Remove X509_check_trust() and some related defines

Someone thought it would be a good idea to append non-standard trust
information to the certs in the trust store. This API is used to
inspect that depending on the intended purpose of the cert. Only
M2Crypto thought it necessary to expose this. It was adjusted.

ok beck jsing

1 files changed, 1 insertions, 19 deletions

diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 856ad19ba4..3ab35d3d91 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.113 2024/08/28 07:15:04 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.114 2024/08/31 10:12:23 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -153,11 +153,6 @@ typedef struct x509_cinf_st X509_CINF;
 
 DECLARE_STACK_OF(X509)
 
-/* standard trust ids */
-
-/* OpenSSL changed this to 0 */
-#define X509_TRUST_DEFAULT      -1      /* Only valid in purpose settings */
-
 #define X509_TRUST_COMPAT       1
 #define X509_TRUST_SSL_CLIENT   2
 #define X509_TRUST_SSL_SERVER   3
@@ -171,17 +166,6 @@ DECLARE_STACK_OF(X509)
 #define X509_TRUST_MIN          1
 #define X509_TRUST_MAX          8
 
-
-/* trust_flags values */
-#define X509_TRUST_DYNAMIC      1
-#define X509_TRUST_DYNAMIC_NAME 2
-
-/* check_trust return codes */
-
-#define X509_TRUST_TRUSTED      1
-#define X509_TRUST_REJECTED     2
-#define X509_TRUST_UNTRUSTED    3
-
 /* Flags for X509_print_ex() */
 
 #define X509_FLAG_COMPAT                0
@@ -1013,8 +997,6 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype,
 int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk,
     int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub);
 
-int X509_check_trust(X509 *x, int id, int flags);
-
 int X509_up_ref(X509 *x);
 STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);