Remove unneeded check for extra_certs_file_inline
As with all the file/file_inline variable, the _inline variable is only
relevant if the file variable is equal to INLINE_FILE_TAG. The
tls_ctx_load_extra_certs() function nicely follows this mantra.
Removing this unneeded check silences a coverity 'dereference after null
check' warning (tls_ctx_load_extra_certs() always dereferences
options->extra_cert_file, and the check implies it might be null). In
reality, this cannot occur, because if options->extra_cert_file_inline is
non-null, so is options->extra_cert_file. Still, coverity is correct this
this check is a bit weird, so let's fix it and make coverity happy.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1478640507-14415-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12978.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
Steffan Karger authored on 2016/11/09 06:28:27Showing 1 changed files
| ... | ... |
@@ -600,7 +600,7 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) |
| 600 | 600 |
|
| 601 | 601 |
/* Load extra certificates that are part of our own certificate |
| 602 | 602 |
chain but shouldn't be included in the verify chain */ |
| 603 |
- if (options->extra_certs_file || options->extra_certs_file_inline) |
|
| 603 |
+ if (options->extra_certs_file) |
|
| 604 | 604 |
{
|
| 605 | 605 |
tls_ctx_load_extra_certs(new_ctx, options->extra_certs_file, options->extra_certs_file_inline); |
| 606 | 606 |
} |