kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove OPENSSL_ALLOW_PROXY_CERTS.

Browse Source 
One less random environment variable for us to be sensitive to. (We
should probably unwind all this proxy cert stuff. I don't believe they
are ever enabled.)

Change-Id: I74993178679ea49e60c81d8416e502cbebf02ec9
Reviewed-on: https://boringssl-review.googlesource.com/8948
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2016-07-26 12:59:20 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent ac6a84bc7a
commit 69e0a457a1
1 changed files with 0 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/x509/x509_vfy.c
View File

@ -588,12 +588,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
} else {
allow_proxy_certs =
! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
/*
* A hack to keep people who don't want to modify their software
* happy
*/
if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
allow_proxy_certs = 1;
purpose = ctx->param->purpose;
}