CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2024/01/06 10:17:08
Modified files: lib/libcrypto/x509: x509_purp.c Log message: Remove X509_PURPOSE extensibility Another bit of global state without lock protection. The by now familiar complications of a stack to make this user configurable, which, of course, no one ever did. The table is not currently const, and the API exposes its entries directly, so anyone can modify it. This fits very well with the safety guarantees of Rust's 'static lifetime, which is how rust-openssl exposes it (for no good reason). Remove the stack and make the X509_PURPOSE_add() API always fail. Simplify the other bits accordingly. In addition, this API inflicts the charming difference between purpose identifiers and purpose indexes (the former minus one) onto the user. Neither of the two obvious solutions to avoid this trap seems to have crossed the implementer's mind. ok jsing