unifdef TLS13_USE_LEGACY_CLIENT_AUTH

Before the TLSv1.3 stack grew client certificate support, it fell back
to the legacy stack. Proper client certificate support was added in a2k20
with a TLS13_USE_LEGACY_CLIENT_AUTH knob to provide an easy fallback in
case the new code should have a problem. This was never needed.

As ifdefed code is wont to do, this bitrotted a few months later when
the client and server methods were merged.

discussed with jsing

diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c
index 18e6fa3..e54db03 100644 (file)
--- a/lib/libssl/tls13_legacy.c
+++ b/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: tls13_legacy.c,v 1.32 2021/10/23 14:40:54 jsing Exp $ */
+/*     $OpenBSD: tls13_legacy.c,v 1.33 2021/12/16 06:32:56 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -445,14 +445,6 @@ tls13_legacy_connect(SSL *ssl)
        struct tls13_ctx *ctx = ssl->internal->tls13;
        int ret;
 
-#ifdef TLS13_USE_LEGACY_CLIENT_AUTH
-       /* XXX drop back to legacy for client auth for now */
-       if (ssl->cert->key->privatekey != NULL) {
-               ssl->method = tls_legacy_client_method();
-               return ssl->method->ssl_connect(ssl);
-       }
-#endif
-
        if (ctx == NULL) {
                if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) {
                        SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */