From c8fc88f65ec39023e6f7f24cc3f910ac34b3e8ef Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Thu, 16 Dec 2021 06:32:56 +0000
Subject: [PATCH] unifdef TLS13_USE_LEGACY_CLIENT_AUTH

Before the TLSv1.3 stack grew client certificate support, it fell back
to the legacy stack. Proper client certificate support was added in a2k20
with a TLS13_USE_LEGACY_CLIENT_AUTH knob to provide an easy fallback in
case the new code should have a problem. This was never needed.

As ifdefed code is wont to do, this bitrotted a few months later when
the client and server methods were merged.

discussed with jsing
---
 lib/libssl/tls13_legacy.c | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c
index 18e6fa36816..e54db03e3c1 100644
--- a/lib/libssl/tls13_legacy.c
+++ b/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_legacy.c,v 1.32 2021/10/23 14:40:54 jsing Exp $ */
+/*	$OpenBSD: tls13_legacy.c,v 1.33 2021/12/16 06:32:56 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -445,14 +445,6 @@ tls13_legacy_connect(SSL *ssl)
 	struct tls13_ctx *ctx = ssl->internal->tls13;
 	int ret;
 
-#ifdef TLS13_USE_LEGACY_CLIENT_AUTH
-	/* XXX drop back to legacy for client auth for now */
-	if (ssl->cert->key->privatekey != NULL) {
-		ssl->method = tls_legacy_client_method();
-		return ssl->method->ssl_connect(ssl);
-	}
-#endif
-
 	if (ctx == NULL) {
 		if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) {
 			SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-- 
2.20.1