pubkey: remove deprecated TLS1_RSA flag check

The gnutls_certificate_verify_flags comparisons against
OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA conflicts with
GNUTLS_VERIFY_DISABLE_CA_SIGN and no longer seems to be used in calls to
both gnutls_pubkey_verify_data2 and gnutls_pubkey_verify_hash2 as it
seems to have been fully replaced by GNUTLS_VERIFY_USE_TLS1_RSA.

Resolves: #754

Signed-off-by: Kenneth J. Miller <ken@miller.ec>

1 files changed, 2 insertions, 4 deletions

diff --git a/lib/pubkey.c b/lib/pubkey.c
index f1a0302fca..2dfe5d56ec 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -1678,8 +1678,6 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
 
 }
 
-#define OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA 1
-
 /* Updates the gnutls_x509_spki_st parameters based on the signature
  * information, and reports any incompatibilities between the existing
  * parameters (if any) with the signature algorithm */
@@ -1758,7 +1756,7 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey,
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
-	if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA)
+	if (flags & GNUTLS_VERIFY_USE_TLS1_RSA)
 		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
 	memcpy(&params, &pubkey->params.spki, sizeof(gnutls_x509_spki_st));
@@ -1830,7 +1828,7 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key,
 
 	memcpy(&params, &key->params.spki, sizeof(gnutls_x509_spki_st));
 
-	if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA) {
+	if (flags & GNUTLS_VERIFY_USE_TLS1_RSA) {
 		if (!GNUTLS_PK_IS_RSA(key->params.algo))
 			return gnutls_assert_val(GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY);
 		params.pk = GNUTLS_PK_RSA;