From 534de0a39d32b2403efdfb0d1c5f67be70b2858d Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Thu, 22 Feb 2024 14:17:43 +0000
Subject: [PATCH] Follow-up to r1825120:

* modules/ssl/ssl_engine_init.c (ssl_init_ca_cert_path): Since
  SSL_add_file_cert_subjects_to_stack() internally replaces the
  comparison callback with one equivalent to
  ssl_init_FindCAList_X509NameCmp, there's no point in using that
  here.
  (ssl_init_FindCAList_X509NameCmp): Removed.


Merges r1825124 from https://svn.apache.org/repos/asf/httpd/httpd/trunk.

Submitted by: jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1915951 13f79535-47bb-0310-9956-ffa450edef68
---
 STATUS                        |  6 ------
 modules/ssl/ssl_engine_init.c | 19 +------------------
 2 files changed, 1 insertion(+), 24 deletions(-)

diff --git a/STATUS b/STATUS
index 2f379c13105..dd20521e59d 100644
--- a/STATUS
+++ b/STATUS
@@ -160,12 +160,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
       rpluem says: This has conflict in modules/http2/h2_version.h. Otherwise
       +1 from me on the backport.
 
-   *) mod_ssl: follow-up to r1825120 to simplify code (no functional change)
-      trunk patch: https://svn.apache.org/r1825124
-      2.4.x patch: svn merge -c 1825124  ^/httpd/httpd/trunk .
-      Github PR: https://github.com/apache/httpd/pull/412
-      +1: jorton, ylavic, jfclere
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 8b03e416db8..c2ec048f527 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -2242,12 +2242,6 @@ int ssl_proxy_section_post_config(apr_pool_t *p, apr_pool_t *plog,
     return OK;
 }
 
-static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a,
-                                           const X509_NAME * const *b)
-{
-    return(X509_NAME_cmp(*a, *b));
-}
-
 static apr_status_t ssl_init_ca_cert_path(server_rec *s,
                                           apr_pool_t *ptemp,
                                           const char *path,
@@ -2287,13 +2281,7 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s,
                                          const char *ca_file,
                                          const char *ca_path)
 {
-    STACK_OF(X509_NAME) *ca_list;
-
-    /*
-     * Start with a empty stack/list where new
-     * entries get added in sorted order.
-     */
-    ca_list = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp);
+    STACK_OF(X509_NAME) *ca_list = sk_X509_NAME_new_null();;
 
     /*
      * Process CA certificate bundle file
@@ -2323,11 +2311,6 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s,
         return NULL;
     }
 
-    /*
-     * Cleanup
-     */
-    (void) sk_X509_NAME_set_cmp_func(ca_list, NULL);
-
     return ca_list;
 }
 
-- 
2.47.2