[openssl] master update
Tim Hudson
tjh at openssl.org
Mon Jun 1 09:53:14 UTC 2020
The branch master has been updated
via c7f837cfcc5b2e5cd8eeeff82e0245323f206d02 (commit)
from dc18e4ddfbd55b738dd7ccd9347accf6c5b342f6 (commit)
- Log -----------------------------------------------------------------
commit c7f837cfcc5b2e5cd8eeeff82e0245323f206d02
Author: Tim Hudson <tjh at cryptsoft.com>
Date: Mon Jun 1 19:52:23 2020 +1000
undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations
The underlying functions remain and these are widely used.
This undoes the deprecation part of PR8442
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12001)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 7 -------
crypto/x509/x509_d2.c | 3 ---
doc/man3/SSL_CTX_load_verify_locations.pod | 14 +++++---------
doc/man3/X509_STORE_add_cert.pod | 2 --
include/openssl/ssl.h | 4 ++--
include/openssl/x509_vfy.h | 4 ++--
ssl/ssl_lib.c | 2 --
util/libcrypto.num | 2 +-
util/libssl.num | 2 +-
9 files changed, 11 insertions(+), 29 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 10fd8d541d..241d6ca23c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -542,13 +542,6 @@ OpenSSL 3.0
- SSL_CTX_load_verify_dir()
- SSL_CTX_load_verify_store()
- Also, the following functions are now deprecated:
-
- - X509_STORE_load_locations() (use X509_STORE_load_file(),
- X509_STORE_load_path() or X509_STORE_load_store() instead)
- - SSL_CTX_load_verify_locations() (use SSL_CTX_load_verify_file(),
- SSL_CTX_load_verify_dir() or SSL_CTX_load_verify_store() instead)
-
*Richard Levitte*
* Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
index cb0f84a7e8..dec5f9d077 100644
--- a/crypto/x509/x509_d2.c
+++ b/crypto/x509/x509_d2.c
@@ -73,8 +73,6 @@ int X509_STORE_load_store(X509_STORE *ctx, const char *uri)
return 1;
}
-/* Deprecated */
-#ifndef OPENSSL_NO_DEPRECATED_3_0
int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
const char *path)
{
@@ -86,4 +84,3 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
return 0;
return 1;
}
-#endif
diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod
index d28ec4c867..ecc75b72e0 100644
--- a/doc/man3/SSL_CTX_load_verify_locations.pod
+++ b/doc/man3/SSL_CTX_load_verify_locations.pod
@@ -22,20 +22,16 @@ SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations
int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
-Deprecated since OpenSSL 3.0, can be hidden entirely by defining
-B<OPENSSL_API_COMPAT> with a suitable version value, see
-L<openssl_user_macros(7)>:
-
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath);
=head1 DESCRIPTION
-SSL_CTX_load_verify_dir(), SSL_CTX_load_verify_file(),
-SSL_CTX_load_verify_store() specifies the locations for B<ctx>, at
-which CA certificates for verification purposes are located. The
-certificates available via B<CAfile>, B<CApath> and B<CAstore> are
-trusted.
+SSL_CTX_load_verify_locations(), SSL_CTX_load_verify_dir(),
+SSL_CTX_load_verify_file(), SSL_CTX_load_verify_store() specifies the
+locations for B<ctx>, at which CA certificates for verification purposes
+are located. The certificates available via B<CAfile>, B<CApath> and
+B<CAstore> are trusted.
SSL_CTX_set_default_verify_paths() specifies that the default locations from
which CA certificates are loaded should be used. There is one default directory,
diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod
index d41f2ae5a6..ce50e368e7 100644
--- a/doc/man3/X509_STORE_add_cert.pod
+++ b/doc/man3/X509_STORE_add_cert.pod
@@ -32,8 +32,6 @@ X509_STORE_load_locations
int X509_STORE_load_path(X509_STORE *ctx, const char *dir);
int X509_STORE_load_store(X509_STORE *ctx, const char *uri);
-Deprecated:
-
int X509_STORE_load_locations(X509_STORE *ctx,
const char *file, const char *dir);
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d1e9f7957d..0973f0688d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2025,9 +2025,9 @@ __owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
__owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile);
__owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath);
__owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore);
-DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
+__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
const char *CAfile,
- const char *CApath))
+ const char *CApath);
# define SSL_get0_session SSL_get_session/* just peek at pointer */
__owur SSL_SESSION *SSL_get_session(const SSL *ssl);
__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 92aed08380..fda13502c3 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -510,9 +510,9 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
int X509_STORE_load_file(X509_STORE *ctx, const char *file);
int X509_STORE_load_path(X509_STORE *ctx, const char *path);
int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx,
+int X509_STORE_load_locations(X509_STORE *ctx,
const char *file,
- const char *dir))
+ const char *dir);
int X509_STORE_set_default_paths(X509_STORE *ctx);
#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index dafec3d5c7..cb02129d9d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4339,7 +4339,6 @@ int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
return X509_STORE_load_store(ctx->cert_store, CAstore);
}
-#ifndef OPENSSL_NO_DEPRECATED_3_0
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath)
{
@@ -4351,7 +4350,6 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
return 0;
return 1;
}
-#endif
void SSL_set_info_callback(SSL *ssl,
void (*cb) (const SSL *ssl, int type, int val))
diff --git a/util/libcrypto.num b/util/libcrypto.num
index cc11651b76..1a51132387 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2123,7 +2123,7 @@ X509_EXTENSION_create_by_NID 2168 3_0_0 EXIST::FUNCTION:
i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:RSA
d2i_CERTIFICATEPOLICIES 2170 3_0_0 EXIST::FUNCTION:
CMAC_CTX_get0_cipher_ctx 2171 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
-X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION:
OBJ_find_sigid_algs 2173 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_set_accuracy 2174 3_0_0 EXIST::FUNCTION:TS
NETSCAPE_SPKI_get_pubkey 2175 3_0_0 EXIST::FUNCTION:
diff --git a/util/libssl.num b/util/libssl.num
index b8e0982daa..d638088dde 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -354,7 +354,7 @@ SSL_set_session_id_context 354 3_0_0 EXIST::FUNCTION:
SSL_new 355 3_0_0 EXIST::FUNCTION:
TLSv1_1_method 356 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
SSL_CTX_get_cert_store 357 3_0_0 EXIST::FUNCTION:
-SSL_CTX_load_verify_locations 358 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
+SSL_CTX_load_verify_locations 358 3_0_0 EXIST::FUNCTION:
SSL_SESSION_print_fp 359 3_0_0 EXIST::FUNCTION:STDIO
SSL_get0_dane_tlsa 360 3_0_0 EXIST::FUNCTION:
SSL_CTX_set_generate_session_id 361 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list