New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl_sess.c: deprecate SSL_SESSION_get_time/SSL_SESSION_set_time #24307
base: master
Are you sure you want to change the base?
Conversation
Signed CLA sent by email as specified in https://www.openssl.org/policies/cla.html |
7a3b572
to
992fb43
Compare
CLA issue fixed, please re-trigger the CI. |
This is strange. The CI failure is relevant but I do not see what is causing it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably this should have an entry in CHANGES.md. We should also update the documentation to show that these are deprecated (in the same style as we have done other deprecations in the docs)
Ah, this is most probably caused by using the OSSL_DEPRECATEDIN...FOR() macro instead of just OSSL_DEPRECATED_IN_... macro. The parser updating the .num files would have to be changed. Please use just OSSL_DEPRECATED_IN_.... |
But that doesn't include a message advising what to use instead. You ok with that? |
Ah, yeah
We should really do that |
I'm also baffled by the other fail as the lines don't match to where I think the problem is:
The culprit I believe is:
I guess SSL_CTX_flush_sessions_ex is needed as well, taking time_t? |
That's github playing tricks on you. When the CI runs it automatically merges your PR against the latest master and tests the resulting code. Most likely there have been changes in sslapitest.c on master since you opened this PR which have shifted the line numbers. The problem is definitely the 3 |
So should SSL_CTX_flush_sessions_ex() introduction be a separate PR or can I bundle that here? |
IMO you can bundle it here (in a separate commit for clarity). |
This seems to fix it. @kanavin - do you want to incorporate that into this PR? diff --git a/util/perl/OpenSSL/ParseC.pm b/util/perl/OpenSSL/ParseC.pm
index 661bd11818..f7f8a5827e 100644
--- a/util/perl/OpenSSL/ParseC.pm
+++ b/util/perl/OpenSSL/ParseC.pm
@@ -266,9 +266,15 @@ my @opensslchandlers = (
{ regexp => qr/OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?\s+(.*)/,
massager => sub { return $1; },
},
+ { regexp => qr/OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?_FOR<<<.*>>>(.*)/,
+ massager => sub { return $1; },
+ },
{ regexp => qr/(.*?)\s+OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?\s+(.*)/,
massager => sub { return "$1 $2"; },
},
+ { regexp => qr/(.*?)\s+OSSL_DEPRECATEDIN_\d+_\d+(?:_\d+)?_FOR<<<.*>>>(.*)/,
+ massager => sub { return "$1 $2"; },
+ },
#####
# Core stuff |
Yes, of course. Thanks! |
Suggested by Matt Caswell. Signed-off-by: Alexander Kanavin <[email protected]>
Signed-off-by: Alexander Kanavin <[email protected]>
Alright, I hopefully have addressed both CI fails and review comments. |
OTC: Do we want to deprecate SSL_SESSION_get_time()/SSL_SESSION_set_time()/SSL_CTX_flush_sessions() in 3.4 or at some later point? |
…cement The original function is using long for time and is therefore not Y2038-safe. Signed-off-by: Alexander Kanavin <[email protected]>
Adjust the manpages at the same time so that only the new functions are being presented. Fixes: openssl#23648 Signed-off-by: Alexander Kanavin <[email protected]>
Signed-off-by: Alexander Kanavin <[email protected]>
Fixes: #23648