[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Fri Aug 19 17:46:38 UTC 2016
The branch master has been updated
via bb1c5bbe6b5a5d3d21d4577fdf2d8e6f2bb78223 (commit)
via 2729f62794bbef7a7455388034b540b9d292c624 (commit)
via 568ce3a583a17c33feacbf5028ece9f7f0680478 (commit)
from c4fbed6c3139726fc719a703d2195f3b6426b748 (commit)
- Log -----------------------------------------------------------------
commit bb1c5bbe6b5a5d3d21d4577fdf2d8e6f2bb78223
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Aug 19 16:51:07 2016 +0100
make update
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 2729f62794bbef7a7455388034b540b9d292c624
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Aug 19 15:30:13 2016 +0100
rename ordinals
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 568ce3a583a17c33feacbf5028ece9f7f0680478
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Fri Aug 19 12:39:57 2016 +0100
Constify certificate and CRL time routines.
Update certificate and CRL time routines to match new standard.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 4 ++--
apps/ca.c | 16 +++++++-------
apps/crl.c | 6 ++---
apps/s_cb.c | 4 ++--
apps/x509.c | 6 ++---
crypto/x509/t_crl.c | 6 ++---
crypto/x509/t_x509.c | 4 ++--
crypto/x509/x509_set.c | 18 ++++++++++++---
crypto/x509/x509_vfy.c | 18 +++++++--------
crypto/x509/x509cset.c | 20 +++++++++++++----
doc/crypto/X509_get_notBefore.pod | 46 ++++++++++++++++++++++++---------------
include/openssl/x509.h | 32 ++++++++++++++++++++-------
util/libcrypto.num | 20 ++++++++++-------
13 files changed, 127 insertions(+), 73 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index 1ce632f..23c6569 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2604,7 +2604,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
goto err;
}
- if (!X509_set_notBefore(x, tm))
+ if (!X509_set1_notBefore(x, tm))
goto err;
if (enddate == NULL) {
@@ -2614,7 +2614,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
goto err;
}
- if (!X509_set_notAfter(x, tm))
+ if (!X509_set1_notAfter(x, tm))
goto err;
rv = 1;
diff --git a/apps/ca.c b/apps/ca.c
index ef61de2..3db3f99 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1100,13 +1100,13 @@ end_of_options:
if (tmptm == NULL)
goto end;
X509_gmtime_adj(tmptm, 0);
- X509_CRL_set_lastUpdate(crl, tmptm);
+ X509_CRL_set1_lastUpdate(crl, tmptm);
if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
NULL)) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n");
goto end;
}
- X509_CRL_set_nextUpdate(crl, tmptm);
+ X509_CRL_set1_nextUpdate(crl, tmptm);
ASN1_TIME_free(tmptm);
@@ -1377,7 +1377,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
{
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
NULL;
- ASN1_UTCTIME *tm;
+ const ASN1_TIME *tm;
ASN1_STRING *str, *str2;
ASN1_OBJECT *obj;
X509 *ret = NULL;
@@ -1703,7 +1703,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (enddate != NULL) {
int tdays;
- ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret));
+ ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
days = tdays;
}
@@ -1789,7 +1789,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
}
BIO_printf(bio_err, "Certificate is to be certified until ");
- ASN1_TIME_print(bio_err, X509_get_notAfter(ret));
+ ASN1_TIME_print(bio_err, X509_get0_notAfter(ret));
if (days)
BIO_printf(bio_err, " (%ld days)", days);
BIO_printf(bio_err, "\n");
@@ -1822,7 +1822,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* We now just add it to the database */
row[DB_type] = OPENSSL_strdup("V");
- tm = X509_get_notAfter(ret);
+ tm = X509_get0_notAfter(ret);
row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate");
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
@@ -2021,7 +2021,7 @@ static int check_time_format(const char *str)
static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
{
- ASN1_UTCTIME *tm = NULL;
+ const ASN1_TIME *tm = NULL;
char *row[DB_NUMBER], **rrow, **irow;
char *rev_str = NULL;
BIGNUM *bn = NULL;
@@ -2054,7 +2054,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
/* We now just add it to the database */
row[DB_type] = OPENSSL_strdup("V");
- tm = X509_get_notAfter(x509);
+ tm = X509_get0_notAfter(x509);
row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data");
memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0';
diff --git a/apps/crl.c b/apps/crl.c
index 3dbbc0c..5e0fbe5 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -285,13 +285,13 @@ int crl_main(int argc, char **argv)
#endif
if (lastupdate == i) {
BIO_printf(bio_out, "lastUpdate=");
- ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x));
+ ASN1_TIME_print(bio_out, X509_CRL_get0_lastUpdate(x));
