Remove remnants of KRB5 support.

This drops the bits of logic that allowed Certificate messages to be optional for a KRB5 cipher suite. Change-Id: I2a71b7c13d7e76f4f5542d4074169f80f3617240 Reviewed-on: https://boringssl-review.googlesource.com/1154 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2014-07-12 08:13:56 +0400
committer: Adam Langley <agl@google.com> 2014-07-15 00:49:57 +0400
commit: d26aea6c9645badb67f0952e148bcc8905151c9b (patch)
tree: cbf19bcdbc853299e9bb24f82a77f6d122130d72 /ssl/d1_srvr.c
parent: 0c49ec97f4f4e9e82da19ce694249c2e78de6d88 (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 148b8c8a..f0dbe378 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -433,11 +433,9 @@ int dtls1_accept(SSL *s)
 				 /* ... except when the application insists on verification
 				  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
 				 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
-				 /* never request cert in Kerberos ciphersuites */
-				(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
 				/* With normal PSK Certificates and
 				 * Certificate Requests are omitted */
-				|| (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
+				(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
 				{
 				/* no cert request */
 				skip=1;
author	David Benjamin <davidben@chromium.org>	2014-07-12 08:13:56 +0400
committer	Adam Langley <agl@google.com>	2014-07-15 00:49:57 +0400
commit	d26aea6c9645badb67f0952e148bcc8905151c9b (patch)
tree	cbf19bcdbc853299e9bb24f82a77f6d122130d72 /ssl/d1_srvr.c
parent	0c49ec97f4f4e9e82da19ce694249c2e78de6d88 (diff)