diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2023-04-16 07:59:58 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-04-16 07:59:58 +0000 |
| commit | aa728db86c499da17ff14c0c4c100a2007d3c06d (patch) | |
| tree | 9b1ff2c00afb7e29dd67edb43cfed7d8090c9752 | |
| parent | e0cd33684106140fe96331953a02dc364aa7067c (diff) | |
Remove some dead code from the new verifier
The new verifier API is currently unused as we still operate the verifier
in legacy mode. Therefore ctx->xsc is always set and the EXFLAG_PROXY will
soon be dropped from the library, so this error on encountering proxy certs
is effectively doubly dead code.
ok jsing
| -rw-r--r-- | lib/libcrypto/x509/x509_verify.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index c60bdf743fa..6cb372dbce0 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.63 2023/01/20 22:00:47 job Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.64 2023/04/16 07:59:57 tb Exp $ */ /* * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> * @@ -907,12 +907,6 @@ x509_verify_cert_extensions(struct x509_verify_ctx *ctx, X509 *cert, int need_ca return 0; } - /* XXX support proxy certs later in new api */ - if (ctx->xsc == NULL && cert->ex_flags & EXFLAG_PROXY) { - ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; - return 0; - } - return 1; } |