BIO_printf(bio_out, "\n");
}
if (nextupdate == i) {
BIO_printf(bio_out, "nextUpdate=");
- if (X509_CRL_get_nextUpdate(x))
- ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x));
+ if (X509_CRL_get0_nextUpdate(x))
+ ASN1_TIME_print(bio_out, X509_CRL_get0_nextUpdate(x));
else
BIO_printf(bio_out, "NONE");
BIO_printf(bio_out, "\n");
diff --git a/apps/s_cb.c b/apps/s_cb.c
index e960b94..9535f12 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -82,13 +82,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(bio_err, "notBefore=");
- ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
+ ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
BIO_printf(bio_err, "\n");
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(bio_err, "notAfter=");
- ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
+ ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
BIO_printf(bio_err, "\n");
break;
case X509_V_ERR_NO_EXPLICIT_POLICY:
diff --git a/apps/x509.c b/apps/x509.c
index 0cb38b7..05aa554 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -746,11 +746,11 @@ int x509_main(int argc, char **argv)
X509_print_ex(out, x, nmflag, certflag);
} else if (startdate == i) {
BIO_puts(out, "notBefore=");
- ASN1_TIME_print(out, X509_get_notBefore(x));
+ ASN1_TIME_print(out, X509_get0_notBefore(x));
BIO_puts(out, "\n");
} else if (enddate == i) {
BIO_puts(out, "notAfter=");
- ASN1_TIME_print(out, X509_get_notAfter(x));
+ ASN1_TIME_print(out, X509_get0_notAfter(x));
BIO_puts(out, "\n");
} else if (fingerprint == i) {
int j;
@@ -837,7 +837,7 @@ int x509_main(int argc, char **argv)
if (checkend) {
time_t tcheck = time(NULL) + checkoffset;
- if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) {
+ if (X509_cmp_time(X509_get0_notAfter(x), &tcheck) < 0) {
BIO_printf(out, "Certificate will expire\n");
ret = 1;
} else {
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c
index 2451ee7..de0320d 100644
--- a/crypto/x509/t_crl.c
+++ b/crypto/x509/t_crl.c
@@ -51,10 +51,10 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
BIO_printf(out, "%8sIssuer: %s\n", "", p);
OPENSSL_free(p);
BIO_printf(out, "%8sLast Update: ", "");
- ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x));
+ ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
BIO_printf(out, "\n%8sNext Update: ", "");
- if (X509_CRL_get_nextUpdate(x))
- ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x));
+ if (X509_CRL_get0_nextUpdate(x))
+ ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));
else
BIO_printf(out, "NONE");
BIO_printf(out, "\n");
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 5d7c130..feeff75 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -129,11 +129,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
goto err;
if (BIO_write(bp, " Not Before: ", 24) <= 0)
goto err;
- if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
+ if (!ASN1_TIME_print(bp, X509_get0_notBefore(x)))
goto err;
if (BIO_write(bp, "\n Not After : ", 25) <= 0)
goto err;
- if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
+ if (!ASN1_TIME_print(bp, X509_get0_notAfter(x)))
goto err;
if (BIO_write(bp, "\n", 1) <= 0)
goto err;
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 3cebf6e..8bf367b 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -71,14 +71,14 @@ int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
return (in != NULL);
}
-int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
return x509_set1_time(&x->cert_info.validity.notBefore, tm);
}
-int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
@@ -109,7 +109,18 @@ long X509_get_version(const X509 *x)
return ASN1_INTEGER_get(x->cert_info.version);
}
-ASN1_TIME * X509_get_notBefore(const X509 *x)
+const ASN1_TIME *X509_get0_notBefore(const X509 *x)
+{
+ return x->cert_info.validity.notBefore;
+}
+
+const ASN1_TIME *X509_get0_notAfter(const X509 *x)
+{
+ return x->cert_info.validity.notAfter;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TIME *X509_get_notBefore(const X509 *x)
{
return x->cert_info.validity.notBefore;
}
@@ -118,6 +129,7 @@ ASN1_TIME *X509_get_notAfter(const X509 *x)
{
return x->cert_info.validity.notAfter;
}
+#endif
int X509_get_signature_type(const X509 *x)
{
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 36baeac..13a9ba3 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -921,7 +921,7 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
else
ptime = NULL;
- i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
+ i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
if (i == 0) {
if (!notify)
return 0;
@@ -936,8 +936,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
return 0;
}
- if (X509_CRL_get_nextUpdate(crl)) {
