get rid of very buggy and very imcomplete DH cert support

Reviewed by: Bodo Moeller
author: Nils Larsch <nils@openssl.org> 2005-04-07 23:19:17 +0000
committer: Nils Larsch <nils@openssl.org> 2005-04-07 23:19:17 +0000
commit: 6049399bafac74bd809ffac2108e8d5d284cd720 (patch)
tree: 14443a61bb1541f6f1ccb01b59b288ab3bd54cf3 /ssl/s3_both.c
parent: f763e0b5ae74c67795d096c9029b5c61e891e68a (diff)
download: openssl-new-6049399bafac74bd809ffac2108e8d5d284cd720.tar.gz
1 files changed, 1 insertions, 25 deletions
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 94df0e5c6c..b26fbe3637 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -497,7 +497,7 @@ err:
 int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 	{
 	EVP_PKEY *pk;
-	int ret= -1,i,j;
+	int ret= -1,i;
 
 	if (pkey == NULL)
 		pk=X509_get_pubkey(x);
@@ -509,41 +509,17 @@ int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 	if (i == EVP_PKEY_RSA)
 		{
 		ret=SSL_PKEY_RSA_ENC;
-		if (x != NULL)
-			{
-			j=X509_get_ext_count(x);
-			/* check to see if this is a signing only certificate */
-			/* EAY EAY EAY EAY */
-			}
 		}
 	else if (i == EVP_PKEY_DSA)
 		{
 		ret=SSL_PKEY_DSA_SIGN;
 		}
-	else if (i == EVP_PKEY_DH)
-		{
-		/* if we just have a key, we needs to be guess */
-
-		if (x == NULL)
-			ret=SSL_PKEY_DH_DSA;
-		else
-			{
-			j=X509_get_signature_type(x);
-			if (j == EVP_PKEY_RSA)
-				ret=SSL_PKEY_DH_RSA;
-			else if (j== EVP_PKEY_DSA)
-				ret=SSL_PKEY_DH_DSA;
-			else ret= -1;
-			}
-		}
 #ifndef OPENSSL_NO_EC
 	else if (i == EVP_PKEY_EC)
 		{
 		ret = SSL_PKEY_ECC;
 		}
 #endif
-	else
-		ret= -1;
 
 err:
 	if(!pkey) EVP_PKEY_free(pk);
author	Nils Larsch <nils@openssl.org>	2005-04-07 23:19:17 +0000
committer	Nils Larsch <nils@openssl.org>	2005-04-07 23:19:17 +0000
commit	6049399bafac74bd809ffac2108e8d5d284cd720 (patch)
tree	14443a61bb1541f6f1ccb01b59b288ab3bd54cf3 /ssl/s3_both.c
parent	f763e0b5ae74c67795d096c9029b5c61e891e68a (diff)
download	openssl-new-6049399bafac74bd809ffac2108e8d5d284cd720.tar.gz