From 3731ebaa0627ad10026d9d1e11639f40a751bf9d Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 16 Apr 2023 07:49:36 +0000
Subject: Drop support for the ProxyCertInfo extension

This removes the ProxyCertInfo extension from RFC 3820 from the list of
supported extensions. Since it is a critical extension, this means that
certificates containing it will no longer be considered valid by default.

ok jsing
---
 src/lib/libcrypto/x509/ext_dat.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/x509/ext_dat.h b/src/lib/libcrypto/x509/ext_dat.h
index 59815c95a6..253f1f844c 100644
--- a/src/lib/libcrypto/x509/ext_dat.h
+++ b/src/lib/libcrypto/x509/ext_dat.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ext_dat.h,v 1.4 2021/11/24 19:22:14 tb Exp $ */
+/* $OpenBSD: ext_dat.h,v 1.5 2023/04/16 07:49:36 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -69,7 +69,7 @@ extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
 extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
 extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
-extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
+extern X509V3_EXT_METHOD v3_crl_hold;
 extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
 extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
 extern const X509V3_EXT_METHOD v3_addr, v3_asid;
@@ -123,7 +123,6 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
 #ifndef OPENSSL_NO_OCSP
 	&v3_crl_hold,
 #endif
-	&v3_pci,
 	&v3_name_constraints,
 	&v3_policy_mappings,
 	&v3_inhibit_anyp,
-- 
cgit v1.2.3-55-g6feb