Unexport some STACK_OF types.
STACK_OF(GENERAL_NAMES) is STACK_OF(STACK_OF(GENERAL_NAMES)). Nothing
uses this. It appears to be a remnant of CMS and indirect CRL support.
May as well trim the header slightly.
STACK_OF(X509_VERIFY_PARAM) is a remnant of (non-thread-safe) global
registration of X509_VERIFY_PARAMs.
STACK_OF(X509_LOOKUP) is only used internally.
May as well prune them from the header so the file expands to be a bit
less code.
Update-Note: A few obscure STACK_OF(T) types are unexported. This is not
expected to impact anyone.
Change-Id: I03757c8522531132a31270b6dab055966b6e9070
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64527
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index efb9037..9e943e0 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -318,6 +318,8 @@
X509_OBJECT *ret);
} /* X509_LOOKUP_METHOD */;
+DEFINE_STACK_OF(X509_LOOKUP)
+
// This is used to hold everything. It is used for all certificate
// validation. Once we have a certificate chain, the 'verify'
// function is then called to actually check the cert chain.
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 12b38c8..1fa89fd 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -3143,8 +3143,6 @@
#define X509_TRUST_REJECTED 2
#define X509_TRUST_UNTRUSTED 3
-DECLARE_STACK_OF(GENERAL_NAMES)
-
// X509_verify_cert_error_string returns |err| as a human-readable string, where
// |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
// a default description.
@@ -3206,9 +3204,7 @@
#define X509_LU_CRL 2
#define X509_LU_PKEY 3
-DEFINE_STACK_OF(X509_LOOKUP)
DEFINE_STACK_OF(X509_OBJECT)
-DEFINE_STACK_OF(X509_VERIFY_PARAM)
typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx,
@@ -3828,8 +3824,6 @@
} d;
} /* GENERAL_NAME */;
-DEFINE_STACK_OF(GENERAL_NAMES)
-
typedef struct ACCESS_DESCRIPTION_st {
ASN1_OBJECT *method;
GENERAL_NAME *location;