diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-12-21 07:58:24 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-12-21 08:23:28 +0100 |
commit | e10dcc2acdc366d2e3841a2f171be5c20f9b9cfb (patch) | |
tree | af278a025a0c0f01bb05cf3da17a33ccc865de4a | |
parent | d6b44f21288f1e6085086e9ce11ba771660af252 (diff) | |
download | gnutls-e10dcc2acdc366d2e3841a2f171be5c20f9b9cfb.tar.gz |
GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecatedtmp-no-well-defined
This removes the documented use of this macro. It was non-functional.
Given the nature of the definition of the non-well defined date for
certificates, it may be wise not to use a special macro at all. The
reason is that the no-well defined date is a real date (~year 9999),
and any approximation with seconds will be unstable due to irregular
leap seconds.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | doc/cha-upgrade.texi | 5 | ||||
-rw-r--r-- | lib/includes/gnutls/x509.h | 1 | ||||
-rw-r--r-- | lib/x509/x509.c | 5 | ||||
-rw-r--r-- | src/pkcs11.c | 5 |
5 files changed, 12 insertions, 8 deletions
@@ -12,9 +12,13 @@ See the end for copying conditions. types via the priority strings. The raw public-key mechanism must be explicitly enabled via the GNUTLS_ENABLE_RAWPK init flag. +** GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous + definition was buggy and non-functional. + ** API and ABI modifications: GNUTLS_ENABLE_RAWPK: Added GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK) +GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated * Version 3.6.5 (released 2018-12-01) diff --git a/doc/cha-upgrade.texi b/doc/cha-upgrade.texi index 28c9249a7d..286790de5b 100644 --- a/doc/cha-upgrade.texi +++ b/doc/cha-upgrade.texi @@ -258,4 +258,9 @@ before calling this function to avoid delays. @item Supplemental data is not supported under TLS 1.3 @tab The TLS supplemental data handshake message (RFC 4680) is not supported under TLS 1.3, so if the application calls @funcref{gnutls_supplemental_register} or @funcref{gnutls_session_supplemental_register}, TLS 1.3 is disabled. +@item The GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION macro is a no-op +@tab The macro was non-functional and because of the nature of the +definition of the no-well-defined date for certificates (a real date), +it will not be fixed or re-introduced. + @end multitable diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 13b642a840..e6a311aa7a 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -421,6 +421,7 @@ int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert); +/* This macro is deprecated and defunc; do not use */ #define GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION ((time_t)4294197631) time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert); diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 998062fd6d..b5de7cb7c8 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1174,12 +1174,9 @@ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert) * gnutls_x509_crt_get_expiration_time: * @cert: should contain a #gnutls_x509_crt_t type * - * This function will return the time this Certificate was or will be + * This function will return the time this certificate was or will be * expired. * - * The no well defined expiration time can be checked against with the - * %GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION macro. - * * Returns: expiration time, or (time_t)-1 on error. **/ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert) diff --git a/src/pkcs11.c b/src/pkcs11.c index 66ef6b0fe0..fe865f3f71 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -314,10 +314,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, } if (otype == GNUTLS_PKCS11_OBJ_X509_CRT && exp != -1) { - if (exp == GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION) - fprintf(outfile, "\tExpires: Never\n"); - else - fprintf(outfile, "\tExpires: %s", ctime(&exp)); + fprintf(outfile, "\tExpires: %s", ctime(&exp)); } gnutls_free(output); |