Why was X509V3_EXT_cleanup() removed?
orbea opened this issue · 4 comments
orbea commented
OS: Gentoo
libressl: 3.9.1
libimobiledevice: 1.3.0
When building libimobiledevice with LibreSSL it fails with an implicit declaration for X509V3_EXT_cleanup()
which appears available in LibreSSL 3.8 or older, but not in 3.9. However the ChangeLog doesn't mention it at all, why was it removed?
Should libimobiledevice be using it at all?
A simple workaround seems to be:
--- a/common/userpref.c
+++ b/common/userpref.c
@@ -627,7 +627,9 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
}
}
+#ifndef LIBRESSL_VERSION_NUMBER
X509V3_EXT_cleanup();
+#endif
X509_free(dev_cert);
EVP_PKEY_free(pubkey);
botovq commented
On Tue, Apr 23, 2024 at 07:50:11AM -0700, orbea wrote:
OS: `Gentoo`
libressl: `3.9.1`
libimobiledevice: `1.3.0`
When building libimobiledevice with LibreSSL it fails with an implicit declaration for `X509V3_EXT_cleanup()` which appears available in LibreSSL 3.8 or older, but not in 3.9. However the ChangeLog doesn't mention it at all, why was it removed?
It was removed because it was part of a dangerous, incomplete and mostly
useless API:
openbsd/src@c984dda
It is mentioned in the changelog, but not explicitly:
"The thread unsafe global tables are no longer supported. It is no longer
possible to add [...] custom [...] X.509 extensions."
Should libimobiledevice be using it at all?
I don't think so. It cleans up the stack containing custom extensions
which libimobiledevice doesn't use, it's only needed after calls to
X509V3_EXT_add{,_list,_alias}().
orbea commented
Thanks for helpful replies! I will try submitting a patch to upstream libimobiledevice soon.
orbea commented
I made a PR for libimobiledevice. libimobiledevice/libimobiledevice#1561
botovq commented
Thank you!