A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.9.2 2024-03-02T11:37:13+00:00 2024-03-02T11:37:13+00:00 tb 2024-03-02T11:37:13+00:00 urn:sha1:17579c0eb7910d89f824a0cb4f9967d3af8a04ac With ERR_STATE out of the way, we can make CRYPTO_THREADID opaque. The type is still accessed by used public API, but some of the public API can also go away. ok jsing 2024-03-02T11:32:31+00:00 tb 2024-03-02T11:32:31+00:00 urn:sha1:442f5bad00cacf2ea72b97c3bdfe8b35b23ada3c Long time neutered, only used (pointlessly without error checking) in the error code until very recently. ok jsing 2024-03-02T11:28:46+00:00 tb 2024-03-02T11:28:46+00:00 urn:sha1:0b6deb78b28f14c6fe58749806ff4e6774c9cbe9 This was neutered early on in the fork and has been rotting ever since. Some parts of the API are still used, but it's easier to clean up when most of the mess is gone. ok jsing 2024-03-02T11:20:36+00:00 tb 2024-03-02T11:20:36+00:00 urn:sha1:b56b72805aa516348080e8769435cb6cae2c3c5d This API intends to find the closest match to the needle. M2Crypto exposes it because it can. This will be fixed by patching the port. ok jsing 2024-03-02T11:04:52+00:00 tb 2024-03-02T11:04:52+00:00 urn:sha1:792421b3f220abcbd1405485edc9bf6b39485769 This could have been removed in an earlier bump. Now it's time for it to say goodbye. ok jsing 2024-03-02T10:57:03+00:00 tb 2024-03-02T10:57:03+00:00 urn:sha1:71f803228f85a85e040f88d8df2af4393f0d64c6 Yet another bit of extensibility that no one ever really used. X509_LOOKUP_free() needs to stay because of ... rust-openssl (and kdelibs4support). ok jsing 2024-03-02T10:48:17+00:00 tb 2024-03-02T10:48:17+00:00 urn:sha1:bd61e1e1013cfd2b6462e4fbf774072eb184c44c Another thing that should never have leaked out of the library. It will become internal entirely, where the code can be simplified greatly. ok jsing 2024-03-02T10:40:05+00:00 tb 2024-03-02T10:40:05+00:00 urn:sha1:7b018fc829c78dbce4b7cd8a28aa798b3e03d6a4 Most of this is the ability to add custom purposes. Also the astounding X509_STORE_CTX_purpose_inherit(). The names are used by PHP, and M2Crypto exposes X509_check_purpose(), so these remain public. Some weird, most likely invalid, uses also remain in rust-openssl. ok jsing 2024-03-02T10:35:32+00:00 tb 2024-03-02T10:35:32+00:00 urn:sha1:a3c990bc8f1fde064c43ffefb311482cb87ecd54 You used to be able to define your own X.509 extension handlers. Great. Even greater: the verifier would ignore any custom extensions. So this was only ever useful for serialization and deserialization. In other words, almost entirely pointless. The API was also unused except for a hack in kore-acme, which was fixed recently. ok jsing 2024-03-02T10:30:48+00:00 tb 2024-03-02T10:30:48+00:00 urn:sha1:d23ca349fd2e45b2231f05fba70d31bc44134e14 The ERR_STATE struct is an unused implementation detail of the horrific error stack code. It is the last public consumer of CRYPTO_THREAD internals. Make this and its accessor internal so we can make the CRYPTO_THREAD struct opaque. ok jsing