Remove CERT_PKEY::valid_flags.

CERT_PKEY_SIGN isn't meaningful since, without strict mode, we always fall back to SHA-1 anyway. So the digest is never NULL when CERT_PKEY_SIGN is computed. The entire valid_flags is now back to it's pre-1.0.2 check of seeing if the certificate and key are configured. This finally removes the sensitivity between valid_flags and selecting the digest, so we can defer choosing the digest all we like. Change-Id: I9f9952498f512d7f0cc799497f7c5b52145a48af Reviewed-on: https://boringssl-review.googlesource.com/2288 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2014-11-14 02:47:41 +0300
committer: Adam Langley <agl@google.com> 2014-11-19 01:22:23 +0300
commit: 033e5f47d1a95fb9972bc3e4bebe1986b724dc5f (patch)
tree: 8b9e74fca7f378736883ffed9939be5da8eaf513 /ssl/s3_lib.c
parent: f31e681acf57cf31d6e608266311e968217b1715 (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 66d6354b..812a3296 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1806,7 +1806,6 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 		allow = srvr;
 		}
 
-	tls1_set_cert_validity(s);
 	ssl_get_compatible_server_ciphers(s, &mask_k, &mask_a);
 
 	for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
author	David Benjamin <davidben@chromium.org>	2014-11-14 02:47:41 +0300
committer	Adam Langley <agl@google.com>	2014-11-19 01:22:23 +0300
commit	033e5f47d1a95fb9972bc3e4bebe1986b724dc5f (patch)
tree	8b9e74fca7f378736883ffed9939be5da8eaf513 /ssl/s3_lib.c
parent	f31e681acf57cf31d6e608266311e968217b1715 (diff)