Commit 2b8fa1d5 authored by Kurt Roeckx's avatar Kurt Roeckx
Browse files

Deprecate the use of version-specific methods 



Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>

MR: #1824
parent 885e601d

doc/ssl/SSL_CTX_new.pod

+3 −1
Original line number Diff line number Diff line
@@ -92,7 +92,7 @@ These are the general-purpose I<version-flexible> SSL/TLS methods. 
The actual protocol version used will be negotiated to the highest version

mutually supported by the client and the server.

The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.

Most applications should use these method, and avoid the version specific

Applications should use these methods, and avoid the version-specific

methods described below.



=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
@@ -196,6 +196,8 @@ SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() 
were deprecated and the preferred TLS_method(), TLS_server_method()

and TLS_client_method() functions were introduced in OpenSSL 1.1.0.



All version-specific methods were deprecated in OpenSSL 1.1.0.



=head1 SEE ALSO



L<SSL_CTX_set_options(3)>, L<SSL_CTX_free(3)>, L<SSL_accept(3)>,

include/openssl/ssl.h

+18 −18
Original line number Diff line number Diff line
@@ -1642,9 +1642,9 @@ __owur const char *SSL_get_version(const SSL *s); 
__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);



# ifndef OPENSSL_NO_SSL3_METHOD

__owur const SSL_METHOD *SSLv3_method(void); /* SSLv3 */

__owur const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */

__owur const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) /* SSLv3 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */

# endif



#define SSLv23_method           TLS_method
@@ -1657,33 +1657,33 @@ __owur const SSL_METHOD *TLS_server_method(void); 
__owur const SSL_METHOD *TLS_client_method(void);



# ifndef OPENSSL_NO_TLS1_METHOD

__owur const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */

__owur const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */

__owur const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) /* TLSv1.0 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) /* TLSv1.0 */

# endif



# ifndef OPENSSL_NO_TLS1_1_METHOD

__owur const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */

__owur const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */

__owur const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) /* TLSv1.1 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) /* TLSv1.1 */

# endif



# ifndef OPENSSL_NO_TLS1_2_METHOD

__owur const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */

__owur const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */

__owur const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) /* TLSv1.2 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) /* TLSv1.2 */

# endif



# ifndef OPENSSL_NO_DTLS1_METHOD

__owur const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */

__owur const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */

__owur const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) /* DTLSv1.0 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) /* DTLSv1.0 */

# endif



# ifndef OPENSSL_NO_DTLS1_2_METHOD

__owur const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */

__owur const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */

__owur const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) /* DTLSv1.2 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) /* DTLSv1.2 */

DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) /* DTLSv1.2 */

#endif



__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */

ssl/methods.c

+144 −37
Original line number Diff line number Diff line
@@ -122,19 +122,19 @@ static const SSL_METHOD *tls1_get_method(int ver) 
        return TLS_method();

#ifndef OPENSSL_NO_TLS1_2

    if (ver == TLS1_2_VERSION)

        return TLSv1_2_method();

        return tlsv1_2_method();

#endif

#ifndef OPENSSL_NO_TLS1_1

    if (ver == TLS1_1_VERSION)

        return TLSv1_1_method();

        return tlsv1_1_method();

#endif

#ifndef OPENSSL_NO_TLS1

    if (ver == TLS1_VERSION)

        return TLSv1_method();

        return tlsv1_method();

#endif

#ifndef OPENSSL_NO_SSL3

    if (ver == SSL3_VERSION)

        return (SSLv3_method());

        return (sslv3_method());

    else

#endif

    return NULL;
@@ -147,27 +147,27 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, 


#ifndef OPENSSL_NO_TLS1_2_METHOD

IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,

                        TLSv1_2_method,

                        tlsv1_2_method,

                        ossl_statem_accept,

                        ossl_statem_connect, tls1_get_method, TLSv1_2_enc_data)

#endif



#ifndef OPENSSL_NO_TLS1_1_METHOD

IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,

                        TLSv1_1_method,

                        tlsv1_1_method,

                        ossl_statem_accept,

                        ossl_statem_connect, tls1_get_method, TLSv1_1_enc_data)

#endif



#ifndef OPENSSL_NO_TLS1_METHOD

IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,

                        TLSv1_method,

                        tlsv1_method,

                        ossl_statem_accept,

                        ossl_statem_connect, tls1_get_method, TLSv1_enc_data)

