Remove the CTX versions of the UseTrustedCA functions. A session needs

to be able to set a flag in the extension and that isn't allowed in the CTX extensions.
2026-02-03 23:15:06 +01:00 · 2018-10-01 13:57:01 -07:00
parent cb57a5f3ed
commit 2342ea15eb
3 changed files with 0 additions and 27 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1971,16 +1971,6 @@ WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, byte type,
    return TLSX_UseTrustedCA(&ssl->extensions, type, cert, certSz, ssl->heap);
 }

-
-WOLFSSL_API int wolfSSL_CTX_UseTrustedCA(WOLFSSL_CTX* ctx, byte type,
-            const byte* cert, word32 certSz)
-{
-    if (ctx == NULL)
-        return BAD_FUNC_ARG;
-
-    return TLSX_UseTrustedCA(&ctx->extensions, type, cert, certSz, ctx->heap);
-}
-
 #endif /* HAVE_TRUSTED_CA */


--- a/tests/api.c
+++ b/tests/api.c
@@ -3037,36 +3037,21 @@ static void test_wolfSSL_UseTrustedCA(void)
    XMEMSET(id, 0, sizeof(id));

    /* error cases */
-    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTrustedCA(NULL, 0, NULL, 0));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0));
-    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTrustedCA(ctx,
-                WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0));
-    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTrustedCA(ctx,
-                WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0));
-    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTrustedCA(ctx,
-                WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5));
-    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTrustedCA(ctx,
-                WOLFSSL_TRUSTED_CA_X509_NAME, id, 0));
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_X509_NAME, id, 0));

    /* success cases */
-    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTrustedCA(ctx,
-                WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0));
-    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTrustedCA(ctx,
-                WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
-    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTrustedCA(ctx,
-                WOLFSSL_TRUSTED_CA_X509_NAME, id, 5));
    AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
                WOLFSSL_TRUSTED_CA_X509_NAME, id, 5));

--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -2261,8 +2261,6 @@ enum {

 WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, unsigned char type,
            const unsigned char* cert, unsigned int certSz);
-WOLFSSL_API int wolfSSL_CTX_UseTrustedCA(WOLFSSL_CTX* ctx, unsigned char type,
-            const unsigned char* cert, unsigned int certSz);
 #endif /* HAVE_TRUSTED_CA */

 /* Application-Layer Protocol Negotiation */