Remove SSL_CTX_set_rsa_pss_rsae_certs_enabled.

We never ended up using this, and it'll only become less relevant over
time.

Change-Id: I44c750aee24df8e9eecc28b46540d8b3139004ff
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/39608
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 1 insertions, 4 deletions

diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc
index c7d7fb6..dfe14bf 100644
--- a/ssl/handshake_server.cc
+++ b/ssl/handshake_server.cc
@@ -1092,12 +1092,9 @@ static enum ssl_hs_wait_t do_send_server_hello_done(SSL_HANDSHAKE *hs) {
         !CBB_add_u8_length_prefixed(&body, &cert_types) ||
         !CBB_add_u8(&cert_types, SSL3_CT_RSA_SIGN) ||
         !CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN) ||
-        // TLS 1.2 has no way to specify different signature algorithms for
-        // certificates and the online signature, so emit the more restrictive
-        // certificate list.
         (ssl_protocol_version(ssl) >= TLS1_2_VERSION &&
          (!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
-          !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb, true /* certs */))) ||
+          !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb))) ||
         !ssl_add_client_CA_list(hs, &body) ||
         !ssl_add_message_cbb(ssl, cbb.get())) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);