From 1ac7cf52ef40cb08a9f91440c03a3764a2a9e9ed Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sat, 28 Jan 2023 19:08:09 +0000
Subject: [PATCH] Stop relying on x509_verify.h being public

Use x509_verify.h from the libcrypto sources instead of the public copy.

The x509_verify.h header was installed as a public header since early on
we had ideas of using a public API in libtls, but we eventually decided
against that. It makes no sense to install a public header that hides
everything behind LIBRESSL_INTERNAL. The public API will not be exposed
anytime soon if at all.

ok jsing
---
 lib/libcrypto/x509/x509_internal.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/libcrypto/x509/x509_internal.h b/lib/libcrypto/x509/x509_internal.h
index cb80005075a..c4222bcfe55 100644
--- a/lib/libcrypto/x509/x509_internal.h
+++ b/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_internal.h,v 1.24 2023/01/20 22:00:47 job Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.25 2023/01/28 19:08:09 tb Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -20,10 +20,9 @@
 /* Internal use only, not public API */
 #include <netinet/in.h>
 
-#include <openssl/x509_verify.h>
-
 #include "bytestring.h"
 #include "x509_local.h"
+#include "x509_verify.h"
 
 /* Hard limits on structure size and number of signature checks. */
 #define X509_VERIFY_MAX_CHAINS		8	/* Max validated chains */
-- 
2.20.1