From c92ddde3194a70c609ab5dd8987a10b6cf10c12f Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 31 Aug 2024 09:56:50 +0000 Subject: Retire X509V3_EXT_{,CRL_,REQ_}add_conf() Fortunately all projects who want to configure their extensions using a dangerous string DSL/API figured out the fact that one was supposed to be using the nconf version of these (the hint is the 'n', as in new). ok beck jsing --- src/lib/libcrypto/Symbols.list | 3 --- src/lib/libcrypto/hidden/openssl/x509v3.h | 5 +---- src/lib/libcrypto/x509/x509_conf.c | 29 +---------------------------- src/lib/libcrypto/x509/x509v3.h | 8 +------- 4 files changed, 3 insertions(+), 42 deletions(-) diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list index 31e9480c0d..c5187d65ee 100644 --- a/src/lib/libcrypto/Symbols.list +++ b/src/lib/libcrypto/Symbols.list @@ -2352,11 +2352,8 @@ WHIRLPOOL_Init WHIRLPOOL_Update X25519 X25519_keypair -X509V3_EXT_CRL_add_conf X509V3_EXT_CRL_add_nconf -X509V3_EXT_REQ_add_conf X509V3_EXT_REQ_add_nconf -X509V3_EXT_add_conf X509V3_EXT_add_nconf X509V3_EXT_add_nconf_sk X509V3_EXT_conf diff --git a/src/lib/libcrypto/hidden/openssl/x509v3.h b/src/lib/libcrypto/hidden/openssl/x509v3.h index d0d4e97ec9..5912726791 100644 --- a/src/lib/libcrypto/hidden/openssl/x509v3.h +++ b/src/lib/libcrypto/hidden/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.12 2024/08/28 08:59:03 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.13 2024/08/31 09:56:50 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -139,9 +139,6 @@ LCRYPTO_USED(X509V3_EXT_REQ_add_nconf); LCRYPTO_USED(X509V3_EXT_CRL_add_nconf); LCRYPTO_USED(X509V3_EXT_conf_nid); LCRYPTO_USED(X509V3_EXT_conf); -LCRYPTO_UNUSED(X509V3_EXT_add_conf); -LCRYPTO_UNUSED(X509V3_EXT_REQ_add_conf); -LCRYPTO_UNUSED(X509V3_EXT_CRL_add_conf); LCRYPTO_USED(X509V3_add_value_bool_nf); LCRYPTO_USED(X509V3_get_value_bool); LCRYPTO_USED(X509V3_get_value_int); diff --git a/src/lib/libcrypto/x509/x509_conf.c b/src/lib/libcrypto/x509/x509_conf.c index 27f89072c8..dee9bf65e0 100644 --- a/src/lib/libcrypto/x509/x509_conf.c +++ b/src/lib/libcrypto/x509/x509_conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_conf.c,v 1.23 2024/08/31 09:21:44 tb Exp $ */ +/* $OpenBSD: x509_conf.c,v 1.24 2024/08/31 09:56:50 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -489,30 +489,3 @@ X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) { } LCRYPTO_ALIAS(X509V3_set_conf_lhash); - -int -X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509 *cert) -{ - X509V3error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509V3_EXT_add_conf); - -int -X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_CRL *crl) -{ - X509V3error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509V3_EXT_CRL_add_conf); - -int -X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_REQ *req) -{ - X509V3error(ERR_R_DISABLED); - return 0; -} -LCRYPTO_ALIAS(X509V3_EXT_REQ_add_conf); diff --git a/src/lib/libcrypto/x509/x509v3.h b/src/lib/libcrypto/x509/x509v3.h index b38e175954..6470f059ee 100644 --- a/src/lib/libcrypto/x509/x509v3.h +++ b/src/lib/libcrypto/x509/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.30 2024/08/28 08:22:57 tb Exp $ */ +/* $OpenBSD: x509v3.h,v 1.31 2024/08/31 09:56:50 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -647,12 +647,6 @@ X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid, const char *value); X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name, const char *value); -int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509 *cert); -int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_REQ *req); -int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_CRL *crl); int X509V3_add_value_bool_nf(const char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist); -- cgit v1.2.3-55-g6feb