Commit 8e21938c authored Jun 30, 2016 by Richard Levitte

Remove the envvar hack to enable proxy cert processing

When the proxy cert code was initially added, some application authors
wanted to get them verified without having to change their code, so a
check of the env var OPENSSL_ALLOW_PROXY_CERTS was added.

Since then, the use of this variable has become irrelevant, as it's
likely that code has been changed since, so it's time it gets removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>

parent 6b4a77f5

crypto/x509/x509_vfy.c

+0 −6

Original line number	Diff line number	Diff line
		@@ -461,12 +461,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
		} else {
		allow_proxy_certs =
		! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
		/*
		* A hack to keep people who don't want to modify their software
		* happy
		*/
		if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
		allow_proxy_certs = 1;
		purpose = ctx->param->purpose;
		}