From a3c990bc8f1fde064c43ffefb311482cb87ecd54 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 2 Mar 2024 10:35:32 +0000
Subject: Remove X509V3_EXT extensibility API

You used to be able to define your own X.509 extension handlers. Great.
Even greater: the verifier would ignore any custom extensions. So this
was only ever useful for serialization and deserialization. In other
words, almost entirely pointless. The API was also unused except for
a hack in kore-acme, which was fixed recently.

ok jsing
---
 src/lib/libcrypto/x509/x509_lib.c | 36 +-----------------------------------
 src/lib/libcrypto/x509/x509v3.h   |  6 +-----
 2 files changed, 2 insertions(+), 40 deletions(-)

(limited to 'src/lib/libcrypto/x509')

diff --git a/src/lib/libcrypto/x509/x509_lib.c b/src/lib/libcrypto/x509/x509_lib.c
index 5ddfc37619..c5151d407e 100644
--- a/src/lib/libcrypto/x509/x509_lib.c
+++ b/src/lib/libcrypto/x509/x509_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lib.c,v 1.16 2024/01/25 15:09:22 tb Exp $ */
+/* $OpenBSD: x509_lib.c,v 1.17 2024/03/02 10:35:32 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -333,37 +333,3 @@ err:
 	return 0;
 }
 LCRYPTO_ALIAS(X509V3_add1_i2d);
-
-/*
- * XXX - remove all the functions below in the next major bump.
- */
-
-int
-X509V3_EXT_add(X509V3_EXT_METHOD *ext)
-{
-	X509V3error(ERR_R_DISABLED);
-	return 0;
-}
-LCRYPTO_ALIAS(X509V3_EXT_add);
-
-int
-X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
-{
-	X509V3error(ERR_R_DISABLED);
-	return 0;
-}
-LCRYPTO_ALIAS(X509V3_EXT_add_list);
-
-int
-X509V3_EXT_add_alias(int nid_to, int nid_from)
-{
-	X509V3error(ERR_R_DISABLED);
-	return 0;
-}
-LCRYPTO_ALIAS(X509V3_EXT_add_alias);
-
-void
-X509V3_EXT_cleanup(void)
-{
-}
-LCRYPTO_ALIAS(X509V3_EXT_cleanup);
diff --git a/src/lib/libcrypto/x509/x509v3.h b/src/lib/libcrypto/x509/x509v3.h
index f867cc38c3..676fd62c27 100644
--- a/src/lib/libcrypto/x509/x509v3.h
+++ b/src/lib/libcrypto/x509/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.25 2023/06/25 18:15:21 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.26 2024/03/02 10:35:32 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -692,10 +692,6 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
 char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
 char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
     const ASN1_ENUMERATED *aint);
-int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
-int X509V3_EXT_add_alias(int nid_to, int nid_from);
-void X509V3_EXT_cleanup(void);
 
 const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
 const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
-- 
cgit v1.2.3-55-g6feb