#endif



#ifndef OPENSSL_NO_SSL3_METHOD

IMPLEMENT_ssl3_meth_func(SSLv3_method, ossl_statem_accept, ossl_statem_connect,

IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect,

                         tls1_get_method)

#endif
@@ -182,19 +182,19 @@ static const SSL_METHOD *tls1_get_server_method(int ver) 
        return TLS_server_method();

#ifndef OPENSSL_NO_TLS1_2

    if (ver == TLS1_2_VERSION)

        return TLSv1_2_server_method();

        return tlsv1_2_server_method();

#endif

#ifndef OPENSSL_NO_TLS1_1

    if (ver == TLS1_1_VERSION)

        return TLSv1_1_server_method();

        return tlsv1_1_server_method();

#endif

#ifndef OPENSSL_NO_TLS1

    if (ver == TLS1_VERSION)

        return TLSv1_server_method();

        return tlsv1_server_method();

#endif

#ifndef OPENSSL_NO_SSL3

    if (ver == SSL3_VERSION)

        return (SSLv3_server_method());

        return (sslv3_server_method());

#endif

    return NULL;

}
@@ -207,7 +207,7 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, 


#ifndef OPENSSL_NO_TLS1_2_METHOD

IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,

                        TLSv1_2_server_method,

                        tlsv1_2_server_method,

                        ossl_statem_accept,

                        ssl_undefined_function,

                        tls1_get_server_method, TLSv1_2_enc_data)
@@ -215,7 +215,7 @@ IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, 


#ifndef OPENSSL_NO_TLS1_1_METHOD

IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,

                        TLSv1_1_server_method,

                        tlsv1_1_server_method,

                        ossl_statem_accept,

                        ssl_undefined_function,

                        tls1_get_server_method, TLSv1_1_enc_data)
@@ -223,14 +223,14 @@ IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, 


#ifndef OPENSSL_NO_TLS1_METHOD

IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,

                        TLSv1_server_method,

                        tlsv1_server_method,

                        ossl_statem_accept,

                        ssl_undefined_function,

                        tls1_get_server_method, TLSv1_enc_data)

#endif



#ifndef OPENSSL_NO_SSL3_METHOD

IMPLEMENT_ssl3_meth_func(SSLv3_server_method,

IMPLEMENT_ssl3_meth_func(sslv3_server_method,

                         ossl_statem_accept,

                         ssl_undefined_function, tls1_get_server_method)

#endif
@@ -246,19 +246,19 @@ static const SSL_METHOD *tls1_get_client_method(int ver) 
        return TLS_client_method();

#ifndef OPENSSL_NO_TLS1_2

    if (ver == TLS1_2_VERSION)

        return TLSv1_2_client_method();

        return tlsv1_2_client_method();

#endif

#ifndef OPENSSL_NO_TLS1_1

    if (ver == TLS1_1_VERSION)

        return TLSv1_1_client_method();

        return tlsv1_1_client_method();

#endif

#ifndef OPENSSL_NO_TLS1

    if (ver == TLS1_VERSION)

        return TLSv1_client_method();

        return tlsv1_client_method();

#endif

#ifndef OPENSSL_NO_SSL3

    if (ver == SSL3_VERSION)

        return (SSLv3_client_method());

        return (sslv3_client_method());

#endif

    return NULL;

}
@@ -271,7 +271,7 @@ IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0, 


#ifndef OPENSSL_NO_TLS1_2_METHOD

IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,

                        TLSv1_2_client_method,

                        tlsv1_2_client_method,

                        ssl_undefined_function,

                        ossl_statem_connect,

                        tls1_get_client_method, TLSv1_2_enc_data)
@@ -279,7 +279,7 @@ IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, 


#ifndef OPENSSL_NO_TLS1_1_METHOD

IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,

                        TLSv1_1_client_method,

                        tlsv1_1_client_method,

                        ssl_undefined_function,

                        ossl_statem_connect,

                        tls1_get_client_method, TLSv1_1_enc_data)
@@ -287,14 +287,14 @@ IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1, 


#ifndef OPENSSL_NO_TLS1_METHOD

IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,

                        TLSv1_client_method,

                        tlsv1_client_method,

                        ssl_undefined_function,

                        ossl_statem_connect,

                        tls1_get_client_method, TLSv1_enc_data)

