Remove cleanup() and get_crl() from X509_STORE_CTX

ok jsing

diff --git a/lib/libcrypto/x509/x509_local.h b/lib/libcrypto/x509/x509_local.h
index 080dbaf..81efb69 100644 (file)
--- a/lib/libcrypto/x509/x509_local.h
+++ b/lib/libcrypto/x509/x509_local.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: x509_local.h,v 1.12 2023/12/22 07:35:09 tb Exp $ */
+/*     $OpenBSD: x509_local.h,v 1.13 2023/12/22 09:40:14 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2013.
  */
@@ -337,13 +337,11 @@ struct x509_store_ctx_st {
        int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
        int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
        int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
-       int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
        int (*check_policy)(X509_STORE_CTX *ctx);
        STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
        STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
-       int (*cleanup)(X509_STORE_CTX *ctx);
 
        /* The following is built up */
        int valid;              /* if 0, rebuild chain */

diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c
index 2f86722..93fa2c2 100644 (file)
--- a/lib/libcrypto/x509/x509_vfy.c
+++ b/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.128 2023/12/22 07:35:09 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.129 2023/12/22 09:40:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -976,13 +976,7 @@ check_cert(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, int depth)
        while (ctx->current_reasons != CRLDP_ALL_REASONS) {
                last_reasons = ctx->current_reasons;
                /* Try to retrieve relevant CRL */
-               if (ctx->get_crl)
-                       ok = ctx->get_crl(ctx, &crl, x);
-               else
-                       ok = get_crl_delta(ctx, &crl, &dcrl, x);
-               /* If error looking up CRL, nothing we can do except
-                * notify callback
-                */
+               ok = get_crl_delta(ctx, &crl, &dcrl, x);
                if (!ok) {
                        ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
                        ok = ctx->verify_cb(0, ctx);
@@ -2341,13 +2335,11 @@ X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *leaf,
        ctx->get_issuer = X509_STORE_CTX_get1_issuer;
        ctx->check_issued = check_issued;
        ctx->check_revocation = check_revocation;
-       ctx->get_crl = NULL;                            /* XXX - remove */
        ctx->check_crl = check_crl;
        ctx->cert_crl = cert_crl;
        ctx->check_policy = check_policy;
        ctx->lookup_certs = X509_STORE_CTX_get1_certs;
        ctx->lookup_crls = X509_STORE_CTX_get1_crls;
-       ctx->cleanup = NULL;                            /* XXX - remove */
 
        ctx->param = X509_VERIFY_PARAM_new();
        if (!ctx->param) {
@@ -2403,8 +2395,6 @@ LCRYPTO_ALIAS(X509_STORE_CTX_set0_trusted_stack);
 void
 X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
 {
-       if (ctx->cleanup)
-               ctx->cleanup(ctx);
        if (ctx->param != NULL) {
                if (ctx->parent == NULL)
                        X509_VERIFY_PARAM_free(ctx->param);