1 files changed, 6 insertions, 47 deletions

diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index 9cd36d7..c553484 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -17,9 +17,10 @@
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
- *  You should have received a copy of the GNU General Public License along
- *  with this program; if not, write to the Free Software Foundation, Inc.,
- *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program (see the file COPYING included with this
+ *  distribution); if not, write to the Free Software Foundation, Inc.,
+ *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
 /**
@@ -273,9 +274,7 @@ cert_hash_free(struct cert_hash_set *chs)
     {
         int i;
         for (i = 0; i < MAX_CERT_DEPTH; ++i)
-        {
             free(chs->ch[i]);
-        }
         free(chs);
     }
 }
@@ -717,31 +716,8 @@ verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_dep
     /* verify level 1 cert, i.e. the CA that signed our leaf cert */
     if (cert_depth == 1 && opt->verify_hash)
     {
-        struct buffer ca_hash = {0};
-
-        switch (opt->verify_hash_algo)
-        {
-        case MD_SHA1:
-            ca_hash = x509_get_sha1_fingerprint(cert, &gc);
-            break;
-
-        case MD_SHA256:
-            ca_hash = x509_get_sha256_fingerprint(cert, &gc);
-            break;
-
-        default:
-            /* This should normally not happen at all; the algorithm used
-             * is parsed by add_option() [options.c] and set to a predefined
-             * value in an enumerated type.  So if this unlikely scenario
-             * happens, consider this a failure
-             */
-            msg(M_WARN, "Unexpected invalid algorithm used with "
-                "--verify-hash (%i)", opt->verify_hash_algo);
-            ret = FAILURE;
-            goto cleanup;
-        }
-
-        if (memcmp(BPTR(&ca_hash), opt->verify_hash, BLEN(&ca_hash)))
+        struct buffer sha1_hash = x509_get_sha1_fingerprint(cert, &gc);
+        if (memcmp(BPTR(&sha1_hash), opt->verify_hash, BLEN(&sha1_hash)))
         {
             msg(D_TLS_ERRORS, "TLS Error: level-1 certificate hash verification failed");
             goto cleanup;
@@ -1515,21 +1491,4 @@ verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session)
         gc_free(&gc);
     }
 }
-
-void
-tls_x509_clear_env(struct env_set *es)
-{
-    struct env_item *item = es->list;
-    while (item)
-    {
-        struct env_item *next = item->next;
-        if (item->string
-            && 0 == strncmp("X509_", item->string, strlen("X509_")))
-        {
-            env_set_del(es, item->string);
-        }
-        item = next;
-    }
-}
-
 #endif /* ENABLE_CRYPTO */