From 70a9b92a00e0697b0ede88eeeca83e1143678310 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Mon, 1 Nov 2010 17:10:10 -0400
Subject: [PATCH 096/150] - revert that last change; wasn't needed after all

---
 src/plugins/preauth/pkinit/pkinit_crypto_nss.c |   30 +----------------------
 1 files changed, 2 insertions(+), 28 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 54cfdf0..1e9abd9 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -226,8 +226,7 @@ struct _pkinit_req_crypto_context {
 	SECKEYPrivateKey *client_dh_privkey;	/* used by clients */
 	SECKEYPublicKey *client_dh_pubkey;	/* used by clients */
 	struct domain_parameters client_dh_params; /* used by KDCs */
-	CERTCertificate *peer_cert;		/* the other party, shared */
-	struct _pkinit_identity_crypto_context *peer_cert_holder;
+	CERTCertificate *peer_cert;		/* the other party */
 };
 
 struct _pkinit_identity_crypto_context {
@@ -237,8 +236,7 @@ struct _pkinit_identity_crypto_context {
 	PK11SlotInfo **id_userdbs;
 	PK11GenericObject **id_objects;
 	CERTCertList *id_certs, *ca_certs;
-	CERTCertificate *id_cert, *peer_cert;	/* the other party, shared */
-	struct _pkinit_req_crypto_context *peer_cert_holder;
+	CERTCertificate *id_cert;
 	struct {
 		krb5_context context;
 		krb5_prompter_fct prompter;
@@ -650,19 +648,7 @@ pkinit_init_identity_crypto(pkinit_identity_crypto_context *id_cryptoctx)
 void
 pkinit_fini_identity_crypto(pkinit_identity_crypto_context id_cryptoctx)
 {
-	struct _pkinit_req_crypto_context *peer_holder;
 	int i;
-	if (id_cryptoctx->peer_cert != NULL) {
-		CERT_DestroyCertificate(id_cryptoctx->peer_cert);
-	}
-	if (id_cryptoctx->peer_cert_holder != NULL) {
-		peer_holder = id_cryptoctx->peer_cert_holder;
-		if (peer_holder->peer_cert != NULL) {
-			CERT_DestroyCertificate(peer_holder->peer_cert);
-			peer_holder->peer_cert_holder = NULL;
-			peer_holder->peer_cert = NULL;
-		}
-	}
 	if (id_cryptoctx->id_cert != NULL) {
 		CERT_DestroyCertificate(id_cryptoctx->id_cert);
 	}
@@ -780,7 +766,6 @@ pkinit_init_req_crypto(pkinit_req_crypto_context *req_cryptoctx)
 void
 pkinit_fini_req_crypto(pkinit_req_crypto_context req_cryptoctx)
 {
-	struct _pkinit_identity_crypto_context *peer_holder;
 	if (req_cryptoctx->client_dh_privkey != NULL) {
 		SECKEY_DestroyPrivateKey(req_cryptoctx->client_dh_privkey);
 	}
@@ -790,14 +775,6 @@ pkinit_fini_req_crypto(pkinit_req_crypto_context req_cryptoctx)
 	if (req_cryptoctx->peer_cert != NULL) {
 		CERT_DestroyCertificate(req_cryptoctx->peer_cert);
 	}
-	if (req_cryptoctx->peer_cert_holder != NULL) {
-		peer_holder = req_cryptoctx->peer_cert_holder;
-		if (peer_holder->peer_cert != NULL) {
-			CERT_DestroyCertificate(peer_holder->peer_cert);
-			peer_holder->peer_cert_holder = NULL;
-			peer_holder->peer_cert = NULL;
-		}
-	}
 	PORT_FreeArena(req_cryptoctx->pool, PR_TRUE);
 }
 
@@ -4163,9 +4140,6 @@ crypto_signeddata_common_verify(krb5_context context,
 	}
 	cert = NSS_CMSSignerInfo_GetSigningCertificate(signer, certdb);
 	req_cryptoctx->peer_cert = CERT_DupCertificate(cert);
-	req_cryptoctx->peer_cert_holder = id_cryptoctx;
-	id_cryptoctx->peer_cert_holder = req_cryptoctx;
-	id_cryptoctx->peer_cert = CERT_DupCertificate(cert);
 	*is_signed = 1;
 	return 0;
 }
-- 
1.7.6.4