From ecef17c367a4d11cb08c6d255d857820df26aac0 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Sat, 5 Dec 2020 10:42:18 -0500 Subject: [PATCH] Deprecate OCSP_REQ_CTX_set1_req Reviewed-by: David von Oheimb Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/13620) --- crypto/ocsp/ocsp_http.c | 2 ++ doc/man3/OCSP_sendreq_new.pod | 18 +++++++++++++----- include/openssl/ocsp.h.in | 4 +++- util/libcrypto.num | 2 +- 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/crypto/ocsp/ocsp_http.c b/crypto/ocsp/ocsp_http.c index cf4d69d849..eae6107dff 100644 --- a/crypto/ocsp/ocsp_http.c +++ b/crypto/ocsp/ocsp_http.c @@ -13,11 +13,13 @@ #ifndef OPENSSL_NO_OCSP +# ifndef OPENSSL_NO_DEPRECATED_3_0 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req) { return OCSP_REQ_CTX_i2d(rctx, "application/ocsp-request", ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req); } +# endif OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, int maxline) diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod index f3224daa92..3988eb2c01 100644 --- a/doc/man3/OCSP_sendreq_new.pod +++ b/doc/man3/OCSP_sendreq_new.pod @@ -23,10 +23,14 @@ OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name, const char *value); - int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); - OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req); +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B with a suitable version value, see +L: + + int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); + =head1 DESCRIPTION The function OCSP_sendreq_new() returns an B structure using the @@ -50,13 +54,13 @@ It B be called before any calls to OCSP_sendreq_nbio(). The B parameter in the initial to OCSP_sendreq_new() call MUST be set to B if additional headers are set. -OCSP_REQ_CTX_set1_req() sets the OCSP request in B to B. This -function should be called after any calls to OCSP_REQ_CTX_add1_header(). - OCSP_sendreq_bio() performs an OCSP request using the responder B, the URL path B, the OCSP request B and with a response header maximum line length 4k. It waits indefinitely on a response. +OCSP_REQ_CTX_set1_req() sets the OCSP request in B to B. This +function should be called after any calls to OCSP_REQ_CTX_add1_header(). + =head1 RETURN VALUES OCSP_sendreq_new() returns a valid B structure or B @@ -103,6 +107,10 @@ L, L, L +=head1 HISTORY + +The OCSP_REQ_CTX_set1_req() function was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in index b702f607be..8422ecf451 100644 --- a/include/openssl/ocsp.h.in +++ b/include/openssl/ocsp.h.in @@ -198,8 +198,10 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, int maxline); int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); -/* TODO: remove this (documented but) meanwhile obsolete function? */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 +OSSL_DEPRECATEDIN_3_0 int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req); +# endif OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, const X509 *issuer); diff --git a/util/libcrypto.num b/util/libcrypto.num index ca3d14ad64..c994e9774d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -3334,7 +3334,7 @@ EVP_PKEY_meth_get_verify 3403 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_ CRYPTO_128_wrap 3404 3_0_0 EXIST::FUNCTION: X509_STORE_set_lookup_crls 3405 3_0_0 EXIST::FUNCTION: EVP_CIPHER_meth_get_ctrl 3406 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0 -OCSP_REQ_CTX_set1_req 3407 3_0_0 EXIST::FUNCTION:OCSP +OCSP_REQ_CTX_set1_req 3407 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,OCSP CONF_imodule_get_usr_data 3408 3_0_0 EXIST::FUNCTION: CRYPTO_new_ex_data 3409 3_0_0 EXIST::FUNCTION: PEM_read_PKCS8_PRIV_KEY_INFO 3410 3_0_0 EXIST::FUNCTION:STDIO -- 2.34.1