From a7684823670af05c7471e127a4e1e61ebf0ded64 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Mon, 14 Sep 2020 07:09:06 +0000
Subject: Enable the use of the new x509 chain validator by default.

ok jsing@ tb@
---
 src/lib/libcrypto/x509/x509_vpm.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index ca533e26d1..2c02b7bb74 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vpm.c,v 1.19 2020/09/13 15:06:17 beck Exp $ */
+/* $OpenBSD: x509_vpm.c,v 1.20 2020/09/14 07:09:06 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
@@ -178,8 +178,6 @@ x509_verify_param_zero(X509_VERIFY_PARAM *param)
 	/*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
 	param->inh_flags = 0;
 	param->flags = 0;
-	/* XXX remove to enable new verifier by default */
-	param->flags |= X509_V_FLAG_LEGACY_VERIFY;
 	param->depth = -1;
 	if (param->policies) {
 		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
-- 
cgit v1.2.3-55-g6feb