When the proxy cert code was initially added, some application authors
wanted to get them verified without having to change their code, so a
check of the env var OPENSSL_ALLOW_PROXY_CERTS was added.
Since then, the use of this variable has become irrelevant, as it's
likely that code has been changed since, so it's time it gets removed.
Reviewed-by: Tim Hudson <tjh@openssl.org>
} else {
allow_proxy_certs =
! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
- /*
- * A hack to keep people who don't want to modify their software
- * happy
- */
- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
- allow_proxy_certs = 1;
purpose = ctx->param->purpose;
}