Unexport X509_VERIFY_PARAM_lookup
This is used to implement X509_STORE_CTX_set_default and some very messy
"default" parameter, which has its own awkward quirks (see
https://boringssl-review.googlesource.com/c/boringssl/+/64253/).
We can't avoid X509_STORE_CTX_set_default, but if we resolve the mess
around "default", then all the defined parameters will just be purpose
and trust tuples. If we get to that point, we probably don't need to
define actual X509_VERIFY_PARAM objects and can just store the purpose
and trust values. But we can only do that if this function is gone.
Update-Note: Removed unused function.
Change-Id: I118f4a1ebff99f919d0f6ee63175633fe945822b
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64487
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index 842d076..14d7e37 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -564,6 +564,10 @@
OPENSSL_EXPORT int GENERAL_NAME_cmp(const GENERAL_NAME *a,
const GENERAL_NAME *b);
+// X509_VERIFY_PARAM_lookup returns a pre-defined |X509_VERIFY_PARAM| named by
+// |name|, or NULL if no such name is defined.
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
+
#if defined(__cplusplus)
} // extern C
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index cdb7b04..29b68b2 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -3429,11 +3429,6 @@
OPENSSL_EXPORT int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
-// X509_VERIFY_PARAM_lookup returns a pre-defined |X509_VERIFY_PARAM| named by
-// |name|, or NULL if no such name is defined.
-OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(
- const char *name);
-
// Forward reference
struct v3_ext_method;
struct v3_ext_ctx;
