From 8e21938ce3a5306df753eb40a20fe30d17cf4a68 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Thu, 30 Jun 2016 01:23:36 +0200 Subject: [PATCH] Remove the envvar hack to enable proxy cert processing When the proxy cert code was initially added, some application authors wanted to get them verified without having to change their code, so a check of the env var OPENSSL_ALLOW_PROXY_CERTS was added. Since then, the use of this variable has become irrelevant, as it's likely that code has been changed since, so it's time it gets removed. Reviewed-by: Tim Hudson --- crypto/x509/x509_vfy.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index b400ce4ad6..c8ebc50857 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -461,12 +461,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) } else { allow_proxy_certs = ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); - /* - * A hack to keep people who don't want to modify their software - * happy - */ - if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) - allow_proxy_certs = 1; purpose = ctx->param->purpose; } -- 2.25.1