openssl: drop more legacy cruft

- drop `ALLOW_RENEG` undocumented (insecure) build-time option.
- drop unnecessary check for `OPENSSL_VERSION_NUMBER`.
  It's present in all supported OpenSSL versions and forks.

Follow-up to 80c10c5d5dda78c471924b251e9db59d653aba1e #18351
Follow-up to 59311bd3df5da6342312b5dc9b6c91fc2be77d4f #3293 #3283

Closes #18359

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 88c9608da2c8c124707b11c8ce1590ab5d1bbeb0..442543610ba95d03239878d024a67d893a400351 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -135,17 +135,6 @@ static void ossl_provider_cleanup(struct Curl_easy *data);
 #include "../curl_memory.h"
 #include "../memdebug.h"
 
-/* Uncomment the ALLOW_RENEG line to a real #define if you want to allow TLS
-   renegotiations when built with BoringSSL. Renegotiating is non-compliant
-   with HTTP/2 and "an extremely dangerous protocol feature". Beware.
-
-#define ALLOW_RENEG 1
- */
-
-#ifndef OPENSSL_VERSION_NUMBER
-#error "OPENSSL_VERSION_NUMBER not defined"
-#endif
-
 #if defined(USE_OPENSSL_ENGINE) || defined(OPENSSL_HAS_PROVIDERS)
 #include <openssl/ui.h>
 #endif
@@ -3933,11 +3922,6 @@ static CURLcode ossl_init_ssl(struct ossl_ctx *octx,
     SSL_set_tlsext_status_type(octx->ssl, TLSEXT_STATUSTYPE_ocsp);
 #endif
 
-#if (defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)) && \
-    defined(ALLOW_RENEG)
-  SSL_set_renegotiate_mode(octx->ssl, ssl_renegotiate_freely);
-#endif
-
   SSL_set_connect_state(octx->ssl);
 
   octx->server_cert = NULL;