mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-14 04:24:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations

Browse Source 
The underlying functions remain and these are widely used.
This undoes the deprecation part of PR8442

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12001)
This commit is contained in:
Tim Hudson 2020-06-01 19:52:23 +10:00 committed by Tim Hudson
parent dc18e4ddfb
commit c7f837cfcc
9 changed files with 11 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGES.md
View File

@ -542,13 +542,6 @@ OpenSSL 3.0
- SSL_CTX_load_verify_dir()
- SSL_CTX_load_verify_store()
Also, the following functions are now deprecated:
- X509_STORE_load_locations() (use X509_STORE_load_file(),
X509_STORE_load_path() or X509_STORE_load_store() instead)
- SSL_CTX_load_verify_locations() (use SSL_CTX_load_verify_file(),
SSL_CTX_load_verify_dir() or SSL_CTX_load_verify_store() instead)
*Richard Levitte*
* Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.

3
crypto/x509/x509_d2.c
View File

@ -73,8 +73,6 @@ int X509_STORE_load_store(X509_STORE *ctx, const char *uri)
return 1;
}
/* Deprecated */
#ifndef OPENSSL_NO_DEPRECATED_3_0
int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
const char *path)
{
@ -86,4 +84,3 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
return 0;
return 1;
}
#endif

14
doc/man3/SSL_CTX_load_verify_locations.pod
View File

@ -22,20 +22,16 @@ SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations
int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath);
=head1 DESCRIPTION
SSL_CTX_load_verify_dir(), SSL_CTX_load_verify_file(),
SSL_CTX_load_verify_store() specifies the locations for B<ctx>, at
which CA certificates for verification purposes are located. The
certificates available via B<CAfile>, B<CApath> and B<CAstore> are
trusted.
SSL_CTX_load_verify_locations(), SSL_CTX_load_verify_dir(),
SSL_CTX_load_verify_file(), SSL_CTX_load_verify_store() specifies the
locations for B<ctx>, at which CA certificates for verification purposes
are located. The certificates available via B<CAfile>, B<CApath> and
B<CAstore> are trusted.
SSL_CTX_set_default_verify_paths() specifies that the default locations from
which CA certificates are loaded should be used. There is one default directory,

2
doc/man3/X509_STORE_add_cert.pod
View File

@ -32,8 +32,6 @@ X509_STORE_load_locations
int X509_STORE_load_path(X509_STORE *ctx, const char *dir);
int X509_STORE_load_store(X509_STORE *ctx, const char *uri);
Deprecated:
int X509_STORE_load_locations(X509_STORE *ctx,
const char *file, const char *dir);

4
include/openssl/ssl.h
View File

@ -2025,9 +2025,9 @@ __owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
__owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile);
__owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath);
__owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore);
DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
const char *CAfile,
const char *CApath))
const char *CApath);
# define SSL_get0_session SSL_get_session/* just peek at pointer */
__owur SSL_SESSION *SSL_get_session(const SSL *ssl);
__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */

4
include/openssl/x509_vfy.h
View File

@ -510,9 +510,9 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
int X509_STORE_load_file(X509_STORE *ctx, const char *file);
int X509_STORE_load_path(X509_STORE *ctx, const char *path);
int X509_STORE_load_store(X509_STORE *ctx, const char *store);
DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx,
int X509_STORE_load_locations(X509_STORE *ctx,
const char *file,
const char *dir))
const char *dir);
int X509_STORE_set_default_paths(X509_STORE *ctx);
#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \

2
ssl/ssl_lib.c
View File

@ -4339,7 +4339,6 @@ int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
return X509_STORE_load_store(ctx->cert_store, CAstore);
}
#ifndef OPENSSL_NO_DEPRECATED_3_0
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath)
{
@ -4351,7 +4350,6 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
return 0;
return 1;
}
#endif
void SSL_set_info_callback(SSL *ssl,
void (*cb) (const SSL *ssl, int type, int val))

2
util/libcrypto.num
View File

@ -2123,7 +2123,7 @@ X509_EXTENSION_create_by_NID 2168 3_0_0 EXIST::FUNCTION:
i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:RSA
d2i_CERTIFICATEPOLICIES 2170 3_0_0 EXIST::FUNCTION:
CMAC_CTX_get0_cipher_ctx 2171 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION:
OBJ_find_sigid_algs 2173 3_0_0 EXIST::FUNCTION:
TS_RESP_CTX_set_accuracy 2174 3_0_0 EXIST::FUNCTION:TS
NETSCAPE_SPKI_get_pubkey 2175 3_0_0 EXIST::FUNCTION:

2
util/libssl.num
View File

@ -354,7 +354,7 @@ SSL_set_session_id_context 354 3_0_0 EXIST::FUNCTION:
SSL_new 355 3_0_0 EXIST::FUNCTION:
TLSv1_1_method 356 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
SSL_CTX_get_cert_store 357 3_0_0 EXIST::FUNCTION:
SSL_CTX_load_verify_locations 358 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
SSL_CTX_load_verify_locations 358 3_0_0 EXIST::FUNCTION:
SSL_SESSION_print_fp 359 3_0_0 EXIST::FUNCTION:STDIO
SSL_get0_dane_tlsa 360 3_0_0 EXIST::FUNCTION:
SSL_CTX_set_generate_session_id 361 3_0_0 EXIST::FUNCTION: