More unifdef OPENSSL_NO_RFC3779 that got missed last time around.

Spotted by beck@

2 files changed, 2 insertions, 16 deletions

diff --git a/lib/libssl/src/crypto/x509/x509.h b/lib/libssl/src/crypto/x509/x509.h
index d67a87df0b6..ec6668d35ef 100644
--- a/lib/libssl/src/crypto/x509/x509.h
+++ b/lib/libssl/src/crypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.21 2015/01/28 04:14:31 beck Exp $ */
+/* $OpenBSD: x509.h,v 1.22 2015/02/11 02:17:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -291,10 +291,6 @@ struct x509_st
 	STACK_OF(DIST_POINT) *crldp;
 	STACK_OF(GENERAL_NAME) *altname;
 	NAME_CONSTRAINTS *nc;
-#ifndef OPENSSL_NO_RFC3779
-	STACK_OF(IPAddressFamily) *rfc3779_addr;
-	struct ASIdentifiers_st *rfc3779_asid;
-#endif
 #ifndef OPENSSL_NO_SHA
 	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 #endif
diff --git a/lib/libssl/src/crypto/x509/x509_vfy.c b/lib/libssl/src/crypto/x509/x509_vfy.c
index 5e3b0a56061..c383fda4f2d 100644
--- a/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.39 2015/02/10 08:33:10 jsing Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.40 2015/02/11 02:17:59 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -377,16 +377,6 @@ X509_verify_cert(X509_STORE_CTX *ctx)
 	if (!ok)
 		goto end;
 
-#ifndef OPENSSL_NO_RFC3779
-	/* RFC 3779 path validation, now that CRL check has been done */
-	ok = v3_asid_validate_path(ctx);
-	if (!ok)
-		goto end;
-	ok = v3_addr_validate_path(ctx);
-	if (!ok)
-		goto end;
-#endif
-
 	/* If we get this far evaluate policies */
 	if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
 		ok = ctx->check_policy(ctx);