From 7d5bb75ee6d46fc35fdbcc09cbfaf986e41d5dff Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 28 Aug 2024 08:33:06 +0000 Subject: [PATCH] Disable X509V3_EXT{,_CRL,_REQ}_add_conf() These legacy interfaces were only used by PHP 7.4 and 8.0 and they will be removed in an upcoming bump. ok beck jsing --- lib/libcrypto/hidden/openssl/x509v3.h | 8 ++++---- lib/libcrypto/x509/x509_conf.c | 24 +++++++----------------- 2 files changed, 11 insertions(+), 21 deletions(-) diff --git a/lib/libcrypto/hidden/openssl/x509v3.h b/lib/libcrypto/hidden/openssl/x509v3.h index 1799d4811d0..c2293d8ea05 100644 --- a/lib/libcrypto/hidden/openssl/x509v3.h +++ b/lib/libcrypto/hidden/openssl/x509v3.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509v3.h,v 1.9 2024/07/08 17:01:54 beck Exp $ */ +/* $OpenBSD: x509v3.h,v 1.10 2024/08/28 08:33:06 tb Exp $ */ /* * Copyright (c) 2022 Bob Beck * @@ -139,9 +139,9 @@ LCRYPTO_USED(X509V3_EXT_REQ_add_nconf); LCRYPTO_USED(X509V3_EXT_CRL_add_nconf); LCRYPTO_USED(X509V3_EXT_conf_nid); LCRYPTO_USED(X509V3_EXT_conf); -LCRYPTO_USED(X509V3_EXT_add_conf); -LCRYPTO_USED(X509V3_EXT_REQ_add_conf); -LCRYPTO_USED(X509V3_EXT_CRL_add_conf); +LCRYPTO_UNUSED(X509V3_EXT_add_conf); +LCRYPTO_UNUSED(X509V3_EXT_REQ_add_conf); +LCRYPTO_UNUSED(X509V3_EXT_CRL_add_conf); LCRYPTO_USED(X509V3_add_value_bool_nf); LCRYPTO_USED(X509V3_get_value_bool); LCRYPTO_USED(X509V3_get_value_int); diff --git a/lib/libcrypto/x509/x509_conf.c b/lib/libcrypto/x509/x509_conf.c index b506d3ddfb1..b6e5cd147ac 100644 --- a/lib/libcrypto/x509/x509_conf.c +++ b/lib/libcrypto/x509/x509_conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_conf.c,v 1.18 2024/06/24 06:32:04 tb Exp $ */ +/* $OpenBSD: x509_conf.c,v 1.19 2024/08/28 08:33:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -562,35 +562,25 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *section, X509 *cert) { - CONF ctmp; - - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); + X509V3error(ERR_R_DISABLED); + return 0; } LCRYPTO_ALIAS(X509V3_EXT_add_conf); -/* Same as above but for a CRL */ - int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *section, X509_CRL *crl) { - CONF ctmp; - - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); + X509V3error(ERR_R_DISABLED); + return 0; } LCRYPTO_ALIAS(X509V3_EXT_CRL_add_conf); -/* Add extensions to certificate request */ - int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *section, X509_REQ *req) { - CONF ctmp; - - CONF_set_nconf(&ctmp, conf); - return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); + X509V3error(ERR_R_DISABLED); + return 0; } LCRYPTO_ALIAS(X509V3_EXT_REQ_add_conf); -- 2.20.1