From fc1c81f383ee1e8252941d10011cd4f6a03fbe44 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Thu, 31 May 2012 20:12:51 +0100
Subject: [PATCH] Remove unused workaround_openssl_certchain_bug() function

For GnuTLS, this is done as we load the certificate.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
 gnutls.c | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/gnutls.c b/gnutls.c
index d80f6b6..72ff5c1 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -812,17 +812,6 @@ static int verify_peer(gnutls_session_t session)
 	return err;
 }
 
-static void workaround_openssl_certchain_bug(struct openconnect_info *vpninfo)
-{
-	/* OpenSSL has problems with certificate chains -- if there are
-	   multiple certs with the same name, it doesn't necessarily
-	   choose the _right_ one. (RT#1942)
-	   Pick the right ones for ourselves and add them manually. */
-	
-	/* FIXME: Of course we still have to do this with GnuTLS, to work
-	   around the issue on the server side */
-}
-
 static int cancellable_connect(struct openconnect_info *vpninfo, int sockfd,
 			       const struct sockaddr *addr, socklen_t addrlen)
 {
@@ -1090,7 +1079,6 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
 	}
 
 	gnutls_record_disable_padding (vpninfo->https_sess);
-	workaround_openssl_certchain_bug(vpninfo);
 	gnutls_credentials_set (vpninfo->https_sess, GNUTLS_CRD_CERTIFICATE, vpninfo->https_cred);
 	gnutls_transport_set_ptr(vpninfo->https_sess, /* really? */(gnutls_transport_ptr_t)(long) ssl_sock);
 
-- 
2.7.4