Remove SSL_OP_NETSCAPE_CA_DN_BUG
SSL_OP_NETSCAPE_CA_DN_BUG is not included in SSL_OP_ALL.
Change-Id: I1635ad2721ed2742b1dff189d68bfc67a1c840a6
Reviewed-on: https://boringssl-review.googlesource.com/1102
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d2e8b0e..dfcc568 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1962,8 +1962,6 @@
n2s(p,l);
if ((l+nc+2) > llen)
{
- if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- goto cont; /* netscape bugs */
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, SSL_R_CA_DN_TOO_LONG);
goto err;
@@ -1973,15 +1971,9 @@
if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
{
- /* If netscape tolerance is on, ignore errors */
- if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
- goto cont;
- else
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, ERR_R_ASN1_LIB);
- goto err;
- }
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+ OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, ERR_R_ASN1_LIB);
+ goto err;
}
if (q != (p+l))
@@ -2000,12 +1992,6 @@
nc+=l+2;
}
- if (0)
- {
-cont:
- ERR_clear_error();
- }
-
/* we should setup a certificate to return.... */
s->s3->tmp.cert_req=1;
s->s3->tmp.ctype_num=ctype_num;