Remove fixed DH ciphersuites.

Remove all fixed DH ciphersuites and associated logic. Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-12-15 23:57:18 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2015-12-19 16:14:51 +0000
commit: bc71f91064a3eec10310fa4cc14fe2a3fd9bc7bb (patch)
tree: 7775c994e7acb1ba45132c84edda69305a3b467a /ssl/ssl_rsa.c
parent: 74a62e9629b2d07360a62571ff3028c83b69b0d9 (diff)
1 files changed, 1 insertions, 16 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 96353c18bc..a23b28e76c 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -171,22 +171,7 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 {
     int i;
-    /*
-     * Special case for DH: check two DH certificate types for a match. This
-     * means for DH certificates we must set the certificate first.
-     */
-    if (pkey->type == EVP_PKEY_DH) {
-        X509 *x;
-        i = -1;
-        x = c->pkeys[SSL_PKEY_DH_RSA].x509;
-        if (x && X509_check_private_key(x, pkey))
-            i = SSL_PKEY_DH_RSA;
-        x = c->pkeys[SSL_PKEY_DH_DSA].x509;
-        if (i == -1 && x && X509_check_private_key(x, pkey))
-            i = SSL_PKEY_DH_DSA;
-        ERR_clear_error();
-    } else
-        i = ssl_cert_type(NULL, pkey);
+    i = ssl_cert_type(NULL, pkey);
     if (i < 0) {
         SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
         return (0);
author	Dr. Stephen Henson <steve@openssl.org>	2015-12-15 23:57:18 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2015-12-19 16:14:51 +0000
commit	bc71f91064a3eec10310fa4cc14fe2a3fd9bc7bb (patch)
tree	7775c994e7acb1ba45132c84edda69305a3b467a /ssl/ssl_rsa.c
parent	74a62e9629b2d07360a62571ff3028c83b69b0d9 (diff)