189d68bfc67a1c840a6
Reviewed-on: https://boringssl-review.googlesource.com/1102
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d2e8b0e..dfcc568 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -1962,8 +1962,6 @@
 		n2s(p,l);
 		if ((l+nc+2) > llen)
 			{
-			if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-				goto cont; /* netscape bugs */
 			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 			OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, SSL_R_CA_DN_TOO_LONG);
 			goto err;
@@ -1973,15 +1971,9 @@
 
 		if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
 			{
-			/* If netscape tolerance is on, ignore errors */
-			if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
-				goto cont;
-			else
-				{
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
-				OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, ERR_R_ASN1_LIB);
-				goto err;
-				}
+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+			OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, ERR_R_ASN1_LIB);
+			goto err;
 			}
 
 		if (q != (p+l))
@@ -2000,12 +1992,6 @@
 		nc+=l+2;
 		}
 
-	if (0)
-		{
-cont:
-		ERR_clear_error();
-		}
-
 	/* we should setup a certificate to return.... */
 	s->s3->tmp.cert_req=1;
 	s->s3->tmp.ctype_num=ctype_num;

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ccb3738..06088ec 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c

@@ -2022,21 +2022,10 @@
 					goto err;
 					}
 				p = ssl_handshake_start(s) + n;
-				if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
-					{
-					s2n(j,p);
-					i2d_X509_NAME(name,&p);
-					n+=2+j;
-					nl+=2+j;
-					}
-				else
-					{
-					d=p;
-					i2d_X509_NAME(name,&p);
-					j-=2; s2n(j,d); j+=2;
-					n+=j;
-					nl+=j;
-					}
+				s2n(j,p);
+				i2d_X509_NAME(name,&p);
+				n+=2+j;
+				nl+=2+j;
 				}
 			}
 		/* else no CA names */

diff --git a/ssl/ssl.h b/ssl/ssl.h
index b1bf727..80165dc 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h

@@ -620,7 +620,6 @@
 #define SSL_OP_PKCS1_CHECK_1				0x0
 #define SSL_OP_PKCS1_CHECK_2				0x0
 
-#define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
 #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
 
 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success