Remove ECDH client auth code.

Remove incomplete non-functional ECDH client authentication code. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-12-12 17:41:18 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2015-12-16 14:17:53 +0000
commit: c66ce5eb23f7611bd2822650d6ffeacbe0671072 (patch)
tree: 6c4036dd162eb9e348e53c2d1c09543995c09b6f /ssl/s3_lib.c
parent: 57be4444c645247d15428217e289ae36e5c3e6a8 (diff)
1 files changed, 1 insertions, 7 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c08065f035..fd101285c4 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4722,14 +4722,8 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
         p[ret++] = SSL3_CT_DSS_SIGN;
 #endif
 #ifndef OPENSSL_NO_EC
-    if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) {
-        if (nostrict || !(alg_a & SSL_aRSA))
-            p[ret++] = TLS_CT_RSA_FIXED_ECDH;
-        if (nostrict || !(alg_a & SSL_aECDSA))
-            p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
-    }
     /*
-     * ECDSA certs can be used with RSA cipher suites as well so we don't
+     * ECDSA certs can be used with RSA cipher suites too so we don't
      * need to check for SSL_kECDH or SSL_kECDHE
      */
     if (s->version >= TLS1_VERSION) {
author	Dr. Stephen Henson <steve@openssl.org>	2015-12-12 17:41:18 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2015-12-16 14:17:53 +0000
commit	c66ce5eb23f7611bd2822650d6ffeacbe0671072 (patch)
tree	6c4036dd162eb9e348e53c2d1c09543995c09b6f /ssl/s3_lib.c
parent	57be4444c645247d15428217e289ae36e5c3e6a8 (diff)