openbsd/src/lib/libcrypto/x509, branch OPENBSD_7

openbsd/src/lib/libcrypto/x509, branch OPENBSD_7_5 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_5 2024-03-02T11:20:36+00:00 Remove sk_find_ex() 2024-03-02T11:20:36+00:00 tb 2024-03-02T11:20:36+00:00 urn:sha1:b56b72805aa516348080e8769435cb6cae2c3c5d This API intends to find the closest match to the needle. M2Crypto exposes it because it can. This will be fixed by patching the port. ok jsing Make LHASH_OF() and STACK_OF() use opaque structs 2024-03-02T11:11:11+00:00 tb 2024-03-02T11:11:11+00:00 urn:sha1:26367add3db68a3e89bda58a3c85174507f8e71a This removes internals of these two special snowflakes and will allow further simplifications. Unfortunately, there are some pieces of software that actually use LHASH_OF() (looking at you, pound, Ruby, and openssl(1)), so we get to keep exposing this garbage, at least for now. Expose lh_error() as a symbol to replace a macro reaching into _LHASH. lh_down_load() is no longer available. _LHASH and _STACK are now opaque, LHASH_NODE becomes internal-only. from jsing Remove X509_CRL_METHOD API 2024-03-02T10:59:41+00:00 tb 2024-03-02T10:59:41+00:00 urn:sha1:af88f8de5f2275485734ca59b90ee42b81b76688 I would keep repeating myself... In the bit bucket you go. ok jsing Garbage collect most of the public LOOKUP API 2024-03-02T10:57:03+00:00 tb 2024-03-02T10:57:03+00:00 urn:sha1:71f803228f85a85e040f88d8df2af4393f0d64c6 Yet another bit of extensibility that no one ever really used. X509_LOOKUP_free() needs to stay because of ... rust-openssl (and kdelibs4support). ok jsing Expose X509_STORE_get1_objects() 2024-03-02T10:54:39+00:00 tb 2024-03-02T10:54:39+00:00 urn:sha1:674fe4ef9bc076029351013b920100f4c1cbfb40 Safer replacement API for the unsafe X509_STORE_get0_objects(). ok jsing Make X509_CERT_AUX internal 2024-03-02T10:52:24+00:00 tb 2024-03-02T10:52:24+00:00 urn:sha1:e6bd45a92fad0a48bfefcef615d89af3225724c4 Another struct/API that should never have leaked out of the library. ok jsing Remove X509_TRUST from the public API 2024-03-02T10:50:26+00:00 tb 2024-03-02T10:50:26+00:00 urn:sha1:a13c3d8a59554d7330ef94cc9d8a5049fb8602fe With API and other users internal, this struct can now go. ok jsing Remove DECLARE_STACK_OF(X509_TRUST) 2024-03-02T10:49:03+00:00 tb 2024-03-02T10:49:03+00:00 urn:sha1:2870b50968a01fdfa5f8d86f84057dad1464712d Unused since the extensibility was neutered. ok jsing Remove unused public X509_TRUST API 2024-03-02T10:48:17+00:00 tb 2024-03-02T10:48:17+00:00 urn:sha1:bd61e1e1013cfd2b6462e4fbf774072eb184c44c Another thing that should never have leaked out of the library. It will become internal entirely, where the code can be simplified greatly. ok jsing const correct X509_PURPOSE_get0{,_{,s}name}() 2024-03-02T10:43:52+00:00 tb 2024-03-02T10:43:52+00:00 urn:sha1:83f478fb201e647181d2250ce31e9359bdca5065 Unfortunately, PHP and rust-openssl still need this API. At least we can make the table read-only now since we disabled its extensibility. ok jsing