Remove some dead code from the new verifier

The new verifier API is currently unused as we still operate the verifier
in legacy mode. Therefore ctx->xsc is always set and the EXFLAG_PROXY will
soon be dropped from the library, so this error on encountering proxy certs
is effectively doubly dead code.

ok jsing

diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c
index c60bdf7..6cb372d 100644 (file)
--- a/lib/libcrypto/x509/x509_verify.c
+++ b/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.63 2023/01/20 22:00:47 job Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.64 2023/04/16 07:59:57 tb Exp $ */
 /*
  * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
  *
@@ -907,12 +907,6 @@ x509_verify_cert_extensions(struct x509_verify_ctx *ctx, X509 *cert, int need_ca
                return 0;
        }
 
-       /* XXX support proxy certs later in new api */
-       if (ctx->xsc == NULL && cert->ex_flags & EXFLAG_PROXY) {
-               ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
-               return 0;
-       }
-
        return 1;
 }