Deprecate some non-PK compatibility functions

(Should have been deprecated in 1.3.0 already.)

Deprecate some non-PK compatibility functions
(Should have been deprecated in 1.3.0 already.)
7a2aba8d · Manuel Pégourié-Gonnard · Paul Bakker · b2bf5a1b · 7a2aba8d · 7a2aba8d
Commit 7a2aba8d authored Mar 25, 2014 by Manuel Pégourié-Gonnard Committed by Paul Bakker Mar 26, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 2 deletions

ChangeLog ChangeLog +3 -2

include/polarssl/ssl.h include/polarssl/ssl.h +7 -0

No files found.
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,7 @@ Changes
     that prevented bignum.c from compiling. (Reported by Rafael Baptista.)
   * Revamped the compat.sh interoperatibility script to include support for
     testing against GnuTLS
+   * Deprecated ssl_set_own_cert_rsa() and ssl_set_own_cert_rsa_alt()

 Security
   * Forbid change of server certificate during renegotiation to prevent
@@ -29,12 +30,12 @@ Security
     attack was already impossible when authentication is required).
   * Check notBefore timestamp of certificates and CRLs from the future.
   * Forbid sequence number wrapping
-   * Fix possible buffer overflow with overlong PSK
+   * Fixed possible buffer overflow with overlong PSK

 Bugfix
   * ecp_gen_keypair() does more tries to prevent failure because of
     statistics
-   * Fix bug in RSA PKCS#1 v1.5 "reversed" operations
+   * Fixed bug in RSA PKCS#1 v1.5 "reversed" operations
   * Fixed testing with out-of-source builds using cmake
   * Fixed version-major intolerance in server
   * Fixed CMake symlinking on out-of-source builds

--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -1059,6 +1059,9 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
 *                 up your certificate chain. The top certificate (self-signed)
 *                 can be omitted.
 *
+ * \warning        This backwards-compatibility function is deprecated!
+ *                 Please use \c ssl_set_own_cert() instead.
+ *
 * \param ssl      SSL context
 * \param own_cert own public certificate chain
 * \param rsa_key  own private RSA key
@@ -1081,6 +1084,10 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
 *                 up your certificate chain. The top certificate (self-signed)
 *                 can be omitted.
 *
+ * \warning        This backwards-compatibility function is deprecated!
+ *                 Please use \c pk_init_ctx_rsa_alt()
+ *                 and \c ssl_set_own_cert() instead.
+ *
 * \param ssl      SSL context
 * \param own_cert own public certificate chain
 * \param rsa_key  alternate implementation private RSA key