diff options
| author | deraadt <> | 2014-07-12 17:35:23 +0000 |
|---|---|---|
| committer | deraadt <> | 2014-07-12 17:35:23 +0000 |
| commit | 9a6cbff11e469fd97a9dfc09e9d9970f0357b9fb (patch) | |
| tree | 695dff78e55b81f5d4b089316b42b258953e46d4 /src/lib | |
| parent | c4afb4cb87b8fb5bd5cc44e825ceb2ac53b3afad (diff) | |
| download | openbsd-9a6cbff11e469fd97a9dfc09e9d9970f0357b9fb.tar.gz openbsd-9a6cbff11e469fd97a9dfc09e9d9970f0357b9fb.tar.bz2 openbsd-9a6cbff11e469fd97a9dfc09e9d9970f0357b9fb.zip | |
jsing and I are investigating removal of all? most? 'getenv from library'
instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first,
especially since it had this special comment:
/* A hack to keep people who don't want to modify their software happy */
ok beck jsing
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 4 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/x509/x509_vfy.c | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index d894facd47..0b0a2c56d2 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.35 2014/07/12 14:58:32 miod Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.36 2014/07/12 17:35:23 deraadt Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -491,10 +491,12 @@ check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 491 | } else { | 491 | } else { |
| 492 | allow_proxy_certs = | 492 | allow_proxy_certs = |
| 493 | !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); | 493 | !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); |
| 494 | #if 0 | ||
| 494 | /* A hack to keep people who don't want to modify their | 495 | /* A hack to keep people who don't want to modify their |
| 495 | software happy */ | 496 | software happy */ |
| 496 | if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS")) | 497 | if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS")) |
| 497 | allow_proxy_certs = 1; | 498 | allow_proxy_certs = 1; |
| 499 | #endif | ||
| 498 | purpose = ctx->param->purpose; | 500 | purpose = ctx->param->purpose; |
| 499 | } | 501 | } |
| 500 | 502 | ||
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c index d894facd47..0b0a2c56d2 100644 --- a/src/lib/libssl/src/crypto/x509/x509_vfy.c +++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.35 2014/07/12 14:58:32 miod Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.36 2014/07/12 17:35:23 deraadt Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -491,10 +491,12 @@ check_chain_extensions(X509_STORE_CTX *ctx) | |||
| 491 | } else { | 491 | } else { |
| 492 | allow_proxy_certs = | 492 | allow_proxy_certs = |
| 493 | !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); | 493 | !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); |
| 494 | #if 0 | ||
| 494 | /* A hack to keep people who don't want to modify their | 495 | /* A hack to keep people who don't want to modify their |
| 495 | software happy */ | 496 | software happy */ |
| 496 | if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS")) | 497 | if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS")) |
| 497 | allow_proxy_certs = 1; | 498 | allow_proxy_certs = 1; |
| 499 | #endif | ||
| 498 | purpose = ctx->param->purpose; | 500 | purpose = ctx->param->purpose; |
| 499 | } | 501 | } |
| 500 | 502 | ||