Compile time conditionals, per Ben.

svn path=/openssl/trunk/Configure; revision=269

2 files changed, 4 insertions, 0 deletions

diff --git a/openssl/trunk/crypto/x509/x509.h b/openssl/trunk/crypto/x509/x509.h
index 16d7bbf5..efbc95f5 100644
--- a/openssl/trunk/crypto/x509/x509.h
+++ b/openssl/trunk/crypto/x509/x509.h
@@ -288,8 +288,10 @@ struct x509_st
 	ASN1_OCTET_STRING *skid;
 	struct AUTHORITY_KEYID_st *akid;
 	X509_POLICY_CACHE *policy_cache;
+#ifdef OPENSSL_RFC3779
 	STACK_OF(IPAddressFamily) *rfc3779_addr;
 	struct ASIdentifiers_st *rfc3779_asid;
+#endif
 #ifndef OPENSSL_NO_SHA
 	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 #endif
diff --git a/openssl/trunk/crypto/x509/x509_vfy.c b/openssl/trunk/crypto/x509/x509_vfy.c
index ecee8164..00981706 100644
--- a/openssl/trunk/crypto/x509/x509_vfy.c
+++ b/openssl/trunk/crypto/x509/x509_vfy.c
@@ -312,11 +312,13 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 		ok=internal_verify(ctx);
 	if(!ok) goto end;
 
+#ifdef OPENSSL_RFC3779
 	/* RFC 3779 path validation, now that CRL check has been done */
 	ok = v3_asid_validate_path(ctx);
 	if (!ok) goto end;
 	ok = v3_addr_validate_path(ctx);
 	if (!ok) goto end;
+#endif
 
 	/* If we get this far evaluate policies */
 	if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))