From f2b8a29ea48b10be54a35214c9add220fd68e3ab Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Fri, 28 Apr 2023 15:37:28 +0000
Subject: [PATCH] Deassert has_explicit_policy()

The only caller is X509_policy_check() which goes straight to error.

with beck
ok jsing
---
 lib/libcrypto/x509/x509_policy.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/libcrypto/x509/x509_policy.c b/lib/libcrypto/x509/x509_policy.c
index b8ddef091f2..4598597e041 100644
--- a/lib/libcrypto/x509/x509_policy.c
+++ b/lib/libcrypto/x509/x509_policy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509_policy.c,v 1.21 2023/04/28 15:35:55 tb Exp $ */
+/*	$OpenBSD: x509_policy.c,v 1.22 2023/04/28 15:37:28 tb Exp $ */
 /*
  * Copyright (c) 2022, Google Inc.
  *
@@ -778,8 +778,9 @@ has_explicit_policy(STACK_OF(X509_POLICY_LEVEL) *levels,
 	X509_POLICY_NODE *node, *parent;
 	int num_levels, user_has_any_policy;
 	int i, j, k;
-	assert(user_policies == NULL ||
-	    sk_ASN1_OBJECT_is_sorted(user_policies));
+
+	if (!sk_ASN1_OBJECT_is_sorted(user_policies))
+		return 0;
 
 	/* Step (g.i). If the policy graph is empty, the intersection is empty. */
 	num_levels = sk_X509_POLICY_LEVEL_num(levels);
-- 
2.20.1