Remove the envvar hack to enable proxy cert processing

When the proxy cert code was initially added, some application authors
wanted to get them verified without having to change their code, so a
check of the env var OPENSSL_ALLOW_PROXY_CERTS was added.

Since then, the use of this variable has become irrelevant, as it's
likely that code has been changed since, so it's time it gets removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index b400ce4ad63aa6de2c95d0715c3c08cc374f7108..c8ebc5085784c63f43b67daff445ef8684b598d6 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -461,12 +461,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
     } else {
         allow_proxy_certs =
             ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-        /*
-         * A hack to keep people who don't want to modify their software
-         * happy
-         */
-        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-            allow_proxy_certs = 1;
         purpose = ctx->param->purpose;
     }