jsing and I are investigating removal of all? most? 'getenv from library'

instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first, especially since it had this special comment: /* A hack to keep people who don't want to modify their software happy */ ok beck jsing
author: deraadt <deraadt@openbsd.org> 2014-07-12 17:35:23 +0000
committer: deraadt <deraadt@openbsd.org> 2014-07-12 17:35:23 +0000
commit: 49f4ea824fd041df63bec8496680307d7f92b488 (patch)
tree: 64296435ba52fa13033f588bbb1676b2a5bb074b /lib/libssl
parent: more accept_rtadv removal; (diff)
download: wireguard-openbsd-49f4ea824fd041df63bec8496680307d7f92b488.tar.xz
wireguard-openbsd-49f4ea824fd041df63bec8496680307d7f92b488.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libssl/src/crypto/x509/x509_vfy.c b/lib/libssl/src/crypto/x509/x509_vfy.c
index d894facd473..0b0a2c56d2f 100644
--- a/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.35 2014/07/12 14:58:32 miod Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.36 2014/07/12 17:35:23 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -491,10 +491,12 @@ check_chain_extensions(X509_STORE_CTX *ctx)
 	} else {
 		allow_proxy_certs =
 		    !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+#if 0
 		/* A hack to keep people who don't want to modify their
 		   software happy */
 		if (issetugid() == 0 && getenv("OPENSSL_ALLOW_PROXY_CERTS"))
 			allow_proxy_certs = 1;
+#endif
 		purpose = ctx->param->purpose;
 	}
author	deraadt <deraadt@openbsd.org>	2014-07-12 17:35:23 +0000
committer	deraadt <deraadt@openbsd.org>	2014-07-12 17:35:23 +0000
commit	49f4ea824fd041df63bec8496680307d7f92b488 (patch)
tree	64296435ba52fa13033f588bbb1676b2a5bb074b /lib/libssl
parent	more accept_rtadv removal; (diff)
download	wireguard-openbsd-49f4ea824fd041df63bec8496680307d7f92b488.tar.xz wireguard-openbsd-49f4ea824fd041df63bec8496680307d7f92b488.zip