- i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
+ if (X509_CRL_get0_nextUpdate(crl)) {
+ i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime);
if (i == 0) {
if (!notify)
@@ -979,8 +979,8 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
/* If current CRL is equivalent use it if it is newer */
if (crl_score == best_score) {
int day, sec;
- if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
- X509_CRL_get_lastUpdate(crl)) == 0)
+ if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
+ X509_CRL_get0_lastUpdate(crl)) == 0)
continue;
/*
* ASN1_TIME_diff never returns inconsistent signs for |day|
@@ -1646,7 +1646,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
else
ptime = NULL;
- i = X509_cmp_time(X509_get_notBefore(x), ptime);
+ i = X509_cmp_time(X509_get0_notBefore(x), ptime);
if (i >= 0 && depth < 0)
return 0;
if (i == 0 && !verify_cb_cert(ctx, x, depth,
@@ -1655,7 +1655,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
if (i > 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_NOT_YET_VALID))
return 0;
- i = X509_cmp_time(X509_get_notAfter(x), ptime);
+ i = X509_cmp_time(X509_get0_notAfter(x), ptime);
if (i <= 0 && depth < 0)
return 0;
if (i == 0 && !verify_cb_cert(ctx, x, depth,
@@ -1983,9 +1983,9 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
goto memerr;
- if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer)))
+ if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer)))
goto memerr;
- if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer)))
+ if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer)))
goto memerr;
/* Set base CRL number: must be critical */
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index 681c438..2057859 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -33,14 +33,14 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
return (X509_NAME_set(&x->crl.issuer, name));
}
-int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
return x509_set1_time(&x->crl.lastUpdate, tm);
}
-int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
if (x == NULL)
return 0;
@@ -80,16 +80,28 @@ long X509_CRL_get_version(const X509_CRL *crl)
return ASN1_INTEGER_get(crl->crl.version);
}
-ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl)
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
{
return crl->crl.lastUpdate;
}
-ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl)
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
{
return crl->crl.nextUpdate;
}
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
+{
+ return crl->crl.lastUpdate;
+}
+
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
+{
+ return crl->crl.nextUpdate;
+}
+#endif
+
X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
{
return crl->crl.issuer;
diff --git a/doc/crypto/X509_get_notBefore.pod b/doc/crypto/X509_get_notBefore.pod
index ebbd156..5fdc834 100644
--- a/doc/crypto/X509_get_notBefore.pod
+++ b/doc/crypto/X509_get_notBefore.pod
@@ -2,60 +2,67 @@
=head1 NAME
-X509_get_notBefore, X509_get_notAfter, X509_set_notBefore,
-X509_set_notAfter, X509_CRL_get_lastUpdate, X509_CRL_get_nextUpdate,
-X509_CRL_set_lastUpdate, X509_CRL_set_nextUpdate - get or set certificate
-or CRL dates
+X509_get0_notBefore, X509_get_notBefore, X509_get0_notAfter, X509_get_notAfter,
+X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate,
+X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate,
+X509_CRL_set1_nextUpdate - get or set certificate or CRL dates
=head1 SYNOPSIS
#include <openssl/x509.h>
+ const ASN1_TIME *X509_get0_notBefore(const X509 *x);
+ const ASN1_TIME *X509_get0_notAfter(const X509 *x);
+
ASN1_TIME *X509_get_notBefore(const X509 *x);
ASN1_TIME *X509_get_notAfter(const X509 *x);
- int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
- int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
+ int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
+ int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
- ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl);
- ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl);
+ const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
- int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
- int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+ int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+ int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
=head1 DESCRIPTION
-X509_get_notBefore() and X509_get_notAfter() return the B<notBefore>
+X509_get0_notBefore() and X509_get0_notAfter() return the B<notBefore>
and B<notAfter> fields of certificate B<x> respectively. The value
returned is an internal pointer which must not be freed up after
the call.
