[openssl] master update

dev at ddvo.net dev at ddvo.net
Tue Dec 15 09:37:26 UTC 2020 

The branch master has been updated
       via  2f06c34b0eb658e80d82be8f7f0b54305a9cf68b (commit)
       via  ecef17c367a4d11cb08c6d255d857820df26aac0 (commit)
      from  249d559545ab61dcec5089db3380d19b0ab5cb42 (commit)


- Log -----------------------------------------------------------------
commit 2f06c34b0eb658e80d82be8f7f0b54305a9cf68b
Author: Rich Salz <rsalz at akamai.com>
Date:   Fri Dec 11 14:18:46 2020 -0500

    Document OCSP_REQ_CTX_i2d.
    
    Based on comments from David von Oheimb.
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13620)

commit ecef17c367a4d11cb08c6d255d857820df26aac0
Author: Rich Salz <rsalz at akamai.com>
Date:   Sat Dec 5 10:42:18 2020 -0500

    Deprecate OCSP_REQ_CTX_set1_req
    
    Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13620)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ocsp/ocsp_http.c       |  2 ++
 doc/man3/OCSP_sendreq_new.pod | 43 ++++++++++++++++++++++++++++++++++---------
 include/openssl/ocsp.h.in     |  4 +++-
 util/libcrypto.num            |  2 +-
 util/missingcrypto.txt        |  1 -
 5 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/crypto/ocsp/ocsp_http.c b/crypto/ocsp/ocsp_http.c
index cf4d69d849..eae6107dff 100644
--- a/crypto/ocsp/ocsp_http.c
+++ b/crypto/ocsp/ocsp_http.c
@@ -13,11 +13,13 @@
 
 #ifndef OPENSSL_NO_OCSP
 
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req)
 {
     return OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request",
                             ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req);
 }
+# endif
 
 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
                                int maxline)
diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod
index f3224daa92..0f9d1339c9 100644
--- a/doc/man3/OCSP_sendreq_new.pod
+++ b/doc/man3/OCSP_sendreq_new.pod
@@ -2,9 +2,15 @@
 
 =head1 NAME
 
-OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free,
-OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header,
-OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
+OCSP_sendreq_new,
+OCSP_sendreq_nbio,
+OCSP_REQ_CTX_free,
+OCSP_set_max_response_length,
+OCSP_REQ_CTX_add1_header,
+OCSP_sendreq_bio,
+OCSP_REQ_CTX_i2d,
+OCSP_REQ_CTX_set1_req
+- OCSP responder query functions
 
 =head1 SYNOPSIS
 
@@ -23,10 +29,17 @@ OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
  int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
                               const char *name, const char *value);
 
- int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
-
  OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
 
+ int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const char *content_type,
+                      const ASN1_ITEM *it, ASN1_VALUE *req);
+
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
+ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
+
 =head1 DESCRIPTION
 
 The function OCSP_sendreq_new() returns an B<OCSP_CTX> structure using the
@@ -50,19 +63,27 @@ It B<MUST> be called before any calls to OCSP_sendreq_nbio(). The B<req>
 parameter in the initial to OCSP_sendreq_new() call MUST be set to B<NULL> if
 additional headers are set.
 
-OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This
-function should be called after any calls to OCSP_REQ_CTX_add1_header().
-
 OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL
 path B<path>, the OCSP request B<req> and with a response header maximum line
 length 4k. It waits indefinitely on a response.
 
+OCSP_REQ_CTX_i2d() sets the request context B<rctx> to have the request
+B<req>, which has the ASN.1 type B<it>.
+The B<content_type>, if not NULL, will be included in the HTTP request.
+The function should be called after all other headers have already been added.
+
+OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following:
+
+ OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request",
+                        ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req)
+
 =head1 RETURN VALUES
 
 OCSP_sendreq_new() returns a valid B<OCSP_REQ_CTX> structure or B<NULL>
 if an error occurred.
 
-OCSP_sendreq_nbio(), OCSP_REQ_CTX_add1_header() and OCSP_REQ_CTX_set1_req()
+OCSP_sendreq_nbio(), OCSP_REQ_CTX_add1_header(), OCSP_REQ_CTX_i2d(),
+and OCSP_REQ_CTX_set1_req()
 return B<1> for success and B<0> for failure.
 
 OCSP_sendreq_bio() returns the B<OCSP_RESPONSE> structure sent by the
@@ -103,6 +124,10 @@ L<OCSP_REQUEST_new(3)>,
 L<OCSP_resp_find_status(3)>,
 L<OCSP_response_status(3)>
 
+=head1 HISTORY
+
+The OCSP_REQ_CTX_set1_req() function was deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in
index b702f607be..8422ecf451 100644
--- a/include/openssl/ocsp.h.in
+++ b/include/openssl/ocsp.h.in
@@ -198,8 +198,10 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
                                int maxline);
 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
 
-/* TODO: remove this (documented but) meanwhile obsolete function? */
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
+#  endif
 
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
                              const X509 *issuer);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index ca3d14ad64..c994e9774d 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -3334,7 +3334,7 @@ EVP_PKEY_meth_get_verify                3403	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 CRYPTO_128_wrap                         3404	3_0_0	EXIST::FUNCTION:
 X509_STORE_set_lookup_crls              3405	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_meth_get_ctrl                3406	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-OCSP_REQ_CTX_set1_req                   3407	3_0_0	EXIST::FUNCTION:OCSP
+OCSP_REQ_CTX_set1_req                   3407	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,OCSP
 CONF_imodule_get_usr_data               3408	3_0_0	EXIST::FUNCTION:
 CRYPTO_new_ex_data                      3409	3_0_0	EXIST::FUNCTION:
 PEM_read_PKCS8_PRIV_KEY_INFO            3410	3_0_0	EXIST::FUNCTION:STDIO
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index d56d428772..8a2c773e1d 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -805,7 +805,6 @@ OCSP_REQUEST_it(3)
 OCSP_REQUEST_print(3)
 OCSP_REQ_CTX_get0_mem_bio(3)
 OCSP_REQ_CTX_http(3)
-OCSP_REQ_CTX_i2d(3)
 OCSP_REQ_CTX_nbio(3)
 OCSP_REQ_CTX_nbio_d2i(3)
 OCSP_REQ_CTX_new(3)

More information about the openssl-commits mailing list