diff options
author | Richard Levitte <levitte@openssl.org> | 2016-06-30 01:23:36 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2016-06-30 01:37:40 +0200 |
commit | 8e21938ce3a5306df753eb40a20fe30d17cf4a68 (patch) | |
tree | ce3254d78d941a61965be520540cea745aa170d0 /crypto/x509 | |
parent | 6b4a77f56e14c002ce3cf960f622682be3b8424b (diff) | |
download | openssl-8e21938ce3a5306df753eb40a20fe30d17cf4a68.tar.gz |
Remove the envvar hack to enable proxy cert processing
When the proxy cert code was initially added, some application authors
wanted to get them verified without having to change their code, so a
check of the env var OPENSSL_ALLOW_PROXY_CERTS was added.
Since then, the use of this variable has become irrelevant, as it's
likely that code has been changed since, so it's time it gets removed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509_vfy.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index b400ce4ad6..c8ebc50857 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -461,12 +461,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) } else { allow_proxy_certs = ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); - /* - * A hack to keep people who don't want to modify their software - * happy - */ - if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) - allow_proxy_certs = 1; purpose = ctx->param->purpose; } |