Drop cached certificate signature validity flag

It seems risky in the context of cross-signed certificates when the same certificate might have multiple potential issuers. Also rarely used, since chains in OpenSSL typically only employ self-signed trust-anchors, whose self-signatures are not checked, while untrusted certificates are generally ephemeral. (Imported from upstream's 0e76014e584ba78ef1d6ecb4572391ef61c4fb51.) This is in master and not 1.0.2, but having a per-certificate signature cache when this is a function of signature and issuer seems dubious at best. Thanks to Viktor Dukhovni for pointing this change out to me. (And for making the original change upstream, of course.) Change-Id: Ie692d651726f14aeba6eaab03ac918fcaedb4eeb Reviewed-on: https://boringssl-review.googlesource.com/8880 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@google.com> 2016-07-21 03:21:48 +0300
committer: Adam Langley <agl@google.com> 2016-07-21 20:46:15 +0300
commit: 00d7a7cee7e4c483cf326e19e32aa9065f33dc0a (patch)
tree: 52d5f38c5c5b2b35b7dbebf4945dea5b4a15768b /include
parent: 84f855175379f663491d28d89ba00d4a3e64fb7b (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index bbc263e0..d68d8ac9 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -243,7 +243,6 @@ struct x509_st
 	X509_CINF *cert_info;
 	X509_ALGOR *sig_alg;
 	ASN1_BIT_STRING *signature;
-	int valid;
 	CRYPTO_refcount_t references;
 	char *name;
 	CRYPTO_EX_DATA ex_data;
author	David Benjamin <davidben@google.com>	2016-07-21 03:21:48 +0300
committer	Adam Langley <agl@google.com>	2016-07-21 20:46:15 +0300
commit	00d7a7cee7e4c483cf326e19e32aa9065f33dc0a (patch)
tree	52d5f38c5c5b2b35b7dbebf4945dea5b4a15768b /include
parent	84f855175379f663491d28d89ba00d4a3e64fb7b (diff)