instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first,
especially since it had this special comment:
/* A hack to keep people who don't want to modify their software happy */
ok beck jsing
-/* $OpenBSD: x509_vfy.c,v 1.35 2014/07/12 14:58:32 miod Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.36 2014/07/12 17:35:23 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
} else {
allow_proxy_certs =
!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+#if 0
/* A hack to keep people who don't want to modify their
software happy */
if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS"))
allow_proxy_certs = 1;
+#endif
purpose = ctx->param->purpose;
}
-/* $OpenBSD: x509_vfy.c,v 1.35 2014/07/12 14:58:32 miod Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.36 2014/07/12 17:35:23 deraadt Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
} else {
allow_proxy_certs =
!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+#if 0
/* A hack to keep people who don't want to modify their
software happy */
if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS"))
allow_proxy_certs = 1;
+#endif
purpose = ctx->param->purpose;
}
projects / openbsd / commitdiff