Deprecate X509{,_CRL}_http_nbio() and simplify their definition

This is done by making use of OCSP_REQ_CTX_nbio_d2i().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15131)

diff --git a/CHANGES.md b/CHANGES.md
index 6e89f9814c681ec8910fefb6576dee57dc14b114..5c696ff65ad51d044ddc06a2d26f30d0e703742e 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -355,6 +355,11 @@ OpenSSL 3.0
 
    *Rich Salz and Richard Levitte*
 
+ * Deprecated `X509_http_nbio()` and `X509_CRL_http_nbio()`,
+   which are superseded by `X509_load_http()` and `X509_CRL_load_http()`.
+
+   *David von Oheimb*
+
  * Deprecated `OCSP_parse_url()`, which is replaced with `OSSL_HTTP_parse_url`.
 
    *David von Oheimb*

diff --git a/doc/man3/X509_load_http.pod b/doc/man3/X509_load_http.pod
index a890f31ad80505fc5d1996228878f49e43a9e1a0..9e54d31c42c20b2fe17e799eafdaf51d463388c4 100644 (file)
--- a/doc/man3/X509_load_http.pod
+++ b/doc/man3/X509_load_http.pod
@@ -15,6 +15,10 @@ X509_CRL_http_nbio
  X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
  X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
 
+Deprecated since OpenSSL 3.0, can be hidden entirely by defining
+B<OPENSSL_API_COMPAT> with a suitable version value, see
+L<openssl_user_macros(7)>:
+
  #define X509_http_nbio(rctx, pcert)
  #define X509_CRL_http_nbio(rctx, pcrl)
 
@@ -50,6 +54,7 @@ L<OSSL_HTTP_get_asn1(3)>
 =head1 HISTORY
 
 X509_load_http() and X509_CRL_load_http() were added in OpenSSL 3.0.
+X509_http_nbio() and X509_CRL_http_nbio() were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 

diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index 1726ecf4dc33d0001f091dac40be9cbd02af9b22..4877fb21f9af847f9b1d1239bd04b6d329d8505d 100644 (file)
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -403,13 +403,14 @@ int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
                      unsigned char *md, unsigned int *len);
 
 X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
-# define X509_http_nbio(rctx, pcert)                                    \
-    ((*(pcert) =                                                        \
-      OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(X509))) != NULL)
 X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout);
-# define X509_CRL_http_nbio(rctx, pcrl)                                 \
-    ((*(pcrl) =                                                         \
-      OSSL_HTTP_REQ_CTX_sendreq_d2i(rctx, ASN1_ITEM_rptr(X509_CRL))) != NULL)
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  include <openssl/ocsp.h> /* OCSP_REQ_CTX_nbio_d2i */
+#  define X509_http_nbio(rctx, pcert) \
+      OCSP_REQ_CTX_nbio_d2i(rctx, pcert, ASN1_ITEM_rptr(X509))
+#  define X509_CRL_http_nbio(rctx, pcrl) \
+      OCSP_REQ_CTX_nbio_d2i(rctx, pcrl, ASN1_ITEM_rptr(X509_CRL))
+# endif
 
 # ifndef OPENSSL_NO_STDIO
 X509 *d2i_X509_fp(FILE *fp, X509 **x509);

diff --git a/util/other.syms b/util/other.syms
index bd9f4d32a9ae5d3e3befe0f56d81aca0b5c942b2..3f36f530763b963d299ecfc13e22b537d3c4145a 100644 (file)
--- a/util/other.syms
+++ b/util/other.syms
@@ -589,8 +589,8 @@ SSLv23_client_method                    define
 SSLv23_method                           define
 SSLv23_server_method                    define
 TLS_DEFAULT_CIPHERSUITES                define deprecated 3.0.0
-X509_CRL_http_nbio                      define
-X509_http_nbio                          define
+X509_CRL_http_nbio                      define deprecated 3.0.0
+X509_http_nbio                          define deprecated 3.0.0
 X509_LOOKUP_add_dir                     define
 X509_LOOKUP_add_store                   define
 X509_LOOKUP_add_store_ex                define