remove some deprecated methods

Author: zh-jq

openssl/Cargo.toml

@@ -9,13 +9,7 @@ keywords = ["crypto", "tls", "ssl", "dtls"]
 categories = ["cryptography", "api-bindings"]
 edition = "2021"
 
-# these are deprecated and don't do anything anymore
 [features]
-v101 = []
-v102 = []
-v110 = []
-v111 = []
-
 vendored = ['ffi/vendored']
 tongsuo = ['ffi/tongsuo']
 bindgen = ['ffi/bindgen']

openssl/src/ssl/mod.rs

@@ -1047,27 +1047,6 @@ impl SslContextBuilder {
         unsafe { cvt(ffi::SSL_CTX_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) }
     }
 
-    /// Sets the callback which will generate parameters to be used during ephemeral elliptic curve
-    /// Diffie-Hellman key exchange.
-    ///
-    /// The callback is provided with a reference to the `Ssl` for the session, as well as a boolean
-    /// indicating if the selected cipher is export-grade, and the key length. The export and key
-    /// length options are archaic and should be ignored in almost all cases.
-    ///
-    /// Requires OpenSSL 1.0.1 or 1.0.2.
-    #[corresponds(SSL_CTX_set_tmp_ecdh_callback)]
-    #[cfg(all(ossl101, not(ossl110)))]
-    #[deprecated(note = "this function leaks memory and does not exist on newer OpenSSL versions")]
-    pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
-    where
-        F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
-    {
-        unsafe {
-            self.set_ex_data(SslContext::cached_ex_index::<F>(), callback);
-            ffi::SSL_CTX_set_tmp_ecdh_callback(self.as_ptr(), Some(raw_tmp_ecdh::<F>));
-        }
-    }
-
     /// Use the default locations of trusted certificates for verification.
     ///
     /// These locations are read from the `SSL_CERT_FILE` and `SSL_CERT_DIR` environment variables
@@ -1766,18 +1745,6 @@ impl SslContextBuilder {
         }
     }
 
-    #[deprecated(since = "0.10.10", note = "renamed to `set_psk_client_callback`")]
-    #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
-    pub fn set_psk_callback<F>(&mut self, callback: F)
-    where
-        F: Fn(&mut SslRef, Option<&[u8]>, &mut [u8], &mut [u8]) -> Result<usize, ErrorStack>
-            + 'static
-            + Sync
-            + Send,
-    {
-        self.set_psk_client_callback(callback)
-    }
-
     /// Sets the callback for providing an identity and pre-shared key for a TLS-PSK server.
     ///
     /// The callback will be called with the SSL context, an identity provided by the client,
@@ -2946,23 +2913,6 @@ impl SslRef {
         unsafe { cvt(ffi::SSL_set_tmp_ecdh(self.as_ptr(), key.as_ptr()) as c_int).map(|_| ()) }
     }
 
-    /// Like [`SslContextBuilder::set_tmp_ecdh_callback`].
-    ///
-    /// Requires OpenSSL 1.0.1 or 1.0.2.
-    #[corresponds(SSL_set_tmp_ecdh_callback)]
-    #[cfg(all(ossl101, not(ossl110)))]
-    #[deprecated(note = "this function leaks memory and does not exist on newer OpenSSL versions")]
-    pub fn set_tmp_ecdh_callback<F>(&mut self, callback: F)
-    where
-        F: Fn(&mut SslRef, bool, u32) -> Result<EcKey<Params>, ErrorStack> + 'static + Sync + Send,
-    {
-        unsafe {
-            // this needs to be in an Arc since the callback can register a new callback!
-            self.set_ex_data(Ssl::cached_ex_index(), Arc::new(callback));
-            ffi::SSL_set_tmp_ecdh_callback(self.as_ptr(), Some(raw_tmp_ecdh_ssl::<F>));
-        }
-    }
-
     /// Like [`SslContextBuilder::set_ecdh_auto`].
     ///
     /// Requires OpenSSL 1.0.2 or LibreSSL.
@@ -3098,11 +3048,6 @@ impl SslRef {
         }
     }
 
-    #[deprecated(since = "0.10.5", note = "renamed to `version_str`")]
-    pub fn version(&self) -> &str {
-        self.version_str()
-    }
-
     /// Returns the protocol version of the session.
     #[corresponds(SSL_version)]
     pub fn version2(&self) -> Option<SslVersion> {
@@ -4276,22 +4221,6 @@ impl<S: Read + Write> SslStream<S> {
         })
     }
 
