From 4f80dfe9175818c95601080a13eaa12f62cbe806 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 16 Dec 2021 06:32:56 +0000
Subject: unifdef TLS13_USE_LEGACY_CLIENT_AUTH

Before the TLSv1.3 stack grew client certificate support, it fell back
to the legacy stack. Proper client certificate support was added in a2k20
with a TLS13_USE_LEGACY_CLIENT_AUTH knob to provide an easy fallback in
case the new code should have a problem. This was never needed.

As ifdefed code is wont to do, this bitrotted a few months later when
the client and server methods were merged.

discussed with jsing
---
 src/lib/libssl/tls13_legacy.c | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

(limited to 'src/lib/libssl')

diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 18e6fa3681..e54db03e3c 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_legacy.c,v 1.32 2021/10/23 14:40:54 jsing Exp $ */
+/*	$OpenBSD: tls13_legacy.c,v 1.33 2021/12/16 06:32:56 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -445,14 +445,6 @@ tls13_legacy_connect(SSL *ssl)
 	struct tls13_ctx *ctx = ssl->internal->tls13;
 	int ret;
 
-#ifdef TLS13_USE_LEGACY_CLIENT_AUTH
-	/* XXX drop back to legacy for client auth for now */
-	if (ssl->cert->key->privatekey != NULL) {
-		ssl->method = tls_legacy_client_method();
-		return ssl->method->ssl_connect(ssl);
-	}
-#endif
-
 	if (ctx == NULL) {
 		if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) {
 			SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-- 
cgit v1.2.3-55-g6feb