diff options
| author | David Benjamin <davidben@google.com> | 2024-05-10 10:36:29 -0700 |
|---|---|---|
| committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2024-05-10 18:37:19 +0000 |
| commit | 8a0da669a08b6c6b805fd7ec9d1e67694fda3711 (patch) | |
| tree | d770185af86dc55efed0e5e4deffc78caf5bd12e /include | |
| parent | 4d50a595b49a2e7b7017060a4d402c4ee9fe28a2 (diff) | |
| download | boringssl-8a0da669a08b6c6b805fd7ec9d1e67694fda3711.zip boringssl-8a0da669a08b6c6b805fd7ec9d1e67694fda3711.tar.gz boringssl-8a0da669a08b6c6b805fd7ec9d1e67694fda3711.tar.bz2 | |
Remove X509_STORE_set_get_crl and X509_STORE_set_check_crl
gRPC is no longer using these, so remove them. They were impossible to
use correctly and are the cause of weird statefulness around
ctx->error_depth.
Once this CL sticks, we can follow up and clean up this a code a bit.
Update-Note: Some unused (and unusable) callbacks were removed.
Bug: 674
Change-Id: I8109dd6555d2ca056447c1b4f0aa28abe7af81b9
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/68387
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/x509.h | 23 |
1 files changed, 0 insertions, 23 deletions
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index a072d6f..f5583d0 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -5294,29 +5294,6 @@ OPENSSL_EXPORT void X509_STORE_set_verify_cb( #define X509_STORE_set_verify_cb_func(store, func) \ X509_STORE_set_verify_cb((store), (func)) -typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, X509_CRL **crl, - X509 *x); -typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); - -// X509_STORE_set_get_crl override's |store|'s logic for looking up CRLs. -// -// Do not use this function. It is temporarily retained to support one caller -// and will be removed after that caller is fixed. It is not possible for -// external callers to correctly implement this callback. The real -// implementation sets some inaccessible internal state on |X509_STORE_CTX|. -OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *store, - X509_STORE_CTX_get_crl_fn get_crl); - -// X509_STORE_set_check_crl override's |store|'s logic for checking CRL -// validity. -// -// Do not use this function. It is temporarily retained to support one caller -// and will be removed after that caller is fixed. It is not possible for -// external callers to correctly implement this callback. The real -// implementation relies some inaccessible internal state on |X509_STORE_CTX|. -OPENSSL_EXPORT void X509_STORE_set_check_crl( - X509_STORE *store, X509_STORE_CTX_check_crl_fn check_crl); - // X509_STORE_CTX_set_chain configures |ctx| to use |sk| for untrusted // intermediate certificates to use in verification. This function is redundant // with the |chain| parameter of |X509_STORE_CTX_init|. Use the parameter |