-    /// Constructs an `SslStream` from a pointer to the underlying OpenSSL `SSL` struct.
-    ///
-    /// This is useful if the handshake has already been completed elsewhere.
-    ///
-    /// # Safety
-    ///
-    /// The caller must ensure the pointer is valid.
-    #[deprecated(
-        since = "0.10.32",
-        note = "use Ssl::from_ptr and SslStream::new instead"
-    )]
-    pub unsafe fn from_raw_parts(ssl: *mut ffi::SSL, stream: S) -> Self {
-        let ssl = Ssl::from_ptr(ssl);
-        Self::new(ssl, stream).unwrap()
-    }
-
     /// Read application data transmitted by a client before handshake completion.
     ///
     /// Useful for reducing latency, but vulnerable to replay attacks. Call
@@ -4902,21 +4831,6 @@ impl<S> SslStreamBuilder<S> {
     pub fn ssl_mut(&mut self) -> &mut SslRef {
         &mut self.inner.ssl
     }
-
-    /// Set the DTLS MTU size.
-    ///
-    /// It will be ignored if the value is smaller than the minimum packet size
-    /// the DTLS protocol requires.
-    ///
-    /// # Panics
-    /// This function panics if the given mtu size can't be represented in a positive `c_long` range
-    #[deprecated(note = "Use SslRef::set_mtu instead", since = "0.10.30")]
-    pub fn set_dtls_mtu_size(&mut self, mtu_size: usize) {
-        unsafe {
-            let bio = self.inner.ssl.get_raw_rbio();
-            bio::set_dtls_mtu_size::<S>(bio, mtu_size);
-        }
-    }
 }
 
 /// The result of a shutdown request.

openssl/src/ssl/test/mod.rs

@@ -981,30 +981,6 @@ fn tmp_dh_callback() {
     assert!(CALLED_BACK.load(Ordering::SeqCst));
 }
 
-#[test]
-#[cfg(all(ossl101, not(ossl110)))]
-#[allow(deprecated)]
-fn tmp_ecdh_callback() {
-    use crate::ec::EcKey;
-    use crate::nid::Nid;
-
-    static CALLED_BACK: AtomicBool = AtomicBool::new(false);
-
-    let mut server = Server::builder();
-    server.ctx().set_tmp_ecdh_callback(|_, _, _| {
-        CALLED_BACK.store(true, Ordering::SeqCst);
-        EcKey::from_curve_name(Nid::X9_62_PRIME256V1)
-    });
-
-    let server = server.build();
-
-    let mut client = server.client();
-    client.ctx().set_cipher_list("ECDH").unwrap();
-    client.connect();
-
-    assert!(CALLED_BACK.load(Ordering::SeqCst));
-}
-
 #[test]
 #[cfg_attr(any(all(libressl321, not(libressl340)), boringssl), ignore)]
 fn tmp_dh_callback_ssl() {
@@ -1031,32 +1007,6 @@ fn tmp_dh_callback_ssl() {
     assert!(CALLED_BACK.load(Ordering::SeqCst));
 }
 
-#[test]
-#[cfg(all(ossl101, not(ossl110)))]
-#[allow(deprecated)]
-fn tmp_ecdh_callback_ssl() {
-    use crate::ec::EcKey;
-    use crate::nid::Nid;
-
-    static CALLED_BACK: AtomicBool = AtomicBool::new(false);
-
-    let mut server = Server::builder();
-    server.ssl_cb(|ssl| {
-        ssl.set_tmp_ecdh_callback(|_, _, _| {
-            CALLED_BACK.store(true, Ordering::SeqCst);
-            EcKey::from_curve_name(Nid::X9_62_PRIME256V1)
-        });
-    });
-
-    let server = server.build();
-
-    let mut client = server.client();
-    client.ctx().set_cipher_list("ECDH").unwrap();
-    client.connect();
-
-    assert!(CALLED_BACK.load(Ordering::SeqCst));
-}
-
 #[test]
 fn idle_session() {
     let ctx = SslContext::builder(SslMethod::tls()).unwrap().build();

openssl/src/x509/mod.rs

@@ -563,11 +563,6 @@ impl X509Ref {
         ffi::X509_pubkey_digest
     }
 
-    #[deprecated(since = "0.10.9", note = "renamed to digest")]
-    pub fn fingerprint(&self, hash_type: MessageDigest) -> Result<Vec<u8>, ErrorStack> {
-        self.digest(hash_type).map(|b| b.to_vec())
-    }
-
     /// Returns the certificate's Not After validity period.
     #[corresponds(X509_getm_notAfter)]
     pub fn not_after(&self) -> &Asn1TimeRef {