From: tb Date: Sun, 16 Apr 2023 07:59:57 +0000 (+0000) Subject: Remove some dead code from the new verifier X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=8d068057b2a5a391499711fa746ce194bccc8a0d;p=openbsd Remove some dead code from the new verifier The new verifier API is currently unused as we still operate the verifier in legacy mode. Therefore ctx->xsc is always set and the EXFLAG_PROXY will soon be dropped from the library, so this error on encountering proxy certs is effectively doubly dead code. ok jsing --- diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index c60bdf743fa..6cb372dbce0 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.63 2023/01/20 22:00:47 job Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.64 2023/04/16 07:59:57 tb Exp $ */ /* * Copyright (c) 2020-2021 Bob Beck * @@ -907,12 +907,6 @@ x509_verify_cert_extensions(struct x509_verify_ctx *ctx, X509 *cert, int need_ca return 0; } - /* XXX support proxy certs later in new api */ - if (ctx->xsc == NULL && cert->ex_flags & EXFLAG_PROXY) { - ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; - return 0; - } - return 1; }