Mark remaining policy tree public API for removal

ok jsing

diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h
index 9e3c263..f5b103a 100644 (file)
--- a/lib/libcrypto/x509/x509_vfy.h
+++ b/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.58 2023/03/10 16:44:07 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.59 2023/04/16 08:21:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -416,8 +416,12 @@ X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
 #define X509_STORE_set_verify_func(ctx, func) \
     X509_STORE_set_verify((ctx), (func))
 
+/* Remove in next bump. */
+#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
 int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
+#endif
+
 int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
 
 X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
@@ -468,13 +472,21 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
 const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
 void X509_VERIFY_PARAM_table_cleanup(void);
 
+/* Move to x509_local.h in next bump - needed by x509_vfy.c. */
+#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
 int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
                        STACK_OF(X509) *certs,
                        STACK_OF(ASN1_OBJECT) *policy_oids,
                        unsigned int flags);
 
 void X509_policy_tree_free(X509_POLICY_TREE *tree);
+#endif
 
+/*
+ * Move these to pcy_int.h in next bump - X509_policy_tree_get0_user_policies()
+ * is actually used, the rest can be deleted.
+ */
+#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
 int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
 X509_POLICY_LEVEL *
        X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);
@@ -496,8 +508,9 @@ STACK_OF(POLICYQUALINFO) *
 const X509_POLICY_NODE *
        X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
 
+#endif
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-

diff --git a/lib/libcrypto/x509/x509v3.h b/lib/libcrypto/x509/x509v3.h
index f4c1222..9a08845 100644 (file)
--- a/lib/libcrypto/x509/x509v3.h
+++ b/lib/libcrypto/x509/x509v3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.18 2023/04/16 08:11:38 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.19 2023/04/16 08:21:13 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -844,8 +844,11 @@ int a2i_ipadd(unsigned char *ipout, const char *ipasc);
 int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
                                                unsigned long chtype);
 
+/* Move to pcy_int.h. */
+#if !defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
 DECLARE_STACK_OF(X509_POLICY_NODE)
+#endif
 
 #ifndef OPENSSL_NO_RFC3779
 typedef struct ASRange_st {