#endif



#ifndef OPENSSL_NO_SSL3_METHOD

IMPLEMENT_ssl3_meth_func(SSLv3_client_method,

IMPLEMENT_ssl3_meth_func(sslv3_client_method,

                         ssl_undefined_function,

                         ossl_statem_connect, tls1_get_client_method)

#endif
@@ -309,11 +309,11 @@ static const SSL_METHOD *dtls1_get_method(int ver) 
        return DTLS_method();

#ifndef OPENSSL_NO_DTLS1

    else if (ver == DTLS1_VERSION)

        return DTLSv1_method();

        return dtlsv1_method();

#endif

#ifndef OPENSSL_NO_DTLS1_2

    else if (ver == DTLS1_2_VERSION)

        return DTLSv1_2_method();

        return dtlsv1_2_method();

#endif

    else

        return NULL;
@@ -321,7 +321,7 @@ static const SSL_METHOD *dtls1_get_method(int ver) 


#ifndef OPENSSL_NO_DTLS1_METHOD

IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,

                          DTLSv1_method,

                          dtlsv1_method,

                          ossl_statem_accept,

                          ossl_statem_connect,

                          dtls1_get_method, DTLSv1_enc_data)
@@ -329,7 +329,7 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, 


#ifndef OPENSSL_NO_DTLS1_2_METHOD

IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,

                          DTLSv1_2_method,

                          dtlsv1_2_method,

                          ossl_statem_accept,

                          ossl_statem_connect,

                          dtls1_get_method, DTLSv1_2_enc_data)
@@ -351,11 +351,11 @@ static const SSL_METHOD *dtls1_get_server_method(int ver) 
        return DTLS_server_method();

#ifndef OPENSSL_NO_DTLS1

    else if (ver == DTLS1_VERSION)

        return DTLSv1_server_method();

        return dtlsv1_server_method();

#endif

#ifndef OPENSSL_NO_DTLS1_2

    else if (ver == DTLS1_2_VERSION)

        return DTLSv1_2_server_method();

        return dtlsv1_2_server_method();

#endif

    else

        return NULL;
@@ -363,7 +363,7 @@ static const SSL_METHOD *dtls1_get_server_method(int ver) 


#ifndef OPENSSL_NO_DTLS1_METHOD

IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,

                          DTLSv1_server_method,

                          dtlsv1_server_method,

                          ossl_statem_accept,

                          ssl_undefined_function,

                          dtls1_get_server_method, DTLSv1_enc_data)
@@ -371,7 +371,7 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, 


#ifndef OPENSSL_NO_DTLS1_2_METHOD

IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,

                          DTLSv1_2_server_method,

                          dtlsv1_2_server_method,

                          ossl_statem_accept,

                          ssl_undefined_function,

                          dtls1_get_server_method, DTLSv1_2_enc_data)
@@ -394,11 +394,11 @@ static const SSL_METHOD *dtls1_get_client_method(int ver) 
        return DTLS_client_method();

#ifndef OPENSSL_NO_DTLS1

    else if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)

        return DTLSv1_client_method();

        return dtlsv1_client_method();

#endif

#ifndef OPENSSL_NO_DTLS1_2

    else if (ver == DTLS1_2_VERSION)

        return DTLSv1_2_client_method();

        return dtlsv1_2_client_method();

#endif

    else

        return NULL;
@@ -406,7 +406,7 @@ static const SSL_METHOD *dtls1_get_client_method(int ver) 


#ifndef OPENSSL_NO_DTLS1_METHOD

IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,

                          DTLSv1_client_method,

                          dtlsv1_client_method,

                          ssl_undefined_function,

                          ossl_statem_connect,

                          dtls1_get_client_method, DTLSv1_enc_data)
@@ -414,7 +414,7 @@ IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1, 


#ifndef OPENSSL_NO_DTLS1_2_METHOD

IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,

                          DTLSv1_2_client_method,

                          dtlsv1_2_client_method,

                          ssl_undefined_function,

                          ossl_statem_connect,

                          dtls1_get_client_method, DTLSv1_2_enc_data)
@@ -425,3 +425,110 @@ IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0, 
                          ssl_undefined_function,

                          ossl_statem_connect,

                          dtls1_get_client_method, DTLSv1_2_enc_data)



#if OPENSSL_API_COMPAT < 0x10100000L



# ifndef OPENSSL_NO_TLS1_2_METHOD

const SSL_METHOD *TLSv1_2_method(void)

{

    return tlsv1_2_method();

}



const SSL_METHOD *TLSv1_2_server_method(void)

{

    return tlsv1_2_server_method();

}



const SSL_METHOD *TLSv1_2_client_method(void)

{

    return tlsv1_2_client_method();

}

# endif



# ifndef OPENSSL_NO_TLS1_1_METHOD

const SSL_METHOD *TLSv1_1_method(void)

{

    return tlsv1_1_method();

}



const SSL_METHOD *TLSv1_1_server_method(void)

{

    return tlsv1_1_server_method();

}



const SSL_METHOD *TLSv1_1_client_method(void)

{

    return tlsv1_1_client_method();

}

# endif



# ifndef OPENSSL_NO_TLS1_METHOD

const SSL_METHOD *TLSv1_method(void)

{

    return tlsv1_method();

}



const SSL_METHOD *TLSv1_server_method(void)

{

    return tlsv1_server_method();

}



const SSL_METHOD *TLSv1_client_method(void)

{

    return tlsv1_client_method();

}

# endif



# ifndef OPENSSL_NO_SSL3_METHOD

const SSL_METHOD *SSLv3_method(void)

{

    return sslv3_method();

}



const SSL_METHOD *SSLv3_server_method(void)

{

    return sslv3_server_method();

}



const SSL_METHOD *SSLv3_client_method(void)

{

    return sslv3_client_method();

}

# endif



# ifndef OPENSSL_NO_DTLS1_2_METHOD

const SSL_METHOD *DTLSv1_2_method(void)

{

    return dtlsv1_2_method();

}



const SSL_METHOD *DTLSv1_2_server_method(void)

{

    return dtlsv1_2_server_method();

}



const SSL_METHOD *DTLSv1_2_client_method(void)

{

    return dtlsv1_2_client_method();

}

# endif



# ifndef OPENSSL_NO_DTLS1_METHOD

const SSL_METHOD *DTLSv1_method(void)

{

    return dtlsv1_method();

}



const SSL_METHOD *DTLSv1_server_method(void)

{

    return dtlsv1_server_method();

}



const SSL_METHOD *DTLSv1_client_method(void)

{

    return dtlsv1_client_method();

}

# endif



#endif

ssl/ssl_lib.c

+1 −1
Original line number Diff line number Diff line
@@ -3054,7 +3054,7 @@ int ssl_undefined_const_function(const SSL *s) 
    return (0);

}



SSL_METHOD *ssl_bad_method(int ver)

const SSL_METHOD *ssl_bad_method(int ver)

{

    SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);

    return (NULL);

ssl/ssl_locl.h

+19 −1
Original line number Diff line number Diff line
@@ -1734,7 +1734,25 @@ typedef struct ssl3_comp_st { 


extern SSL3_ENC_METHOD ssl3_undef_enc_method;



SSL_METHOD *ssl_bad_method(int ver);

__owur const SSL_METHOD *ssl_bad_method(int ver);

__owur const SSL_METHOD *sslv3_method(void);

__owur const SSL_METHOD *sslv3_server_method(void);

__owur const SSL_METHOD *sslv3_client_method(void);

__owur const SSL_METHOD *tlsv1_method(void);

__owur const SSL_METHOD *tlsv1_server_method(void);

__owur const SSL_METHOD *tlsv1_client_method(void);

__owur const SSL_METHOD *tlsv1_1_method(void);

__owur const SSL_METHOD *tlsv1_1_server_method(void);

__owur const SSL_METHOD *tlsv1_1_client_method(void);

__owur const SSL_METHOD *tlsv1_2_method(void);

__owur const SSL_METHOD *tlsv1_2_server_method(void);

__owur const SSL_METHOD *tlsv1_2_client_method(void);

__owur const SSL_METHOD *dtlsv1_method(void);

__owur const SSL_METHOD *dtlsv1_server_method(void);

__owur const SSL_METHOD *dtlsv1_client_method(void);

__owur const SSL_METHOD *dtlsv1_2_method(void);

__owur const SSL_METHOD *dtlsv1_2_server_method(void);

__owur const SSL_METHOD *dtlsv1_2_client_method(void);



extern const SSL3_ENC_METHOD TLSv1_enc_data;

extern const SSL3_ENC_METHOD TLSv1_1_enc_data;