From ad8ed8f2cc739b8c0024967dceb20a06ff5cd86a Mon Sep 17 00:00:00 2001
From: beck <>
Date: Thu, 17 Nov 2022 00:42:12 +0000
Subject: Revert "Check certificate extensions in trusted certificates"

There are some possible strange side effects noticed by the
openssl cms regress tests that I missed. Backing this out
until I untangle it

ok tb@
---
 src/lib/libcrypto/x509/x509_trs.c | 20 ++++----------------
 1 file changed, 4 insertions(+), 16 deletions(-)

(limited to 'src/lib/libcrypto/x509/x509_trs.c')

diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index b075d1b6c8..c4d371446c 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.28 2022/11/14 17:48:50 beck Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.29 2022/11/17 00:42:12 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -111,8 +111,8 @@ int
 }
 LCRYPTO_ALIAS(X509_TRUST_set_default)
 
-static int
-X509_check_trust_internal(X509 *x, int id, int flags, int compat)
+int
+X509_check_trust(X509 *x, int id, int flags)
 {
 	X509_TRUST *pt;
 	int idx;
@@ -133,7 +133,7 @@ X509_check_trust_internal(X509 *x, int id, int flags, int compat)
 		rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
 		if (rv != X509_TRUST_UNTRUSTED)
 			return rv;
-		return compat && trust_compat(NULL, x, 0);
+		return trust_compat(NULL, x, 0);
 	}
 	idx = X509_TRUST_get_by_id(id);
 	if (idx == -1)
@@ -143,18 +143,6 @@ X509_check_trust_internal(X509 *x, int id, int flags, int compat)
 }
 LCRYPTO_ALIAS(X509_check_trust)
 
-int
-X509_check_trust(X509 *x, int id, int flags)
-{
-	return X509_check_trust_internal(x, id, flags, /*compat =*/1);
-}
-
-int
-x509_check_trust_no_compat(X509 *x, int id, int flags)
-{
-	return X509_check_trust_internal(x, id, flags, /*compat =*/0);
-}
-
 int
 X509_TRUST_get_count(void)
 {
-- 
cgit v1.2.3-55-g6feb