undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locations

The underlying functions remain and these are widely used.
This undoes the deprecation part of PR8442

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12001)

diff --git a/CHANGES.md b/CHANGES.md
index 10fd8d541db1946d0eb48bf6ccf0f0ee0183fbcf..241d6ca23c4ec695f108689ad365a89b6c32a75a 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -542,13 +542,6 @@ OpenSSL 3.0
    - SSL_CTX_load_verify_dir()
    - SSL_CTX_load_verify_store()
 
    - SSL_CTX_load_verify_dir()
    - SSL_CTX_load_verify_store()
 

-   Also, the following functions are now deprecated:
-
-   - X509_STORE_load_locations() (use X509_STORE_load_file(),
-     X509_STORE_load_path() or X509_STORE_load_store() instead)
-   - SSL_CTX_load_verify_locations() (use SSL_CTX_load_verify_file(),
-     SSL_CTX_load_verify_dir() or SSL_CTX_load_verify_store() instead)
-

    *Richard Levitte*
 
  * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
    *Richard Levitte*
 
  * Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.

diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
index cb0f84a7e8a475ef90b91c360c5248069b8599e7..dec5f9d0770adccbc3d22248367f24587d6bf23b 100644 (file)
--- a/crypto/x509/x509_d2.c
+++ b/crypto/x509/x509_d2.c
@@ -73,8 +73,6 @@ int X509_STORE_load_store(X509_STORE *ctx, const char *uri)
     return 1;
 }
 
     return 1;
 }
 

-/* Deprecated */
-#ifndef OPENSSL_NO_DEPRECATED_3_0

 int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
                               const char *path)
 {
 int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
                               const char *path)
 {


@@ -86,4 +84,3 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
         return 0;
     return 1;
 }
         return 0;
     return 1;
 }

-#endif

diff --git a/doc/man3/SSL_CTX_load_verify_locations.pod b/doc/man3/SSL_CTX_load_verify_locations.pod
index d28ec4c867089657282359e78675c89aaa622886..ecc75b72e05d37eaf69dcb73a08d0bed09bb5f1d 100644 (file)
--- a/doc/man3/SSL_CTX_load_verify_locations.pod
+++ b/doc/man3/SSL_CTX_load_verify_locations.pod
@@ -22,20 +22,16 @@ SSL_CTX_set_default_verify_store, SSL_CTX_load_verify_locations
  int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
  int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
 
  int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
  int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
 

-Deprecated since OpenSSL 3.0, can be hidden entirely by defining
-B<OPENSSL_API_COMPAT> with a suitable version value, see
-L<openssl_user_macros(7)>:
-

  int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                    const char *CApath);
 
 =head1 DESCRIPTION
 
  int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                    const char *CApath);
 
 =head1 DESCRIPTION
 

-SSL_CTX_load_verify_dir(), SSL_CTX_load_verify_file(),
-SSL_CTX_load_verify_store() specifies the locations for B<ctx>, at
-which CA certificates for verification purposes are located. The
-certificates available via B<CAfile>, B<CApath> and B<CAstore> are
-trusted.
+SSL_CTX_load_verify_locations(), SSL_CTX_load_verify_dir(),
+SSL_CTX_load_verify_file(), SSL_CTX_load_verify_store() specifies the
+locations for B<ctx>, at which CA certificates for verification purposes
+are located. The certificates available via B<CAfile>, B<CApath> and
+B<CAstore> are trusted.

 
 SSL_CTX_set_default_verify_paths() specifies that the default locations from
 which CA certificates are loaded should be used. There is one default directory,
 
 SSL_CTX_set_default_verify_paths() specifies that the default locations from
 which CA certificates are loaded should be used. There is one default directory,

diff --git a/doc/man3/X509_STORE_add_cert.pod b/doc/man3/X509_STORE_add_cert.pod
index d41f2ae5a64826927879d7fdb8c66c746d270684..ce50e368e717501f31cff12e4653f52072682d87 100644 (file)
--- a/doc/man3/X509_STORE_add_cert.pod
+++ b/doc/man3/X509_STORE_add_cert.pod
@@ -32,8 +32,6 @@ X509_STORE_load_locations
  int X509_STORE_load_path(X509_STORE *ctx, const char *dir);
  int X509_STORE_load_store(X509_STORE *ctx, const char *uri);
 
  int X509_STORE_load_path(X509_STORE *ctx, const char *dir);
  int X509_STORE_load_store(X509_STORE *ctx, const char *uri);
 

-Deprecated:
-

  int X509_STORE_load_locations(X509_STORE *ctx,
                                const char *file, const char *dir);
 
  int X509_STORE_load_locations(X509_STORE *ctx,
                                const char *file, const char *dir);
 

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d1e9f7957d11c37e5a6be79b3917df58987353bd..0973f0688d29f6c77a5608ef9a0f29408756e5ba 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2025,9 +2025,9 @@ __owur int SSL_CTX_set_default_verify_store(SSL_CTX *ctx);
 __owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile);
 __owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath);
 __owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore);
 __owur int SSL_CTX_load_verify_file(SSL_CTX *ctx, const char *CAfile);
 __owur int SSL_CTX_load_verify_dir(SSL_CTX *ctx, const char *CApath);
 __owur int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore);

-DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
+__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,

                                                         const char *CAfile,
                                                         const char *CAfile,

-                                                        const char *CApath))
+                                                        const char *CApath);