-X509_set_notBefore() and X509_set_notAfter() set the B<notBefore>
+X509_get_notBefore() and X509_get_notAfter() are similar to
+X509_get0_notBefore() and X509_get0_notAfter() except they do not
+return constant values. They are deprecated in OpenSSL 1.1.0
+
+X509_set1_notBefore() and X509_set1_notAfter() set the B<notBefore>
and B<notAfter> fields of B<x> to B<tm>. Ownership of the passed
parameter B<tm> is not transferred by these functions so it must
be freed up after the call.
-X509_CRL_get_lastUpdate() and X509_CRL_get_nextUpdate() return the
+X509_CRL_get0_lastUpdate() and X509_CRL_get0_nextUpdate() return the
B<lastUpdate> and B<nextUpdate> fields of B<crl>. The value
returned is an internal pointer which must not be freed up after
the call. If the B<nextUpdate> field is absent from B<crl> then
B<NULL> is returned.
-X509_CRL_set_lastUpdate() and X509_CRL_set_nextUpdate() set the B<lastUpdate>
+X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() set the B<lastUpdate>
and B<nextUpdate> fields of B<crl> to B<tm>. Ownership of the passed parameter
B<tm> is not transferred by these functions so it must be freed up after the
call.
=head1 RETURN VALUES
-X509_get_notBefore(), X509_get_notAfter() and X509_CRL_get_lastUpdate()
+X509_get0_notBefore(), X509_get0_notAfter() and X509_CRL_get0_lastUpdate()
return a pointer to an B<ASN1_TIME> structure.
-X509_CRL_get_lastUpdate() return a pointer to an B<ASN1_TIME> structure
+X509_CRL_get0_lastUpdate() return a pointer to an B<ASN1_TIME> structure
or NULL if the B<lastUpdate> field is absent.
-X509_set_notBefore(), X509_set_notAfter(), X509_CRL_set_lastUpdate() and
-X509_CRL_set_nextUpdate() return 1 for success or 0 for failure.
+X509_set1_notBefore(), X509_set1_notAfter(), X509_CRL_set1_lastUpdate() and
+X509_CRL_set1_nextUpdate() return 1 for success or 0 for failure.
=head1 SEE ALSO
@@ -80,6 +87,9 @@ L<X509_verify_cert(3)>
These functions are available in all versions of OpenSSL.
+X509_get_notBefore() and X509_get_notAfter() were deprecated in OpenSSL
+1.1.0
+
=head1 COPYRIGHT
Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index fe7fd78..8aa968d 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -622,13 +622,22 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name);
X509_NAME *X509_get_issuer_name(const X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name);
X509_NAME *X509_get_subject_name(const X509 *a);
-ASN1_TIME * X509_get_notBefore(const X509 *x);
-int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
-ASN1_TIME *X509_get_notAfter(const X509 *x);
-int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
+const ASN1_TIME * X509_get0_notBefore(const X509 *x);
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notBefore(const X509 *x))
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
+const ASN1_TIME *X509_get0_notAfter(const X509 *x);
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notAfter(const X509 *x))
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
int X509_up_ref(X509 *x);
int X509_get_signature_type(const X509 *x);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define X509_set_notBefore X509_set1_notBefore
+# define X509_set_notAfter X509_set1_notAfter
+#endif
+
+
/*
* This one is only used so that a binary form can output, as in
* i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
@@ -682,14 +691,21 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
int X509_CRL_set_version(X509_CRL *x, long version);
int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
-int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_sort(X509_CRL *crl);
int X509_CRL_up_ref(X509_CRL *crl);
+# if OPENSSL_API_COMPAT < 0x10100000L
+# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
+# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
+#endif
+
long X509_CRL_get_version(const X509_CRL *crl);
-ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl);
-ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl))
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl))
X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 19a8902..83b35ef 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -122,7 +122,7 @@ ENGINE_set_default_pkey_asn1_meths 121 1_1_0 EXIST::FUNCTION:ENGINE
OCSP_BASICRESP_add1_ext_i2d 122 1_1_0 EXIST::FUNCTION:OCSP
EVP_camellia_128_ctr 123 1_1_0 EXIST::FUNCTION:CAMELLIA
EVP_CIPHER_impl_ctx_size 124 1_1_0 EXIST::FUNCTION:
-X509_CRL_get_nextUpdate 125 1_1_0 EXIST::FUNCTION:
+X509_CRL_get_nextUpdate 125 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
PKCS12_free 126 1_1_0 EXIST::FUNCTION:
CMS_signed_get_attr 127 1_1_0 EXIST::FUNCTION:CMS
ENGINE_set_destroy_function 128 1_1_0 EXIST::FUNCTION:ENGINE
@@ -1053,7 +1053,7 @@ BN_get_word 1044 1_1_0 EXIST::FUNCTION:
EVP_CipherFinal 1045 1_1_0 EXIST::FUNCTION:
i2d_X509_bio 1046 1_1_0 EXIST::FUNCTION:
X509_EXTENSION_new 1047 1_1_0 EXIST::FUNCTION:
-X509_get_notAfter 1048 1_1_0 EXIST::FUNCTION:
+X509_get_notAfter 1048 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
X509_ALGOR_dup 1049 1_1_0 EXIST::FUNCTION:
d2i_X509_REQ_INFO 1050 1_1_0 EXIST::FUNCTION:
d2i_EC_PUBKEY_bio 1051 1_1_0 EXIST::FUNCTION:EC
@@ -1106,7 +1106,7 @@ UI_method_get_prompt_constructor 1097 1_1_0 EXIST::FUNCTION:UI
