From c7f837cfcc5b2e5cd8eeeff82e0245323f206d02 Mon Sep 17 00:00:00 2001 From: Tim Hudson Date: Mon, 1 Jun 2020 19:52:23 +1000 Subject: [PATCH] undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations The underlying functions remain and these are widely used. This undoes the deprecation part of PR8442 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12001) --- CHANGES.md | 7 ------- crypto/x509/x509_d2.c | 3 --- doc/man3/SSL_CTX_load_verify_locations.pod | 14 +++++--------- doc/man3/X509_STORE_add_cert.pod | 2 -- include/openssl/ssl.h | 4 ++-- include/openssl/x509_vfy.h | 4 ++-- ssl/ssl_lib.c | 2 -- util/libcrypto.num | 2 +- util/libssl.num | 2 +- 9 files changed, 11 insertions(+), 29 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 10fd8d541d..241d6ca23c 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -542,13 +542,6 @@ OpenSSL 3.0 - SSL_CTX_load_verify_dir() - SSL_CTX_load_verify_store() - Also, the following functions are now deprecated: - - - X509_STORE_load_locations() (use X509_STORE_load_file(), - X509_STORE_load_path() or X509_STORE_load_store() instead) - - SSL_CTX_load_verify_locations() (use SSL_CTX_load_verify_file(), - SSL_CTX_load_verify_dir() or SSL_CTX_load_verify_store() instead) - *Richard Levitte* * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c index cb0f84a7e8..dec5f9d077 100644 --- a/crypto/x509/x509_d2.c +++ b/crypto/x509/x509_d2.c @@ -73,8 +73,6 @@ int X509_STORE_load_store(X509_STORE *ctx, const char *uri) return 1; } -/* Deprecated */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *path) { @@ -86,4 +84,3 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file, return 0; return 1; } -#endif diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod index d28ec4c867..ecc75b72e0 100644 --- a/doc/man3/SSL_CTX_load_verify_locations.pod +++ b/doc/man3/SSL_CTX_load_verify_locations.pod @@ -22,20 +22,16 @@ SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); -Deprecated since OpenSSL 3.0, can be hidden entirely by defining -B with a suitable version value, see -L: - int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); =head1 DESCRIPTION -SSL_CTX_load_verify_dir(), SSL_CTX_load_verify_file(), -SSL_CTX_load_verify_store() specifies the locations for B, at -which CA certificates for verification purposes are located. The -certificates available via B, B and B are -trusted. +SSL_CTX_load_verify_locations(), SSL_CTX_load_verify_dir(), +SSL_CTX_load_verify_file(), SSL_CTX_load_verify_store() specifies the +locations for B, at which CA certificates for verification purposes +are located. The certificates available via B, B and +B are trusted. SSL_CTX_set_default_verify_paths() specifies that the default locations from which CA certificates are loaded should be used. There is one default directory, diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod index d41f2ae5a6..ce50e368e7 100644 --- a/doc/man3/X509_STORE_add_cert.pod +++ b/doc/man3/X509_STORE_add_cert.pod @@ -32,8 +32,6 @@ X509_STORE_load_locations int X509_STORE_load_path(X509_STORE *ctx, const char *dir); int X509_STORE_load_store(X509_STORE *ctx, const char *uri); -Deprecated: - int X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *dir); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d1e9f7957d..0973f0688d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2025,9 +2025,9 @@ __owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx); __owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile); __owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath); __owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore); -DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, +__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath)) + const char *CApath); # define SSL_get0_session SSL_get_session/* just peek at pointer */ __owur SSL_SESSION *SSL_get_session(const SSL *ssl); __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 92aed08380..fda13502c3 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -510,9 +510,9 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); int X509_STORE_load_file(X509_STORE *ctx, const char *file); int X509_STORE_load_path(X509_STORE *ctx, const char *path); int X509_STORE_load_store(X509_STORE *ctx, const char *store); -DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx, +int X509_STORE_load_locations(X509_STORE *ctx, const char *file, - const char *dir)) + const char *dir); int X509_STORE_set_default_paths(X509_STORE *ctx); #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index dafec3d5c7..cb02129d9d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -4339,7 +4339,6 @@ int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore) return X509_STORE_load_store(ctx->cert_store, CAstore); } -#ifndef OPENSSL_NO_DEPRECATED_3_0 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath) { @@ -4351,7 +4350,6 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, return 0; return 1; } -#endif void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)) diff --git a/util/libcrypto.num b/util/libcrypto.num index cc11651b76..1a51132387 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -2123,7 +2123,7 @@ X509_EXTENSION_create_by_NID 2168 3_0_0 EXIST::FUNCTION: i2d_RSAPrivateKey 2169 3_0_0 EXIST::FUNCTION:RSA d2i_CERTIFICATEPOLICIES 2170 3_0_0 EXIST::FUNCTION: CMAC_CTX_get0_cipher_ctx 2171 3_0_0 EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0 -X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +X509_STORE_load_locations 2172 3_0_0 EXIST::FUNCTION: OBJ_find_sigid_algs 2173 3_0_0 EXIST::FUNCTION: TS_RESP_CTX_set_accuracy 2174 3_0_0 EXIST::FUNCTION:TS NETSCAPE_SPKI_get_pubkey 2175 3_0_0 EXIST::FUNCTION: diff --git a/util/libssl.num b/util/libssl.num index b8e0982daa..d638088dde 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -354,7 +354,7 @@ SSL_set_session_id_context 354 3_0_0 EXIST::FUNCTION: SSL_new 355 3_0_0 EXIST::FUNCTION: TLSv1_1_method 356 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD SSL_CTX_get_cert_store 357 3_0_0 EXIST::FUNCTION: -SSL_CTX_load_verify_locations 358 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 +SSL_CTX_load_verify_locations 358 3_0_0 EXIST::FUNCTION: SSL_SESSION_print_fp 359 3_0_0 EXIST::FUNCTION:STDIO SSL_get0_dane_tlsa 360 3_0_0 EXIST::FUNCTION: SSL_CTX_set_generate_session_id 361 3_0_0 EXIST::FUNCTION: -- 2.25.1