From caca27d000e4932734d8618a8c6110ee643911be Mon Sep 17 00:00:00 2001
From: Stephen Henson <drh@apache.org>
Date: Thu, 1 Apr 2010 23:09:11 +0000
Subject: [PATCH] Code tidy, certificate extension decode can be done with the
 single function X509_get_ext_d2i().

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@930131 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_util_ssl.c | 29 ++++++++++-------------------
 1 file changed, 10 insertions(+), 19 deletions(-)

diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index a06b65047a..e90e2de44e 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -292,26 +292,22 @@ char *SSL_make_ciphersuite(apr_pool_t *p, SSL *ssl)
 BOOL SSL_X509_isSGC(X509 *cert)
 {
 #ifdef HAVE_SSL_X509V3_EXT_d2i
-    X509_EXTENSION *ext;
     int ext_nid;
     EXTENDED_KEY_USAGE *sk;
     BOOL is_sgc;
-    int idx;
     int i;
 
     is_sgc = FALSE;
-    idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
-    if (idx >= 0) {
-        ext = X509_get_ext(cert, idx);
-        if ((sk = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i(ext)) != NULL) {
-            for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
-                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_ASN1_OBJECT_value(sk, i));
-                if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
-                    is_sgc = TRUE;
-                    break;
-                }
+    sk = X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL);
+    if (sk) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
+            ext_nid = OBJ_obj2nid(sk_ASN1_OBJECT_value(sk, i));
+            if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
+                is_sgc = TRUE;
+                break;
             }
         }
+    EXTENDED_KEY_USAGE_free(sk);
     }
     return is_sgc;
 #else
@@ -323,18 +319,13 @@ BOOL SSL_X509_isSGC(X509 *cert)
 BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
 {
 #ifdef HAVE_SSL_X509V3_EXT_d2i
-    X509_EXTENSION *ext;
     BASIC_CONSTRAINTS *bc;
     int idx;
     BIGNUM *bn = NULL;
     char *cp;
 
-    if ((idx = X509_get_ext_by_NID(cert, NID_basic_constraints, -1)) < 0)
-        return FALSE;
-    ext = X509_get_ext(cert, idx);
-    if (ext == NULL)
-        return FALSE;
-    if ((bc = (BASIC_CONSTRAINTS *)X509V3_EXT_d2i(ext)) == NULL)
+    bc = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
+    if (bc == NULL);
         return FALSE;
     *ca = bc->ca;
     *pathlen = -1 /* unlimited */;
-- 
2.50.1