Function tls1_check_ec_server_key is now redundant as we make

appropriate checks in tls1_check_chain.

ssl/s3_lib.c

@@ -3981,10 +3981,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 
 #ifndef OPENSSL_NO_TLSEXT
 #ifndef OPENSSL_NO_EC
-		/* if we are considering an ECC cipher suite that uses our
-		 * certificate check it */
-		if (alg_a & (SSL_aECDSA|SSL_aECDH))
-			ok = ok && tls1_check_ec_server_key(s);
 		/* if we are considering an ECC cipher suite that uses
 		 * an ephemeral EC key check it */
 		if (alg_k & SSL_kEECDH)

ssl/ssl_locl.h

@@ -1149,7 +1149,6 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen,
 			int *curves, size_t ncurves);
 int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, 
 				const char *str);
-int tls1_check_ec_server_key(SSL *s);
 int tls1_check_ec_tmp_key(SSL *s);
 #endif /* OPENSSL_NO_EC */
 

ssl/t1_lib.c

@@ -563,14 +563,6 @@ static int tls1_check_cert_param(SSL *s, X509 *x)
 		return 0;
 	return tls1_check_ec_key(s, curve_id, &comp_id);
 	}
-/* Check EC server key is compatible with client extensions */
-int tls1_check_ec_server_key(SSL *s)
-	{
-	CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;
-	if (!cpk->x509 || !cpk->privatekey)
-		return 0;
-	return tls1_check_cert_param(s, cpk->x509);
-	}
 /* Check EC temporary key is compatible with client extensions */
 int tls1_check_ec_tmp_key(SSL *s)
 	{