unifdef TLS13_USE_LEGACY_CLIENT_AUTH

Before the TLSv1.3 stack grew client certificate support, it fell back
to the legacy stack. Proper client certificate support was added in a2k20
with a TLS13_USE_LEGACY_CLIENT_AUTH knob to provide an easy fallback in
case the new code should have a problem. This was never needed.

As ifdefed code is wont to do, this bitrotted a few months later when
the client and server methods were merged.

discussed with jsing

1 files changed, 1 insertions, 9 deletions

diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 18e6fa3681..e54db03e3c 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.32 2021/10/23 14:40:54 jsing Exp $ */
+/*      $OpenBSD: tls13_legacy.c,v 1.33 2021/12/16 06:32:56 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -445,14 +445,6 @@ tls13_legacy_connect(SSL *ssl)
         struct tls13_ctx *ctx = ssl->internal->tls13;
         int ret;
 
-#ifdef TLS13_USE_LEGACY_CLIENT_AUTH
-        /* XXX drop back to legacy for client auth for now */
-        if (ssl->cert->key->privatekey != NULL) {
-                ssl->method = tls_legacy_client_method();
-                return ssl->method->ssl_connect(ssl);
-        }
-#endif
-
         if (ctx == NULL) {
                 if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) {
                         SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */