[openssl] master update

Tim Hudson tjh at openssl.org
Mon Jun 1 09:53:14 UTC 2020


The branch master has been updated
       via  c7f837cfcc5b2e5cd8eeeff82e0245323f206d02 (commit)
      from  dc18e4ddfbd55b738dd7ccd9347accf6c5b342f6 (commit)


- Log -----------------------------------------------------------------
commit c7f837cfcc5b2e5cd8eeeff82e0245323f206d02
Author: Tim Hudson <tjh at cryptsoft.com>
Date:   Mon Jun 1 19:52:23 2020 +1000

    undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations
    
    The underlying functions remain and these are widely used.
    This undoes the deprecation part of PR8442
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/12001)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                                 |  7 -------
 crypto/x509/x509_d2.c                      |  3 ---
 doc/man3/SSL_CTX_load_verify_locations.pod | 14 +++++---------
 doc/man3/X509_STORE_add_cert.pod           |  2 --
 include/openssl/ssl.h                      |  4 ++--
 include/openssl/x509_vfy.h                 |  4 ++--
 ssl/ssl_lib.c                              |  2 --
 util/libcrypto.num                         |  2 +-
 util/libssl.num                            |  2 +-
 9 files changed, 11 insertions(+), 29 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 10fd8d541d..241d6ca23c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -542,13 +542,6 @@ OpenSSL 3.0
    - SSL_CTX_load_verify_dir()
    - SSL_CTX_load_verify_store()
 
-   Also, the following functions are now deprecated:
-
-   - X509_STORE_load_locations() (use X509_STORE_load_file(),
-     X509_STORE_load_path() or X509_STORE_load_store() instead)
-   - SSL_CTX_load_verify_locations() (use SSL_CTX_load_verify_file(),
-     SSL_CTX_load_verify_dir() or SSL_CTX_load_verify_store() instead)
-
    *Richard Levitte*
 
  * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
index cb0f84a7e8..dec5f9d077 100644
--- a/crypto/x509/x509_d2.c
+++ b/crypto/x509/x509_d2.c
@@ -73,8 +73,6 @@ int X509_STORE_load_store(X509_STORE *ctx, const char *uri)
     return 1;
 }
 
-/* Deprecated */
-#ifndef OPENSSL_NO_DEPRECATED_3_0
 int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
                               const char *path)
 {
@@ -86,4 +84,3 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
         return 0;
     return 1;
 }
-#endif
diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod
index d28ec4c867..ecc75b72e0 100644
--- a/doc/man3/SSL_CTX_load_verify_locations.pod
+++ b/doc/man3/SSL_CTX_load_verify_locations.pod
@@ -22,20 +22,16 @@ SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations
  int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
  int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
 
-Deprecated since OpenSSL 3.0, can be hidden entirely by defining
-B<OPENSSL_API_COMPAT> with a suitable version value, see
-L<openssl_user_macros(7)>:
-
  int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                    const char *CApath);
 
 =head1 DESCRIPTION
 
-SSL_CTX_load_verify_dir(), SSL_CTX_load_verify_file(),
-SSL_CTX_load_verify_store() specifies the locations for B<ctx>, at
-which CA certificates for verification purposes are located. The
-certificates available via B<CAfile>, B<CApath> and B<CAstore> are
-trusted.
+SSL_CTX_load_verify_locations(), SSL_CTX_load_verify_dir(),
+SSL_CTX_load_verify_file(), SSL_CTX_load_verify_store() specifies the
+locations for B<ctx>, at which CA certificates for verification purposes
+are located. The certificates available via B<CAfile>, B<CApath> and
+B<CAstore> are trusted.
 
 SSL_CTX_set_default_verify_paths() specifies that the default locations from
 which CA certificates are loaded should be used. There is one default directory,
diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod
index d41f2ae5a6..ce50e368e7 100644
--- a/doc/man3/X509_STORE_add_cert.pod
+++ b/doc/man3/X509_STORE_add_cert.pod
@@ -32,8 +32,6 @@ X509_STORE_load_locations
  int X509_STORE_load_path(X509_STORE *ctx, const char *dir);
  int X509_STORE_load_store(X509_STORE *ctx, const char *uri);
 
-Deprecated:
-
  int X509_STORE_load_locations(X509_STORE *ctx,
                                const char *file, const char *dir);
 
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d1e9f7957d..0973f0688d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2025,9 +2025,9 @@ __owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
 __owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile);
 __owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath);
 __owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore);
-DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
+__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
                                                         const char *CAfile,
-                                                        const char *CApath))
+                                                        const char *CApath);
 # define SSL_get0_session SSL_get_session/* just peek at pointer */
 __owur SSL_SESSION *SSL_get_session(const SSL *ssl);
 __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 92aed08380..fda13502c3 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -510,9 +510,9 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 int X509_STORE_load_file(X509_STORE *ctx, const char *file);
 int X509_STORE_load_path(X509_STORE *ctx, const char *path);
 int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx,
+int X509_STORE_load_locations(X509_STORE *ctx,
                                                const char *file,
-                                               const char *dir))
+                                               const char *dir);
 int X509_STORE_set_default_paths(X509_STORE *ctx);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index dafec3d5c7..cb02129d9d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4339,7 +4339,6 @@ int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
     return X509_STORE_load_store(ctx->cert_store, CAstore);
 }
 
-#ifndef OPENSSL_NO_DEPRECATED_3_0
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                   const char *CApath)
 {
@@ -4351,7 +4350,6 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
         return 0;
     return 1;
 }
-#endif
 
 void SSL_set_info_callback(SSL *ssl,
                            void (*cb) (const SSL *ssl, int type, int val))
diff --git a/util/libcrypto.num b/util/libcrypto.num
index cc11651b76..1a51132387 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2123,7 +2123,7 @@ X509_EXTENSION_create_by_NID            2168	3_0_0	EXIST::FUNCTION:
 i2d_RSAPrivateKey                       2169	3_0_0	EXIST::FUNCTION:RSA
 d2i_CERTIFICATEPOLICIES                 2170	3_0_0	EXIST::FUNCTION:
 CMAC_CTX_get0_cipher_ctx                2171	3_0_0	EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
-X509_STORE_load_locations               2172	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+X509_STORE_load_locations               2172	3_0_0	EXIST::FUNCTION:
 OBJ_find_sigid_algs                     2173	3_0_0	EXIST::FUNCTION:
 TS_RESP_CTX_set_accuracy                2174	3_0_0	EXIST::FUNCTION:TS
 NETSCAPE_SPKI_get_pubkey                2175	3_0_0	EXIST::FUNCTION:
diff --git a/util/libssl.num b/util/libssl.num
index b8e0982daa..d638088dde 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -354,7 +354,7 @@ SSL_set_session_id_context              354	3_0_0	EXIST::FUNCTION:
 SSL_new                                 355	3_0_0	EXIST::FUNCTION:
 TLSv1_1_method                          356	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
 SSL_CTX_get_cert_store                  357	3_0_0	EXIST::FUNCTION:
-SSL_CTX_load_verify_locations           358	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
+SSL_CTX_load_verify_locations           358	3_0_0	EXIST::FUNCTION:
 SSL_SESSION_print_fp                    359	3_0_0	EXIST::FUNCTION:STDIO
 SSL_get0_dane_tlsa                      360	3_0_0	EXIST::FUNCTION:
 SSL_CTX_set_generate_session_id         361	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list