[openssl-commits] [openssl] master update

Richard Levitte levitte at openssl.org
Wed Jun 29 23:37:59 UTC 2016


The branch master has been updated
       via  8e21938ce3a5306df753eb40a20fe30d17cf4a68 (commit)
      from  6b4a77f56e14c002ce3cf960f622682be3b8424b (commit)


- Log -----------------------------------------------------------------
commit 8e21938ce3a5306df753eb40a20fe30d17cf4a68
Author: Richard Levitte <levitte at openssl.org>
Date:   Thu Jun 30 01:23:36 2016 +0200

    Remove the envvar hack to enable proxy cert processing
    
    When the proxy cert code was initially added, some application authors
    wanted to get them verified without having to change their code, so a
    check of the env var OPENSSL_ALLOW_PROXY_CERTS was added.
    
    Since then, the use of this variable has become irrelevant, as it's
    likely that code has been changed since, so it's time it gets removed.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509/x509_vfy.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index b400ce4..c8ebc50 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -461,12 +461,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
     } else {
         allow_proxy_certs =
             ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-        /*
-         * A hack to keep people who don't want to modify their software
-         * happy
-         */
-        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-            allow_proxy_certs = 1;
         purpose = ctx->param->purpose;
     }
 


More information about the openssl-commits mailing list