ASN1_NULL_it 1098 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ASN1_NULL_it 1098 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
X509_REQ_get_pubkey 1099 1_1_0 EXIST::FUNCTION:
-X509_CRL_set_nextUpdate 1100 1_1_0 EXIST::FUNCTION:
+X509_CRL_set1_nextUpdate 1100 1_1_0 EXIST::FUNCTION:
EVP_des_ede3_cfb64 1101 1_1_0 EXIST::FUNCTION:DES
BN_to_ASN1_INTEGER 1102 1_1_0 EXIST::FUNCTION:
EXTENDED_KEY_USAGE_free 1103 1_1_0 EXIST::FUNCTION:
@@ -2388,7 +2388,7 @@ ASN1_GENERALIZEDTIME_check 2356 1_1_0 EXIST::FUNCTION:
BN_clear_bit 2357 1_1_0 EXIST::FUNCTION:
BN_bn2lebinpad 2358 1_1_0 EXIST::FUNCTION:
EVP_PKEY_up_ref 2359 1_1_0 EXIST::FUNCTION:
-X509_get_notBefore 2360 1_1_0 EXIST::FUNCTION:
+X509_get_notBefore 2360 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
BN_nist_mod_224 2361 1_1_0 EXIST::FUNCTION:
DES_decrypt3 2362 1_1_0 EXIST::FUNCTION:DES
OTHERNAME_it 2363 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2465,7 +2465,7 @@ i2d_TS_MSG_IMPRINT_fp 2432 1_1_0 EXIST::FUNCTION:STDIO,TS
PKCS12_new 2433 1_1_0 EXIST::FUNCTION:
X509_REVOKED_set_serialNumber 2434 1_1_0 EXIST::FUNCTION:
EVP_get_digestbyname 2435 1_1_0 EXIST::FUNCTION:
-X509_CRL_get_lastUpdate 2436 1_1_0 EXIST::FUNCTION:
+X509_CRL_get_lastUpdate 2436 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
OBJ_create_objects 2437 1_1_0 EXIST::FUNCTION:
EVP_enc_null 2438 1_1_0 EXIST::FUNCTION:
OCSP_ONEREQ_get_ext_by_critical 2439 1_1_0 EXIST::FUNCTION:OCSP
@@ -2564,7 +2564,7 @@ DSA_sign 2527 1_1_0 EXIST::FUNCTION:DSA
RAND_egd 2528 1_1_0 EXIST::FUNCTION:EGD
ASN1_d2i_bio 2529 1_1_0 EXIST::FUNCTION:
X509_REQ_digest 2531 1_1_0 EXIST::FUNCTION:
-X509_set_notAfter 2532 1_1_0 EXIST::FUNCTION:
+X509_set1_notAfter 2532 1_1_0 EXIST::FUNCTION:
EVP_CIPHER_type 2533 1_1_0 EXIST::FUNCTION:
ASN1_TYPE_set_octetstring 2534 1_1_0 EXIST::FUNCTION:
EVP_PKEY_asn1_set_free 2535 1_1_0 EXIST::FUNCTION:
@@ -3303,7 +3303,7 @@ EVP_des_ede3_wrap 3252 1_1_0 EXIST::FUNCTION:DES
GENERAL_SUBTREE_it 3253 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
GENERAL_SUBTREE_it 3253 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
EVP_read_pw_string_min 3254 1_1_0 EXIST::FUNCTION:UI
-X509_set_notBefore 3255 1_1_0 EXIST::FUNCTION:
+X509_set1_notBefore 3255 1_1_0 EXIST::FUNCTION:
MD4 3256 1_1_0 EXIST::FUNCTION:MD4
EVP_PKEY_CTX_dup 3257 1_1_0 EXIST::FUNCTION:
ENGINE_setup_bsd_cryptodev 3258 1_1_0 EXIST:__FreeBSD__:FUNCTION:DEPRECATEDIN_1_1_0,ENGINE
@@ -3741,7 +3741,7 @@ OCSP_REVOKEDINFO_free 3693 1_1_0 EXIST::FUNCTION:OCSP
EVP_CIPHER_CTX_encrypting 3694 1_1_0 EXIST::FUNCTION:
EC_KEY_can_sign 3695 1_1_0 EXIST::FUNCTION:EC
PEM_write_bio_RSAPublicKey 3696 1_1_0 EXIST::FUNCTION:RSA
-X509_CRL_set_lastUpdate 3697 1_1_0 EXIST::FUNCTION:
+X509_CRL_set1_lastUpdate 3697 1_1_0 EXIST::FUNCTION:
OCSP_sendreq_nbio 3698 1_1_0 EXIST::FUNCTION:OCSP
PKCS8_encrypt 3699 1_1_0 EXIST::FUNCTION:
i2d_PKCS7_fp 3700 1_1_0 EXIST::FUNCTION:STDIO
@@ -4194,3 +4194,7 @@ ASN1_STRING_get0_data 4140 1_1_0 EXIST::FUNCTION:
X509_SIG_get0_mutable 4141 1_1_0 EXIST::FUNCTION:
X509_get0_serialNumber 4142 1_1_0 EXIST::FUNCTION:
PKCS12_get_attr 4143 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0
+X509_CRL_get0_lastUpdate 4144 1_1_0 EXIST::FUNCTION:
+X509_get0_notBefore 4145 1_1_0 EXIST::FUNCTION:
+X509_get0_notAfter 4146 1_1_0 EXIST::FUNCTION:
+X509_CRL_get0_nextUpdate 4147 1_1_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list