Stop relying on x509_verify.h being public

Use x509_verify.h from the libcrypto sources instead of the public copy.

The x509_verify.h header was installed as a public header since early on
we had ideas of using a public API in libtls, but we eventually decided
against that. It makes no sense to install a public header that hides
everything behind LIBRESSL_INTERNAL. The public API will not be exposed
anytime soon if at all.

ok jsing

diff --git a/lib/libcrypto/x509/x509_internal.h b/lib/libcrypto/x509/x509_internal.h
index cb80005..c4222bc 100644 (file)
--- a/lib/libcrypto/x509/x509_internal.h
+++ b/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_internal.h,v 1.24 2023/01/20 22:00:47 job Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.25 2023/01/28 19:08:09 tb Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -20,10 +20,9 @@
 /* Internal use only, not public API */
 #include <netinet/in.h>
 
-#include <openssl/x509_verify.h>
-
 #include "bytestring.h"
 #include "x509_local.h"
+#include "x509_verify.h"
 
 /* Hard limits on structure size and number of signature checks. */
 #define X509_VERIFY_MAX_CHAINS         8       /* Max validated chains */