From 7a2aba8d810330949a38c861e1cbc59aac4c8db7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Mar 2014 16:37:27 +0100 Subject: [PATCH] Deprecate some non-PK compatibility functions (Should have been deprecated in 1.3.0 already.) --- ChangeLog | 5 +++-- include/polarssl/ssl.h | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5beeb3532..8fb91cdf9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,7 @@ Changes that prevented bignum.c from compiling. (Reported by Rafael Baptista.) * Revamped the compat.sh interoperatibility script to include support for testing against GnuTLS + * Deprecated ssl_set_own_cert_rsa() and ssl_set_own_cert_rsa_alt() Security * Forbid change of server certificate during renegotiation to prevent @@ -29,12 +30,12 @@ Security attack was already impossible when authentication is required). * Check notBefore timestamp of certificates and CRLs from the future. * Forbid sequence number wrapping - * Fix possible buffer overflow with overlong PSK + * Fixed possible buffer overflow with overlong PSK Bugfix * ecp_gen_keypair() does more tries to prevent failure because of statistics - * Fix bug in RSA PKCS#1 v1.5 "reversed" operations + * Fixed bug in RSA PKCS#1 v1.5 "reversed" operations * Fixed testing with out-of-source builds using cmake * Fixed version-major intolerance in server * Fixed CMake symlinking on out-of-source builds diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 2e33ffd5a..c1aff67b5 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -1059,6 +1059,9 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert, * up your certificate chain. The top certificate (self-signed) * can be omitted. * + * \warning This backwards-compatibility function is deprecated! + * Please use \c ssl_set_own_cert() instead. + * * \param ssl SSL context * \param own_cert own public certificate chain * \param rsa_key own private RSA key @@ -1081,6 +1084,10 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert, * up your certificate chain. The top certificate (self-signed) * can be omitted. * + * \warning This backwards-compatibility function is deprecated! + * Please use \c pk_init_ctx_rsa_alt() + * and \c ssl_set_own_cert() instead. + * * \param ssl SSL context * \param own_cert own public certificate chain * \param rsa_key alternate implementation private RSA key