From 937a766982229fd4aa3d9ceb544517f81a193206 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 21 Apr 2015 11:28:41 +0100
Subject: [PATCH] Revert "Fix verify algorithm."

This reverts commit 47daa155a31b0a54ce09ad2ed4d55fad74096dab.

The above commit was backported to the 1.0.2 branch as part of backporting
the alternative chain verify algorithm changes. However it has been pointed
out (credit to Shigeki Ohtsu) that this is unnecessary in 1.0.2 as this
commit is a work around for loop checking that only exists in master.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 crypto/x509/x509_vfy.c | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index c0f6a5dfff..f3e9c56b09 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -370,16 +370,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
             && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
             && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
             while (j-- > 1) {
-                STACK_OF(X509) *chtmp = ctx->chain;
                 xtmp2 = sk_X509_value(ctx->chain, j - 1);
-                /*
-                 * Temporarily set chain to NULL so we don't discount
-                 * duplicates: the same certificate could be an untrusted
-                 * CA found in the trusted store.
-                 */
-                ctx->chain = NULL;
                 ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
-                ctx->chain = chtmp;
                 if (ok < 0)
                     goto end;
                 /* Check if we found an alternate chain */
-- 
2.25.1