Deprecate OCSP_REQ_CTX_set1_req

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13620)

crypto/ocsp/ocsp_http.c

@@ -13,11 +13,13 @@
 
 #ifndef OPENSSL_NO_OCSP
 
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req)
 {
     return OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request",
                             ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req);
 }
+# endif
 
 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
                                int maxline)

doc/man3/OCSP_sendreq_new.pod

@@ -23,10 +23,14 @@ OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
  int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
                               const char *name, const char *value);
 
- int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
-
  OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
+ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
+
 =head1 DESCRIPTION
 
 The function OCSP_sendreq_new() returns an B<OCSP_CTX> structure using the
@@ -50,13 +54,13 @@ It B<MUST> be called before any calls to OCSP_sendreq_nbio(). The B<req>
 parameter in the initial to OCSP_sendreq_new() call MUST be set to B<NULL> if
 additional headers are set.
 
-OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This
-function should be called after any calls to OCSP_REQ_CTX_add1_header().
-
 OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL
 path B<path>, the OCSP request B<req> and with a response header maximum line
 length 4k. It waits indefinitely on a response.
 
+OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This
+function should be called after any calls to OCSP_REQ_CTX_add1_header().
+
 =head1 RETURN VALUES
 
 OCSP_sendreq_new() returns a valid B<OCSP_REQ_CTX> structure or B<NULL>
@@ -103,6 +107,10 @@ L<OCSP_REQUEST_new(3)>,
 L<OCSP_resp_find_status(3)>,
 L<OCSP_response_status(3)>
 
+=head1 HISTORY
+
+The OCSP_REQ_CTX_set1_req() function was deprecated in OpenSSL 3.0.
+
 =head1 COPYRIGHT
 
 Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.

include/openssl/ocsp.h.in

@@ -198,8 +198,10 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
                                int maxline);
 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
 
-/* TODO: remove this (documented but) meanwhile obsolete function? */
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+OSSL_DEPRECATEDIN_3_0
 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
+#  endif
 
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
                              const X509 *issuer);

util/libcrypto.num

@@ -3334,7 +3334,7 @@ EVP_PKEY_meth_get_verify                3403	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_
 CRYPTO_128_wrap                         3404	3_0_0	EXIST::FUNCTION:
 X509_STORE_set_lookup_crls              3405	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_meth_get_ctrl                3406	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0
-OCSP_REQ_CTX_set1_req                   3407	3_0_0	EXIST::FUNCTION:OCSP
+OCSP_REQ_CTX_set1_req                   3407	3_0_0	EXIST::FUNCTION:DEPRECATEDIN_3_0,OCSP
 CONF_imodule_get_usr_data               3408	3_0_0	EXIST::FUNCTION:
 CRYPTO_new_ex_data                      3409	3_0_0	EXIST::FUNCTION:
 PEM_read_PKCS8_PRIV_KEY_INFO            3410	3_0_0	EXIST::FUNCTION:STDIO