root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations 

The underlying functions remain and these are widely used.
This undoes the deprecation part of PR8442

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12001)
This commit is contained in:
Tim Hudson 2020-06-01 19:52:23 +10:00 committed by Tim Hudson
parent dc18e4ddfb
commit c7f837cfcc
9 changed files with 11 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGES.md
View File

@ -542,13 +542,6 @@ OpenSSL 3.0
- SSL_CTX_load_verify_dir() - SSL_CTX_load_verify_dir()
- SSL_CTX_load_verify_store() - SSL_CTX_load_verify_store()
Also, the following functions are now deprecated:
- X509_STORE_load_locations() (use X509_STORE_load_file(),
X509_STORE_load_path() or X509_STORE_load_store() instead)
- SSL_CTX_load_verify_locations() (use SSL_CTX_load_verify_file(),
SSL_CTX_load_verify_dir() or SSL_CTX_load_verify_store() instead)
*Richard Levitte* *Richard Levitte*
* Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.

3
crypto/x509/x509_d2.c
View File

@ -73,8 +73,6 @@ int X509_STORE_load_store(X509_STORE *ctx, const char *uri)
return 1; return 1;
} }
/* Deprecated */
#ifndef OPENSSL_NO_DEPRECATED_3_0
int X509_STORE_load_locations(X509_STORE *ctx, const char *file, int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
const char *path) const char *path)
{ {
@ -86,4 +84,3 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
return 0; return 0;
return 1; return 1;
} }
#endif

14
doc/man3/SSL_CTX_load_verify_locations.pod
View File

@ -22,20 +22,16 @@ SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations
int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath); const char *CApath);
=head1 DESCRIPTION =head1 DESCRIPTION
SSL_CTX_load_verify_dir(), SSL_CTX_load_verify_file(), SSL_CTX_load_verify_locations(), SSL_CTX_load_verify_dir(),
SSL_CTX_load_verify_store() specifies the locations for B<ctx>, at SSL_CTX_load_verify_file(), SSL_CTX_load_verify_store() specifies the
which CA certificates for verification purposes are located. The locations for B<ctx>, at which CA certificates for verification purposes
certificates available via B<CAfile>, B<CApath> and B<CAstore> are are located. The certificates available via B<CAfile>, B<CApath> and
trusted. B<CAstore> are trusted.
SSL_CTX_set_default_verify_paths() specifies that the default locations from SSL_CTX_set_default_verify_paths() specifies that the default locations from
which CA certificates are loaded should be used. There is one default directory, which CA certificates are loaded should be used. There is one default directory,

2
doc/man3/X509_STORE_add_cert.pod
View File

@ -32,8 +32,6 @@ X509_STORE_load_locations
int X509_STORE_load_path(X509_STORE *ctx, const char *dir); int X509_STORE_load_path(X509_STORE *ctx, const char *dir);
int X509_STORE_load_store(X509_STORE *ctx, const char *uri); int X509_STORE_load_store(X509_STORE *ctx, const char *uri);
Deprecated:
int X509_STORE_load_locations(X509_STORE *ctx, int X509_STORE_load_locations(X509_STORE *ctx,
const char *file, const char *dir); const char *file, const char *dir);

4
include/openssl/ssl.h
View File

@ -2025,9 +2025,9 @@ __owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
__owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); __owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile);
__owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); __owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath);
__owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); __owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore);
DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, __owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
const char *CAfile, const char *CAfile,
const char *CApath)) const char *CApath);
# define SSL_get0_session SSL_get_session/* just peek at pointer */ # define SSL_get0_session SSL_get_session/* just peek at pointer */
__owur SSL_SESSION *SSL_get_session(const SSL *ssl); __owur SSL_SESSION *SSL_get_session(const SSL *ssl);
__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */

4
include/openssl/x509_vfy.h
View File

@ -510,9 +510,9 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
int X509_STORE_load_file(X509_STORE *ctx, const char *file); int X509_STORE_load_file(X509_STORE *ctx, const char *file);
int X509_STORE_load_path(X509_STORE *ctx, const char *path); int X509_STORE_load_path(X509_STORE *ctx, const char *path);
int X509_STORE_load_store(X509_STORE *ctx, const char *store); int X509_STORE_load_store(X509_STORE *ctx, const char *store);
DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx, int X509_STORE_load_locations(X509_STORE *ctx,
const char *file, const char *file,
const char *dir)) const char *dir);
int X509_STORE_set_default_paths(X509_STORE *ctx); int X509_STORE_set_default_paths(X509_STORE *ctx);
#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \

2
ssl/ssl_lib.c
View File

@ -4339,7 +4339,6 @@ int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
return X509_STORE_load_store(ctx->cert_store, CAstore); return X509_STORE_load_store(ctx->cert_store, CAstore);
} }
#ifndef OPENSSL_NO_DEPRECATED_3_0
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath) const char *CApath)
{ {
@ -4351,7 +4350,6 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
return 0; return 0;
return 1; return 1;
} }
#endif
void SSL_set_info_callback(SSL *ssl, void SSL_set_info_callback(SSL *ssl,
void (*cb) (const SSL *ssl, int type, int val)) void (*cb) (const SSL *ssl, int type, int val))

2
util/libcrypto.num
View File

@ -2123,7 +2123,7 @@ X509_EXTENSION_create_by_NID 2168 3_0_0 EXIST::FUNCTION:
i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:RSA i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:RSA
d2i_CERTIFICATEPOLICIES 2170 3_0_0 EXIST::FUNCTION: d2i_CERTIFICATEPOLICIES 2170 3_0_0 EXIST::FUNCTION:
CMAC_CTX_get0_cipher_ctx 2171 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0 CMAC_CTX_get0_cipher_ctx 2171 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION:
OBJ_find_sigid_algs 2173 3_0_0 EXIST::FUNCTION: OBJ_find_sigid_algs 2173 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_set_accuracy 2174 3_0_0 EXIST::FUNCTION:TS TS_RESP_CTX_set_accuracy 2174 3_0_0 EXIST::FUNCTION:TS
NETSCAPE_SPKI_get_pubkey 2175 3_0_0 EXIST::FUNCTION: NETSCAPE_SPKI_get_pubkey 2175 3_0_0 EXIST::FUNCTION:

2
util/libssl.num
View File

@ -354,7 +354,7 @@ SSL_set_session_id_context 354 3_0_0 EXIST::FUNCTION:
SSL_new 355 3_0_0 EXIST::FUNCTION: SSL_new 355 3_0_0 EXIST::FUNCTION:
TLSv1_1_method 356 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD TLSv1_1_method 356 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
SSL_CTX_get_cert_store 357 3_0_0 EXIST::FUNCTION: SSL_CTX_get_cert_store 357 3_0_0 EXIST::FUNCTION:
SSL_CTX_load_verify_locations 358 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 SSL_CTX_load_verify_locations 358 3_0_0 EXIST::FUNCTION:
SSL_SESSION_print_fp 359 3_0_0 EXIST::FUNCTION:STDIO SSL_SESSION_print_fp 359 3_0_0 EXIST::FUNCTION:STDIO
SSL_get0_dane_tlsa 360 3_0_0 EXIST::FUNCTION: SSL_get0_dane_tlsa 360 3_0_0 EXIST::FUNCTION:
SSL_CTX_set_generate_session_id 361 3_0_0 EXIST::FUNCTION: SSL_CTX_set_generate_session_id 361 3_0_0 EXIST::FUNCTION: