summaryrefslogtreecommitdiffstats
path: root/lib/libssl/src/crypto/x509v3/pcy_tree.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libssl/src/crypto/x509v3/pcy_tree.c')
-rw-r--r--lib/libssl/src/crypto/x509v3/pcy_tree.c51
1 files changed, 1 insertions, 50 deletions
diff --git a/lib/libssl/src/crypto/x509v3/pcy_tree.c b/lib/libssl/src/crypto/x509v3/pcy_tree.c
index 2c6472a8a14..fa0e1615628 100644
--- a/lib/libssl/src/crypto/x509v3/pcy_tree.c
+++ b/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pcy_tree.c,v 1.12 2014/07/11 08:44:49 jsing Exp $ */
+/* $OpenBSD: pcy_tree.c,v 1.13 2015/02/07 13:19:15 doug Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2004.
*/
@@ -153,11 +153,6 @@ tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, unsigned int flags)
*ptree = NULL;
n = sk_X509_num(certs);
-#if 0
- /* Disable policy mapping for now... */
- flags |= X509_V_FLAG_INHIBIT_MAP;
-#endif
-
if (flags & X509_V_FLAG_EXPLICIT_POLICY)
explicit_policy = 0;
else
@@ -327,19 +322,6 @@ tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache)
for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
data = sk_X509_POLICY_DATA_value(cache->data, i);
- /* If a node is mapped any it doesn't have a corresponding
- * CertificatePolicies entry.
- * However such an identical node would be created
- * if anyPolicy matching is enabled because there would be
- * no match with the parent valid_policy_set. So we create
- * link because then it will have the mapping flags
- * right and we can prune it later.
- */
-#if 0
- if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) &&
- !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
- continue;
-#endif
/* Look for matching nodes in previous level */
if (!tree_link_matching_nodes(curr, data))
return 0;
@@ -416,7 +398,6 @@ tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache,
X509_POLICY_TREE *tree)
{
int i;
- /*X509_POLICY_DATA *data;*/
X509_POLICY_NODE *node;
X509_POLICY_LEVEL *last = curr - 1;
@@ -425,36 +406,6 @@ tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache,
if (!tree_link_unmatched(curr, cache, node, tree))
return 0;
-
-#if 0
-
- /* Skip any node with any children: we only want unmathced
- * nodes.
- *
- * Note: need something better for policy mapping
- * because each node may have multiple children
- */
- if (node->nchild)
- continue;
-
- /* Create a new node with qualifiers from anyPolicy and
- * id from unmatched node.
- */
- data = policy_data_new(NULL, node->data->valid_policy,
- node_critical(node));
-
- if (data == NULL)
- return 0;
- /* Curr may not have anyPolicy */
- data->qualifier_set = cache->anyPolicy->qualifier_set;
- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
- if (!level_add_node(curr, data, node, tree)) {
- policy_data_free(data);
- return 0;
- }
-
-#endif
-
}
/* Finally add link to anyPolicy */
if (last->anyPolicy) {
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.