[dev.boringcrypto] crypto/x509: remove VerifyOptions.IsBoring

This API was added only for BoringCrypto, never shipped in standard
Go. This API is also not compatible with the expected future evolution
of crypto/x509, as we move closer to host verifiers on macOS and Windows.

If we want to merge BoringCrypto into the main tree, it is best not to
have differing API. So instead of a hook set by crypto/tls, move the
actual check directly into crypto/x509, eliminating the need for
exposed API.

For #51940.

Change-Id: Ia2ae98c745de818d39501777014ea8166cab0b03
Reviewed-on: https://go-review.googlesource.com/c/go/+/395878
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>

1 files changed, 0 insertions, 3 deletions

diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index 2d71d0869a..7606305c1d 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -817,9 +817,6 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 			Intermediates: x509.NewCertPool(),
 			KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
 		}
-		if needFIPS() {
-			opts.IsBoring = isBoringCertificate
-		}
 
 		for _, cert := range certs[1:] {
 			opts.Intermediates.AddCert(cert)