From 8df53b7a7cf00908747e5730b19fe8fed8937b38 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 21 Jun 2015 19:18:50 +0100
Subject: [PATCH] Remove unnuecessary ifdefs.

If RSA or DSA is disabled we will never use a ciphersuite with
RSA/DSA authentication as it is already filtered out by the cipher
list logic.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 ssl/s3_clnt.c | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 9227148651..c36627c955 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1617,16 +1617,8 @@ int ssl3_get_key_exchange(SSL *s)
         }
 
 /* We must check if there is a certificate */
-# ifndef OPENSSL_NO_RSA
-        if (alg_a & SSL_aRSA)
+        if (alg_a & (SSL_aRSA|SSL_aDSS))
             pkey = X509_get_pubkey(s->session->peer);
-# else
-        if (0) ;
-# endif
-# ifndef OPENSSL_NO_DSA
-        else if (alg_a & SSL_aDSS)
-            pkey = X509_get_pubkey(s->session->peer);
-# endif
     } else
 #endif                          /* !OPENSSL_NO_SRP */
 #ifndef OPENSSL_NO_RSA
@@ -1774,16 +1766,8 @@ int ssl3_get_key_exchange(SSL *s)
             SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_DH_KEY_TOO_SMALL);
             goto f_err;
         }
-# ifndef OPENSSL_NO_RSA
-        if (alg_a & SSL_aRSA)
+        if (alg_a & (SSL_aRSA|SSL_aDSS))
             pkey = X509_get_pubkey(s->session->peer);
-# else
-        if (0) ;
-# endif
-# ifndef OPENSSL_NO_DSA
-        else if (alg_a & SSL_aDSS)
-            pkey = X509_get_pubkey(s->session->peer);
-# endif
         /* else anonymous DH, so no certificate or pkey. */
 
         s->s3->peer_dh_tmp = dh;
-- 
2.40.0