)]}'
{
  "commit": "396f2ef0855fee63cd7fd2f60fc77b0a447b1dc7",
  "tree": "8e07780ce40bc8dc7683e9dd6dceabcb212687af",
  "parents": [
    "85e2f2c655a13e29988df777ed680ddf0969434d"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Sat Dec 02 09:21:37 2023 -0500"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Wed Dec 06 21:21:21 2023 +0000"
  },
  "message": "Remove dynamic X509_TRUST and X509_PURPOSE registration\n\nThis is not thread-safe. Even if made thread-safe, it involves\nregistering globals, so it\u0027s just not a good API.\n\nNote this means that there is no longer a way to configure custom trust\nOIDs or purpose checks. Evidently no one was doing that. Should a use\ncase arise, I don\u0027t think it should be met by this API. The things one\nmight want to configure here are:\n\n- Which OID to match against X509_add1_trust_object and\n  X509_add1_reject_object\n\n- Whether self-signed certificates, if no trust objects are configured,\n  also count as trust anchors\n\n- Which EKU OID to look for up the chain\n\n- Which legacy Netscape certificate type to look for (can we remove\n  this?)\n\n- Which key usage bits to look for in the leaf\n\nWe can simply add APIs for specifying those if we need them.\n\nInterestingly, there\u0027s a call to check_ca inside the purpose checks\n(which gets skipped if you don\u0027t configure a purpose!), but I think it\nmay be redundant with the X509_check_ca call in the path verifier.\n\nChange-Id: If71ee3d0768b5fc71422852b4fcf7eb23e937dd2\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64507\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "de1e8befe36e7a0527e5487cd3e9573d053cd127",
      "old_mode": 33188,
      "old_path": "crypto/x509/v3_purp.c",
      "new_id": "9db45ba684a0e7e4d41968778143279185d58ca2",
      "new_mode": 33188,
      "new_path": "crypto/x509/v3_purp.c"
    },
    {
      "type": "modify",
      "old_id": "53819b3eab789bc9a79c6fe08fc5bc73249f52df",
      "old_mode": 33188,
      "old_path": "crypto/x509/x509_trs.c",
      "new_id": "ce4194b542f0b4abc6fd513e97faf339802fb077",
      "new_mode": 33188,
      "new_path": "crypto/x509/x509_trs.c"
    },
    {
      "type": "modify",
      "old_id": "aa219b1a30ebabf28ebaa0250f00ac1e9149bc6c",
      "old_mode": 33188,
      "old_path": "include/openssl/x509.h",
      "new_id": "b7352afa6d0865e40dce3724e75f5c25ac4ccdc4",
      "new_mode": 33188,
      "new_path": "include/openssl/x509.h"
    }
  ]
}