diff options
| author | David Benjamin <davidben@chromium.org> | 2014-07-15 09:22:50 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-07-25 01:35:40 +0400 |
| commit | 77a942b7fedb58ae1afee042255b4b9267abebca (patch) | |
| tree | 05f21a8153225b3d5ae4402fe6b234bdf78ae8ed /ssl/ssl_cert.c | |
| parent | cd9969434c2b2c347f1fb12623ee240ae01ac942 (diff) | |
Don't use the RSA key exchange with a signing-only key.
This removes the last case where the server generates an RSA key for the
ServerKeyExchange. Remove the code for this. Client support to accept them
still remains.
Leave the APIs for now, but they don't do anything anymore.
Change-Id: I84439e034cc575719f5bc9b3e501165e12b62107
Reviewed-on: https://boringssl-review.googlesource.com/1286
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/ssl_cert.c')
| -rw-r--r-- | ssl/ssl_cert.c | 10 |
1 files changed, 0 insertions, 10 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 7c1227ca..664db9d5 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -208,13 +208,6 @@ CERT *ssl_cert_dup(CERT *cert) ret->mask_k = cert->mask_k; ret->mask_a = cert->mask_a; - if (cert->rsa_tmp != NULL) - { - RSA_up_ref(cert->rsa_tmp); - ret->rsa_tmp = cert->rsa_tmp; - } - ret->rsa_tmp_cb = cert->rsa_tmp_cb; - #ifndef OPENSSL_NO_DH if (cert->dh_tmp != NULL) { @@ -389,8 +382,6 @@ CERT *ssl_cert_dup(CERT *cert) #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH) err: #endif - if (ret->rsa_tmp != NULL) - RSA_free(ret->rsa_tmp); #ifndef OPENSSL_NO_DH if (ret->dh_tmp != NULL) DH_free(ret->dh_tmp); @@ -440,7 +431,6 @@ void ssl_cert_free(CERT *c) if(c == NULL) return; - if (c->rsa_tmp) RSA_free(c->rsa_tmp); #ifndef OPENSSL_NO_DH if (c->dh_tmp) DH_free(c->dh_tmp); #endif |