3 files changed, 8 insertions, 28 deletions

diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 032210424d..7b7d14a950 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_dir.c,v 1.36 2015/02/12 03:54:07 jsing Exp $ */
+/* $OpenBSD: by_dir.c,v 1.37 2015/04/11 16:03:21 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -124,20 +124,14 @@ dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
 {
         int ret = 0;
         BY_DIR *ld;
-        char *dir = NULL;
 
         ld = (BY_DIR *)ctx->method_data;
 
         switch (cmd) {
         case X509_L_ADD_DIR:
                 if (argl == X509_FILETYPE_DEFAULT) {
-                        if (issetugid() == 0)
-                                dir = getenv(X509_get_default_cert_dir_env());
-                        if (dir)
-                                ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
-                        else
-                                ret = add_cert_dir(ld, X509_get_default_cert_dir(),
-                                    X509_FILETYPE_PEM);
+                        ret = add_cert_dir(ld, X509_get_default_cert_dir(),
+                            X509_FILETYPE_PEM);
                         if (!ret) {
                                 X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR);
                         }
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c
index 91a8e781b2..68920271fc 100644
--- a/src/lib/libcrypto/x509/by_file.c
+++ b/src/lib/libcrypto/x509/by_file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: by_file.c,v 1.18 2015/02/05 01:33:22 reyk Exp $ */
+/* $OpenBSD: by_file.c,v 1.19 2015/04/11 16:03:21 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -94,21 +94,13 @@ by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
     char **ret)
 {
         int ok = 0;
-        char *file = NULL;
 
         switch (cmd) {
         case X509_L_FILE_LOAD:
                 if (argl == X509_FILETYPE_DEFAULT) {
-                        if (issetugid() == 0)
-                                file = getenv(X509_get_default_cert_file_env());
-                        if (file)
-                                ok = (X509_load_cert_crl_file(ctx, file,
-                                    X509_FILETYPE_PEM) != 0);
-                        else
-                                ok = (X509_load_cert_crl_file(ctx,
-                                    X509_get_default_cert_file(),
-                                    X509_FILETYPE_PEM) != 0);
-
+                        ok = (X509_load_cert_crl_file(ctx,
+                            X509_get_default_cert_file(),
+                            X509_FILETYPE_PEM) != 0);
                         if (!ok) {
                                 X509err(X509_F_BY_FILE_CTRL,
                                     X509_R_LOADING_DEFAULTS);
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index c383fda4f2..442035625a 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.40 2015/02/11 02:17:59 jsing Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.41 2015/04/11 16:03:21 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -483,12 +483,6 @@ check_chain_extensions(X509_STORE_CTX *ctx)
         } else {
                 allow_proxy_certs =
                     !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-#if 0
-                /* A hack to keep people who don't want to modify their
-                   software happy */
-                if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-                        allow_proxy_certs = 1;
-#endif
                 purpose = ctx->param->purpose;
         }