Remove the envvar hack to enable proxy cert processing

When the proxy cert code was initially added, some application authors wanted to get them verified without having to change their code, so a check of the env var OPENSSL_ALLOW_PROXY_CERTS was added. Since then, the use of this variable has become irrelevant, as it's likely that code has been changed since, so it's time it gets removed. Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Richard Levitte <levitte@openssl.org> 2016-06-30 01:23:36 +0200
committer: Richard Levitte <levitte@openssl.org> 2016-06-30 01:37:40 +0200
commit: 8e21938ce3a5306df753eb40a20fe30d17cf4a68 (patch)
tree: ce3254d78d941a61965be520540cea745aa170d0 /crypto/x509
parent: 6b4a77f56e14c002ce3cf960f622682be3b8424b (diff)
1 files changed, 0 insertions, 6 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index b400ce4ad6..c8ebc50857 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -461,12 +461,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
     } else {
         allow_proxy_certs =
             ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-        /*
-         * A hack to keep people who don't want to modify their software
-         * happy
-         */
-        if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-            allow_proxy_certs = 1;
         purpose = ctx->param->purpose;
     }
author	Richard Levitte <levitte@openssl.org>	2016-06-30 01:23:36 +0200
committer	Richard Levitte <levitte@openssl.org>	2016-06-30 01:37:40 +0200
commit	8e21938ce3a5306df753eb40a20fe30d17cf4a68 (patch)
tree	ce3254d78d941a61965be520540cea745aa170d0 /crypto/x509
parent	6b4a77f56e14c002ce3cf960f622682be3b8424b (diff)