[openssl] master update
dev at ddvo.net
dev at ddvo.net
Wed May 5 18:50:38 UTC 2021
The branch master has been updated
via a07b0bfb99169d23d2801b8aee210d98a0d12cac (commit)
from b0f960189b8696f878b163d7123afdb99dfdb738 (commit)
- Log -----------------------------------------------------------------
commit a07b0bfb99169d23d2801b8aee210d98a0d12cac
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Tue May 4 08:05:44 2021 +0200
Deprecate X509{,_CRL}_http_nbio() and simplify their definition
This is done by making use of OCSP_REQ_CTX_nbio_d2i().
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15131)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 5 +++++
doc/man3/X509_load_http.pod | 5 +++++
include/openssl/x509.h.in | 13 +++++++------
util/other.syms | 4 ++--
4 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 6e89f9814c..5c696ff65a 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -355,6 +355,11 @@ OpenSSL 3.0
*Rich Salz and Richard Levitte*
+ * Deprecated `X509_http_nbio()` and `X509_CRL_http_nbio()`,
+ which are superseded by `X509_load_http()` and `X509_CRL_load_http()`.
+
+ *David von Oheimb*
+
* Deprecated `OCSP_parse_url()`, which is replaced with `OSSL_HTTP_parse_url`.
*David von Oheimb*
diff --git a/doc/man3/X509_load_http.pod b/doc/man3/X509_load_http.pod
index a890f31ad8..9e54d31c42 100644
--- a/doc/man3/X509_load_http.pod
+++ b/doc/man3/X509_load_http.pod
@@ -15,6 +15,10 @@ X509_CRL_http_nbio
X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
#define X509_http_nbio(rctx, pcert)
#define X509_CRL_http_nbio(rctx, pcrl)
@@ -50,6 +54,7 @@ L<OSSL_HTTP_get_asn1(3)>
=head1 HISTORY
X509_load_http() and X509_CRL_load_http() were added in OpenSSL 3.0.
+X509_http_nbio() and X509_CRL_http_nbio() were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index 1726ecf4dc..4877fb21f9 100644
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -403,13 +403,14 @@ int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
unsigned char *md, unsigned int *len);
X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
-# define X509_http_nbio(rctx, pcert) \
- ((*(pcert) = \
- OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(X509))) != NULL)
X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
-# define X509_CRL_http_nbio(rctx, pcrl) \
- ((*(pcrl) = \
- OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(X509_CRL))) != NULL)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+# include <openssl/ocsp.h> /* OCSP_REQ_CTX_nbio_d2i */
+# define X509_http_nbio(rctx, pcert) \
+ OCSP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509))
+# define X509_CRL_http_nbio(rctx, pcrl) \
+ OCSP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL))
+# endif
# ifndef OPENSSL_NO_STDIO
X509 *d2i_X509_fp(FILE *fp, X509 **x509);
diff --git a/util/other.syms b/util/other.syms
index bd9f4d32a9..3f36f53076 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -589,8 +589,8 @@ SSLv23_client_method define
SSLv23_method define
SSLv23_server_method define
TLS_DEFAULT_CIPHERSUITES define deprecated 3.0.0
-X509_CRL_http_nbio define
-X509_http_nbio define
+X509_CRL_http_nbio define deprecated 3.0.0
+X509_http_nbio define deprecated 3.0.0
X509_LOOKUP_add_dir define
X509_LOOKUP_add_store define
X509_LOOKUP_add_store_ex define
More information about the openssl-commits
mailing list