-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace and Deprecate TS_VERIFY_CTX Functions and Add Documentation #24701
base: master
Are you sure you want to change the base?
Conversation
Fixes openssl#18854: Replace and deprecate the functions `TS_VERIFY_CTX_set_data`, `TS_VERIFY_CTX_set_store`, `TS_VERIFY_CTX_set_certs`, `TS_VERIFY_CTX_set_imprint` with new versions: `TS_VERIFY_CTX_set0_data`, `TS_VERIFY_CTX_set0_store`, `TS_VERIFY_CTX_set0_certs` and `TS_VERIFY_CTX_set0_imprint`. The previous functions had poorly documented memory handling, potentially leading to memory leaks. The new functions improve memory management and provide clearer usage. Also, update existing code to use the new function calls instead of the deprecated ones.
@erbsland-dev looks like there are a few minor doc nits to correct |
f8bbb2e
to
d2f1b19
Compare
Mark the existing `TS_VERIFY_CTX_set_certs` function as deprecated in the documentation. Add missing documentation for the deprecated functions `TS_VERIFY_CTX_set_data`, `TS_VERIFY_CTX_set_imprint`, and `TS_VERIFY_CTX_set_store`. Write missing documentation for the following functions: - `TS_VERIFY_CTX_new` - `TS_VERIFY_CTX_init` - `TS_VERIFY_CTX_free` - `TS_VERIFY_CTX_cleanup` - `TS_VERIFY_CTX_set_flags` - `TS_VERIFY_CTX_add_flags` - `TS_VERIFY_CTX_set0_data` - `TS_VERIFY_CTX_set0_imprint` - `TS_VERIFY_CTX_set0_store` - `TS_VERIFY_CTX_set0_certs`
d2f1b19
to
f3562d7
Compare
@nhorman I fixed the documentation issues. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good work!
|
||
TS_VERIFY_CTS_set_certs() is a misspelled version of TS_VERIFY_CTX_set_certs() | ||
which takes the same parameters and returns the same result. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: please drop this extra empty line
|
||
STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, | ||
STACK_OF(X509) *certs); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please drop this empty line
# endif | ||
int TS_VERIFY_CTX_set0_data(TS_VERIFY_CTX *ctx, BIO *b); | ||
# ifndef OPENSSL_NO_DEPRECATED_3_4 | ||
OSSL_DEPRECATEDIN_3_4_FOR("Memory usage was not defined, replace with TS_VERIFY_CTX_set0_imprint().") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest not putting the deprecation reason into the message. Or at least make it shorter Unclear semantics, replace with...
.
int TS_VERIFY_CTX_set0_imprint(TS_VERIFY_CTX *ctx, | ||
unsigned char *hexstr, long len); | ||
# ifndef OPENSSL_NO_DEPRECATED_3_4 | ||
OSSL_DEPRECATEDIN_3_4_FOR("Previous ctx data was not released, replace with TS_VERIFY_CTX_set0_store().") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As above
# ifndef OPENSSL_NO_DEPRECATED_3_0 | ||
# define TS_VERIFY_CTS_set_certs(ctx, cert) TS_VERIFY_CTX_set_certs(ctx,cert) | ||
# endif | ||
# ifndef OPENSSL_NO_DEPRECATED_3_4 | ||
OSSL_DEPRECATEDIN_3_4_FOR("Previous ctx data was not released, replace with TS_VERIFY_CTX_set0_certs().") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As above
key. Then the client verifies the received TST using the server's certificate | ||
chain. | ||
|
||
For all the following methods, unless noted otherwise, B<ctx> is the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know you're just copying the page however as you're already touching this, could you please use I<ctx>
and similarly elsewhere throughout the manpage where names of arguments are referenced?
(Tests exempted because we do not have any TS subsystem testcases at all yet.) |
@erbsland-dev Could you please also rebase this to resolve the conflict? |
@t8m Sure, I'll do it, but it probably won't be until the weekend. |
This pull request addresses two main areas related to the
TS_VERIFY_CTX
functions:1. Replace and Deprecate Functions
Fixes #18854 by replacing and deprecating the following functions due to poorly documented memory handling, which could lead to memory leaks:
TS_VERIFY_CTX_set_data
TS_VERIFY_CTX_set_store
TS_VERIFY_CTX_set_certs
TS_VERIFY_CTX_set_imprint
These functions are replaced with:
TS_VERIFY_CTX_set0_data
TS_VERIFY_CTX_set0_store
TS_VERIFY_CTX_set0_certs
TS_VERIFY_CTX_set0_imprint
Updates have been made to existing code to use the new function calls instead of the deprecated ones.
2. Add and Update Documentation
TS_VERIFY_CTX_set_certs
function as deprecated in the documentation.TS_VERIFY_CTX_set_data
TS_VERIFY_CTX_set_imprint
TS_VERIFY_CTX_set_store
TS_VERIFY_CTX_new
TS_VERIFY_CTX_init
TS_VERIFY_CTX_free
TS_VERIFY_CTX_cleanup
TS_VERIFY_CTX_set_flags
TS_VERIFY_CTX_add_flags
TS_VERIFY_CTX_set0_data
TS_VERIFY_CTX_set0_imprint
TS_VERIFY_CTX_set0_store
TS_VERIFY_CTX_set0_certs
These changes improve memory management, enhance future extensibility, and provide clearer usage guidelines through updated and additional documentation.