From: tb Date: Thu, 16 Dec 2021 06:32:56 +0000 (+0000) Subject: unifdef TLS13_USE_LEGACY_CLIENT_AUTH X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c8fc88f65ec39023e6f7f24cc3f910ac34b3e8ef;p=openbsd unifdef TLS13_USE_LEGACY_CLIENT_AUTH Before the TLSv1.3 stack grew client certificate support, it fell back to the legacy stack. Proper client certificate support was added in a2k20 with a TLS13_USE_LEGACY_CLIENT_AUTH knob to provide an easy fallback in case the new code should have a problem. This was never needed. As ifdefed code is wont to do, this bitrotted a few months later when the client and server methods were merged. discussed with jsing --- diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c index 18e6fa36816..e54db03e3c1 100644 --- a/lib/libssl/tls13_legacy.c +++ b/lib/libssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.32 2021/10/23 14:40:54 jsing Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.33 2021/12/16 06:32:56 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -445,14 +445,6 @@ tls13_legacy_connect(SSL *ssl) struct tls13_ctx *ctx = ssl->internal->tls13; int ret; -#ifdef TLS13_USE_LEGACY_CLIENT_AUTH - /* XXX drop back to legacy for client auth for now */ - if (ssl->cert->key->privatekey != NULL) { - ssl->method = tls_legacy_client_method(); - return ssl->method->ssl_connect(ssl); - } -#endif - if (ctx == NULL) { if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) { SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */