diff options
author | Tim Rühsen <tim.ruehsen@gmx.de> | 2018-12-21 10:31:22 +0000 |
---|---|---|
committer | Tim Rühsen <tim.ruehsen@gmx.de> | 2018-12-21 10:31:22 +0000 |
commit | d4029938088c7a1f92ed9b6c5f90c09bc8a920c3 (patch) | |
tree | af278a025a0c0f01bb05cf3da17a33ccc865de4a | |
parent | e32ca94cf285eb4ded3dae29e6fca637ed2ad48e (diff) | |
parent | e10dcc2acdc366d2e3841a2f171be5c20f9b9cfb (diff) | |
download | gnutls-d4029938088c7a1f92ed9b6c5f90c09bc8a920c3.tar.gz |
Merge branch 'tmp-no-well-defined' into 'master'
GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecated
See merge request gnutls/gnutls!844
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | doc/cha-upgrade.texi | 5 | ||||
-rw-r--r-- | lib/includes/gnutls/x509.h | 1 | ||||
-rw-r--r-- | lib/x509/x509.c | 5 | ||||
-rw-r--r-- | src/pkcs11.c | 5 | ||||
-rw-r--r-- | src/tests.c | 1 |
6 files changed, 12 insertions, 9 deletions
@@ -12,9 +12,13 @@ See the end for copying conditions. types via the priority strings. The raw public-key mechanism must be explicitly enabled via the GNUTLS_ENABLE_RAWPK init flag. +** GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous + definition was buggy and non-functional. + ** API and ABI modifications: GNUTLS_ENABLE_RAWPK: Added GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK) +GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated * Version 3.6.5 (released 2018-12-01) diff --git a/doc/cha-upgrade.texi b/doc/cha-upgrade.texi index 28c9249a7d..286790de5b 100644 --- a/doc/cha-upgrade.texi +++ b/doc/cha-upgrade.texi @@ -258,4 +258,9 @@ before calling this function to avoid delays. @item Supplemental data is not supported under TLS 1.3 @tab The TLS supplemental data handshake message (RFC 4680) is not supported under TLS 1.3, so if the application calls @funcref{gnutls_supplemental_register} or @funcref{gnutls_session_supplemental_register}, TLS 1.3 is disabled. +@item The GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION macro is a no-op +@tab The macro was non-functional and because of the nature of the +definition of the no-well-defined date for certificates (a real date), +it will not be fixed or re-introduced. + @end multitable diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 13b642a840..e6a311aa7a 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -421,6 +421,7 @@ int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert); +/* This macro is deprecated and defunc; do not use */ #define GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION ((time_t)4294197631) time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert); diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 998062fd6d..b5de7cb7c8 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1174,12 +1174,9 @@ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert) * gnutls_x509_crt_get_expiration_time: * @cert: should contain a #gnutls_x509_crt_t type * - * This function will return the time this Certificate was or will be + * This function will return the time this certificate was or will be * expired. * - * The no well defined expiration time can be checked against with the - * %GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION macro. - * * Returns: expiration time, or (time_t)-1 on error. **/ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert) diff --git a/src/pkcs11.c b/src/pkcs11.c index 66ef6b0fe0..fe865f3f71 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -314,10 +314,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, } if (otype == GNUTLS_PKCS11_OBJ_X509_CRT && exp != -1) { - if (exp == GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION) - fprintf(outfile, "\tExpires: Never\n"); - else - fprintf(outfile, "\tExpires: %s", ctime(&exp)); + fprintf(outfile, "\tExpires: %s", ctime(&exp)); } gnutls_free(output); diff --git a/src/tests.c b/src/tests.c index 682ce41504..ffa772553a 100644 --- a/src/tests.c +++ b/src/tests.c @@ -117,7 +117,6 @@ char prio_str[512] = ""; #define BLOCK_CIPHERS "+3DES-CBC:+AES-128-CBC:+CAMELLIA-128-CBC:+AES-256-CBC:+CAMELLIA-256-CBC" #define ALL_COMP "+COMP-NULL" #define ALL_MACS "+MAC-ALL:+MD5:+SHA1" -#define ALL_CERTTYPES "+CTYPE-X509:+CTYPE-RAWPK" #define ALL_KX "+RSA:+DHE-RSA:+DHE-DSS:+ANON-DH:+ECDHE-RSA:+ECDHE-ECDSA:+ANON-ECDH" #define INIT_STR "NONE:" char rest[128] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL"; |