Remove X509_TRUST_set_default.
It appears to be unused. It has global effects and is not thread-safe.
Rather than try to make the double-function-pointer declaration
readable, remove it.
Change-Id: If58ecd0c9367bbb27cf8c5e27ac9997fe4c1225d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51965
Reviewed-by: Alex Gaynor <alex.gaynor@gmail.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index c95d6fc..d21548d 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -71,7 +71,6 @@
static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
static int obj_trust(int id, X509 *x, int flags);
-static int (*default_trust) (int id, X509 *x, int flags) = obj_trust;
/*
* WARNING: the following table should be kept in order of trust and without
@@ -106,14 +105,6 @@
return (*a)->trust - (*b)->trust;
}
-int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
- int) {
- int (*oldtrust) (int, X509 *, int);
- oldtrust = default_trust;
- default_trust = trust;
- return oldtrust;
-}
-
int X509_check_trust(X509 *x, int id, int flags)
{
X509_TRUST *pt;
@@ -130,7 +121,7 @@
}
idx = X509_TRUST_get_by_id(id);
if (idx == -1)
- return default_trust(id, x, flags);
+ return obj_trust(id, x, flags);
pt = X509_TRUST_get0(idx);
return pt->check_trust(pt, x, flags);
}
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index a7121ca..3633186 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -993,9 +993,6 @@
OPENSSL_EXPORT void X509_reject_clear(X509 *x);
-OPENSSL_EXPORT int (*X509_TRUST_set_default(int (*trust)(int, X509 *,
- int)))(int, X509 *,
- int);
OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);
DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
