Remove some dead code from the new verifier

The new verifier API is currently unused as we still operate the verifier in legacy mode. Therefore ctx->xsc is always set and the EXFLAG_PROXY will soon be dropped from the library, so this error on encountering proxy certs is effectively doubly dead code. ok jsing
author: tb <> 2023-04-16 07:59:57 +0000
committer: tb <> 2023-04-16 07:59:57 +0000
commit: 699a40dcab913cc71bfe12a9d96aabcdd691c77a (patch)
tree: b11a0240378138d18472d549633bcf26c8088649
parent: 3731ebaa0627ad10026d9d1e11639f40a751bf9d (diff)
download: openbsd-699a40dcab913cc71bfe12a9d96aabcdd691c77a.tar.gz
openbsd-699a40dcab913cc71bfe12a9d96aabcdd691c77a.tar.bz2
openbsd-699a40dcab913cc71bfe12a9d96aabcdd691c77a.zip
1 files changed, 1 insertions, 7 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index c60bdf743f..6cb372dbce 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.63 2023/01/20 22:00:47 job Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.64 2023/04/16 07:59:57 tb Exp $ */
 /*
 * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
 *
@@ -907,12 +907,6 @@ x509_verify_cert_extensions(struct x509_verify_ctx *ctx, X509 *cert, int need_ca
                return 0;
        }
-        /* XXX support proxy certs later in new api */
-        if (ctx->xsc == NULL && cert->ex_flags & EXFLAG_PROXY) {
-                ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
-                return 0;
-        }
        return 1;
 }
author	tb <>	2023-04-16 07:59:57 +0000
committer	tb <>	2023-04-16 07:59:57 +0000
commit	699a40dcab913cc71bfe12a9d96aabcdd691c77a (patch)
tree	b11a0240378138d18472d549633bcf26c8088649
parent	3731ebaa0627ad10026d9d1e11639f40a751bf9d (diff)
download	openbsd-699a40dcab913cc71bfe12a9d96aabcdd691c77a.tar.gz openbsd-699a40dcab913cc71bfe12a9d96aabcdd691c77a.tar.bz2 openbsd-699a40dcab913cc71bfe12a9d96aabcdd691c77a.zip