 # define SSL_get0_session SSL_get_session/* just peek at pointer */
 __owur SSL_SESSION *SSL_get_session(const SSL *ssl);
 __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
 # define SSL_get0_session SSL_get_session/* just peek at pointer */
 __owur SSL_SESSION *SSL_get_session(const SSL *ssl);
 __owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */

diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 92aed0838091f1b85ad1bcb7ef139b1b6992e00e..fda13502c3733f5625ed7f894d63798d1636cdd3 100644 (file)
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -510,9 +510,9 @@ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 int X509_STORE_load_file(X509_STORE *ctx, const char *file);
 int X509_STORE_load_path(X509_STORE *ctx, const char *path);
 int X509_STORE_load_store(X509_STORE *ctx, const char *store);
 int X509_STORE_load_file(X509_STORE *ctx, const char *file);
 int X509_STORE_load_path(X509_STORE *ctx, const char *path);
 int X509_STORE_load_store(X509_STORE *ctx, const char *store);

-DEPRECATEDIN_3_0(int X509_STORE_load_locations(X509_STORE *ctx,
+int X509_STORE_load_locations(X509_STORE *ctx,

                                                const char *file,
                                                const char *file,

-                                               const char *dir))
+                                               const char *dir);

 int X509_STORE_set_default_paths(X509_STORE *ctx);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
 int X509_STORE_set_default_paths(X509_STORE *ctx);
 
 #define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index dafec3d5c7cb0d46873586130d92f00c2de0b518..cb02129d9dc2245b820521db4334d98bf044a472 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -4339,7 +4339,6 @@ int SSL_CTX_load_verify_store(SSL_CTX *ctx, const char *CAstore)
     return X509_STORE_load_store(ctx->cert_store, CAstore);
 }
 
     return X509_STORE_load_store(ctx->cert_store, CAstore);
 }
 

-#ifndef OPENSSL_NO_DEPRECATED_3_0

 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                   const char *CApath)
 {
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
                                   const char *CApath)
 {


@@ -4351,7 +4350,6 @@ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
         return 0;
     return 1;
 }
         return 0;
     return 1;
 }

-#endif

 
 void SSL_set_info_callback(SSL *ssl,
                            void (*cb) (const SSL *ssl, int type, int val))
 
 void SSL_set_info_callback(SSL *ssl,
                            void (*cb) (const SSL *ssl, int type, int val))

diff --git a/util/libcrypto.num b/util/libcrypto.num
index cc11651b76bee3e76bc30437c32ec2fccbb934ce..1a511323877c8410e06e0fe0eee0f0b7dc382c23 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -2123,7 +2123,7 @@ X509_EXTENSION_create_by_NID            2168      3_0_0   EXIST::FUNCTION:
 i2d_RSAPrivateKey                       2169   3_0_0   EXIST::FUNCTION:RSA
 d2i_CERTIFICATEPOLICIES                 2170   3_0_0   EXIST::FUNCTION:
 CMAC_CTX_get0_cipher_ctx                2171   3_0_0   EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0
 i2d_RSAPrivateKey                       2169   3_0_0   EXIST::FUNCTION:RSA
 d2i_CERTIFICATEPOLICIES                 2170   3_0_0   EXIST::FUNCTION:
 CMAC_CTX_get0_cipher_ctx                2171   3_0_0   EXIST::FUNCTION:CMAC,DEPRECATEDIN_3_0

-X509_STORE_load_locations               2172   3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0
+X509_STORE_load_locations               2172   3_0_0   EXIST::FUNCTION:

 OBJ_find_sigid_algs                     2173   3_0_0   EXIST::FUNCTION:
 TS_RESP_CTX_set_accuracy                2174   3_0_0   EXIST::FUNCTION:TS
 NETSCAPE_SPKI_get_pubkey                2175   3_0_0   EXIST::FUNCTION:
 OBJ_find_sigid_algs                     2173   3_0_0   EXIST::FUNCTION:
 TS_RESP_CTX_set_accuracy                2174   3_0_0   EXIST::FUNCTION:TS
 NETSCAPE_SPKI_get_pubkey                2175   3_0_0   EXIST::FUNCTION:

diff --git a/util/libssl.num b/util/libssl.num
index b8e0982daaa5d5e28508c6ff033eded8f4ba1fbe..d638088ddee8a68695438487fa94b83008886d05 100644 (file)
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -354,7 +354,7 @@ SSL_set_session_id_context              354 3_0_0   EXIST::FUNCTION:
 SSL_new                                 355    3_0_0   EXIST::FUNCTION:
 TLSv1_1_method                          356    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
 SSL_CTX_get_cert_store                  357    3_0_0   EXIST::FUNCTION:
 SSL_new                                 355    3_0_0   EXIST::FUNCTION:
 TLSv1_1_method                          356    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_1_1_0,TLS1_1_METHOD
 SSL_CTX_get_cert_store                  357    3_0_0   EXIST::FUNCTION:

-SSL_CTX_load_verify_locations           358    3_0_0   EXIST::FUNCTION:DEPRECATEDIN_3_0
+SSL_CTX_load_verify_locations           358    3_0_0   EXIST::FUNCTION:

 SSL_SESSION_print_fp                    359    3_0_0   EXIST::FUNCTION:STDIO
 SSL_get0_dane_tlsa                      360    3_0_0   EXIST::FUNCTION:
 SSL_CTX_set_generate_session_id         361    3_0_0   EXIST::FUNCTION:
 SSL_SESSION_print_fp                    359    3_0_0   EXIST::FUNCTION:STDIO
 SSL_get0_dane_tlsa                      360    3_0_0   EXIST::FUNCTION:
 SSL_CTX_set_generate_session_id         361    3_0_0   EXIST::FUNCTION: