[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Wed Jun 29 23:37:59 UTC 2016
The branch master has been updated
via 8e21938ce3a5306df753eb40a20fe30d17cf4a68 (commit)
from 6b4a77f56e14c002ce3cf960f622682be3b8424b (commit)
- Log -----------------------------------------------------------------
commit 8e21938ce3a5306df753eb40a20fe30d17cf4a68
Author: Richard Levitte <levitte at openssl.org>
Date: Thu Jun 30 01:23:36 2016 +0200
Remove the envvar hack to enable proxy cert processing
When the proxy cert code was initially added, some application authors
wanted to get them verified without having to change their code, so a
check of the env var OPENSSL_ALLOW_PROXY_CERTS was added.
Since then, the use of this variable has become irrelevant, as it's
likely that code has been changed since, so it's time it gets removed.
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_vfy.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index b400ce4..c8ebc50 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -461,12 +461,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
} else {
allow_proxy_certs =
! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
- /*
- * A hack to keep people who don't want to modify their software
- * happy
- */
- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
- allow_proxy_certs = 1;
purpose = ctx->param->purpose;
}
More information about the openssl-commits
mailing list