From: Nikos Mavrogiannopoulos Date: Fri, 21 Dec 2018 06:58:24 +0000 (+0100) Subject: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecated X-Git-Tag: gnutls_3_6_6~43^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e10dcc2acdc366d2e3841a2f171be5c20f9b9cfb;p=thirdparty%2Fgnutls.git GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecated This removes the documented use of this macro. It was non-functional. Given the nature of the definition of the non-well defined date for certificates, it may be wise not to use a special macro at all. The reason is that the no-well defined date is a real date (~year 9999), and any approximation with seconds will be unstable due to irregular leap seconds. Signed-off-by: Nikos Mavrogiannopoulos --- diff --git a/NEWS b/NEWS index 4cab2d1e72..ea0752831c 100644 --- a/NEWS +++ b/NEWS @@ -12,9 +12,13 @@ See the end for copying conditions. types via the priority strings. The raw public-key mechanism must be explicitly enabled via the GNUTLS_ENABLE_RAWPK init flag. +** GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. The previous + definition was buggy and non-functional. + ** API and ABI modifications: GNUTLS_ENABLE_RAWPK: Added GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK) +GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated * Version 3.6.5 (released 2018-12-01) diff --git a/doc/cha-upgrade.texi b/doc/cha-upgrade.texi index 28c9249a7d..286790de5b 100644 --- a/doc/cha-upgrade.texi +++ b/doc/cha-upgrade.texi @@ -258,4 +258,9 @@ before calling this function to avoid delays. @item Supplemental data is not supported under TLS 1.3 @tab The TLS supplemental data handshake message (RFC 4680) is not supported under TLS 1.3, so if the application calls @funcref{gnutls_supplemental_register} or @funcref{gnutls_session_supplemental_register}, TLS 1.3 is disabled. +@item The GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION macro is a no-op +@tab The macro was non-functional and because of the nature of the +definition of the no-well-defined date for certificates (a real date), +it will not be fixed or re-introduced. + @end multitable diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 13b642a840..e6a311aa7a 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -421,6 +421,7 @@ int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert); +/* This macro is deprecated and defunc; do not use */ #define GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION ((time_t)4294197631) time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert); diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 998062fd6d..b5de7cb7c8 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1174,12 +1174,9 @@ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert) * gnutls_x509_crt_get_expiration_time: * @cert: should contain a #gnutls_x509_crt_t type * - * This function will return the time this Certificate was or will be + * This function will return the time this certificate was or will be * expired. * - * The no well defined expiration time can be checked against with the - * %GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION macro. - * * Returns: expiration time, or (time_t)-1 on error. **/ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert) diff --git a/src/pkcs11.c b/src/pkcs11.c index 66ef6b0fe0..fe865f3f71 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -314,10 +314,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, } if (otype == GNUTLS_PKCS11_OBJ_X509_CRT && exp != -1) { - if (exp == GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION) - fprintf(outfile, "\tExpires: Never\n"); - else - fprintf(outfile, "\tExpires: %s", ctime(&exp)); + fprintf(outfile, "\tExpires: %s", ctime(&exp)); } gnutls_free(output);