summaryrefslogtreecommitdiff
path: root/src/lib/libssl/bs_cbs.c
diff options
context:
space:
mode:
authortb <>2024-01-06 17:17:08 +0000
committertb <>2024-01-06 17:17:08 +0000
commit4d78f768d61979830158a1936a400d8de46c4bd8 (patch)
tree542d1e5cc853bc1b3fbe0eb77ff56e21067b795b /src/lib/libssl/bs_cbs.c
parent962a7fef1d4de496aba4a6e4ac65f3357a34139e (diff)
downloadopenbsd-4d78f768d61979830158a1936a400d8de46c4bd8.tar.gz
openbsd-4d78f768d61979830158a1936a400d8de46c4bd8.tar.bz2
openbsd-4d78f768d61979830158a1936a400d8de46c4bd8.zip
Remove X509_PURPOSE extensibility
Another bit of global state without lock protection. The by now familiar complications of a stack to make this user configurable, which, of course, no one ever did. The table is not currently const, and the API exposes its entries directly, so anyone can modify it. This fits very well with the safety guarantees of Rust's 'static lifetime, which is how rust-openssl exposes it (for no good reason). Remove the stack and make the X509_PURPOSE_add() API always fail. Simplify the other bits accordingly. In addition, this API inflicts the charming difference between purpose identifiers and purpose indexes (the former minus one) onto the user. Neither of the two obvious solutions to avoid this trap seems to have crossed the implementer's mind. ok jsing
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions