_gnutls_x509_name_constraints_is_empty: remove type argument

The type argument is only used in
gnutls_x509_name_constraints_check_crt defined in the same
file. Create a helper function name_constraints_contains_type split
from _gnutls_x509_name_constraints_is_empty to cater for that.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
index 53f6543fbacb32fe20ae0973dfbeaec7cf7d6764..1047ce028e48ce4cbf2f6310ff2a3ea7e0f0e17a 100644 (file)
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -447,24 +447,21 @@ name_constraints_node_add_copy(gnutls_x509_name_constraints_t nc,
 /*-
  * _gnutls_x509_name_constraints_is_empty:
  * @nc: name constraints structure
- * @type: type (gnutls_x509_subject_alt_name_t or 0)
  *
  * Test whether given name constraints structure has any constraints (permitted
- * or excluded) of a given type. @nc must be allocated (not NULL) before the call.
- * If @type is 0, type checking will be skipped.
+ * or excluded). @nc must be allocated (not NULL) before the call.
  *
- * Returns: false if @nc contains constraints of type @type, true otherwise
+ * Returns: true if @nc contains no constraints, false otherwise
  -*/
-bool _gnutls_x509_name_constraints_is_empty(gnutls_x509_name_constraints_t nc,
-                                           unsigned type)
+bool _gnutls_x509_name_constraints_is_empty(gnutls_x509_name_constraints_t nc)
 {
-       if (gl_list_size(nc->permitted.items) == 0 &&
-           gl_list_size(nc->excluded.items) == 0)
-               return true;
-
-       if (type == 0)
-               return false;
+       return gl_list_size(nc->permitted.items) == 0 &&
+              gl_list_size(nc->excluded.items) == 0;
+}
 
+static bool name_constraints_contains_type(gnutls_x509_name_constraints_t nc,
+                                          gnutls_x509_subject_alt_name_t type)
+{
        const struct name_constraints_node_st *node;
        gl_list_iterator_t iter;
 
@@ -472,7 +469,7 @@ bool _gnutls_x509_name_constraints_is_empty(gnutls_x509_name_constraints_t nc,
        while (gl_list_iterator_next(&iter, (const void **)&node, NULL)) {
                if (node->type == type) {
                        gl_list_iterator_free(&iter);
-                       return false;
+                       return true;
                }
        }
        gl_list_iterator_free(&iter);
@@ -481,13 +478,13 @@ bool _gnutls_x509_name_constraints_is_empty(gnutls_x509_name_constraints_t nc,
        while (gl_list_iterator_next(&iter, (const void **)&node, NULL)) {
                if (node->type == type) {
                        gl_list_iterator_free(&iter);
-                       return false;
+                       return true;
                }
        }
        gl_list_iterator_free(&iter);
 
        /* no constraint for that type exists */
-       return true;
+       return false;
 }
 
 /*-
@@ -1645,7 +1642,7 @@ gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t nc,
        unsigned found_one;
        size_t checks;
 
-       if (_gnutls_x509_name_constraints_is_empty(nc, type) != 0)
+       if (!name_constraints_contains_type(nc, type))
                return 1; /* shortcut; no constraints to check */
 
        if (!INT_ADD_OK(gl_list_size(nc->permitted.items),

diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index d573f628362ed69e138f9a629625cc6787ed8241..33a4c913e35abc305cc8dc5b3c9b4dd476f38f6c 100644 (file)
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -386,7 +386,7 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t *ext,
        }
 
        if (flags & GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND &&
-           !_gnutls_x509_name_constraints_is_empty(nc, 0)) {
+           !_gnutls_x509_name_constraints_is_empty(nc)) {
                ret = gnutls_x509_name_constraints_init(&nc2);
                if (ret < 0) {
                        gnutls_assert();
@@ -452,7 +452,7 @@ int gnutls_x509_ext_export_name_constraints(gnutls_x509_name_constraints_t nc,
        unsigned rtype;
        gnutls_datum_t rname;
 
-       if (_gnutls_x509_name_constraints_is_empty(nc, 0))
+       if (_gnutls_x509_name_constraints_is_empty(nc))
                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
        result = asn1_create_element(_gnutls_get_pkix(),

diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index f41815f14bb0115e89530872da4defd1b625f710..8fcef0107724802971c4f81a12a8fe526792f413 100644 (file)
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -503,8 +503,7 @@ int _gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
                                      int crl_list_length,
                                      gnutls_verify_output_function func);
 
-bool _gnutls_x509_name_constraints_is_empty(gnutls_x509_name_constraints_t nc,
-                                           unsigned type);
+bool _gnutls_x509_name_constraints_is_empty(gnutls_x509_name_constraints_t nc);
 int _gnutls_x509_name_constraints_extract(asn1_node c2,
                                          const char *permitted_name,
                                          const char *excluded_name,