diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-04-11 16:03:21 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-04-11 16:03:21 +0000 |
| commit | 920ccb623f2ff40701397bf8b898c6ebdf3a73a1 (patch) | |
| tree | 42f30243fc29ec194cff8931d1faf2328e35f8bb /lib/libcrypto/x509/x509_vfy.c | |
| parent | Put back a goto end that was unintentionally removed. (diff) | |
| download | wireguard-openbsd-920ccb623f2ff40701397bf8b898c6ebdf3a73a1.tar.xz wireguard-openbsd-920ccb623f2ff40701397bf8b898c6ebdf3a73a1.zip | |
Remove all getenv() calls, especially those wrapped by issetugid().
getenv()'s wrapped by issetugid() are safe, but issetugid() is correct
difficult to impliment on many operating systems. By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems. Noone noticed & complained that
certain environment variables were not working.......
ok doug beck jsing, discussion with others
Diffstat (limited to 'lib/libcrypto/x509/x509_vfy.c')
| -rw-r--r-- | lib/libcrypto/x509/x509_vfy.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index c383fda4f2d..442035625a8 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.40 2015/02/11 02:17:59 jsing Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.41 2015/04/11 16:03:21 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -483,12 +483,6 @@ check_chain_extensions(X509_STORE_CTX *ctx) } else { allow_proxy_certs = !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); -#if 0 - /* A hack to keep people who don't want to modify their - software happy */ - if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS")) - allow_proxy_certs = 1; -#endif purpose = ctx->param->purpose; } |