From: Steffan Karger <steffan@karger.me>
Date: Tue, 8 Nov 2016 21:28:27 +0000 (+0100)
Subject: Remove unneeded check for extra_certs_file_inline
X-Git-Tag: v2.4_beta1~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d5b06e6fc46e214e1498352603a95028aa5c113;p=thirdparty%2Fopenvpn.git

Remove unneeded check for extra_certs_file_inline

As with all the file/file_inline variable, the _inline variable is only
relevant if the file variable is equal to INLINE_FILE_TAG.  The
tls_ctx_load_extra_certs() function nicely follows this mantra.

Removing this unneeded check silences a coverity 'dereference after null
check' warning (tls_ctx_load_extra_certs() always dereferences
options->extra_cert_file, and the check implies it might be null).  In
reality, this cannot occur, because if options->extra_cert_file_inline is
non-null, so is options->extra_cert_file.  Still, coverity is correct this
this check is a bit weird, so let's fix it and make coverity happy.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1478640507-14415-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12978.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
---

diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 88aeaadac..c1951adcc 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -600,7 +600,7 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
 
   /* Load extra certificates that are part of our own certificate
      chain but shouldn't be included in the verify chain */
-  if (options->extra_certs_file || options->extra_certs_file_inline)
+  if (options->extra_certs_file)
     {
       tls_ctx_load_extra_certs(new_ctx, options->extra_certs_file, options->extra_certs_file_inline);
     }