Move CRL_REASON_* back to x509v3.h

strongswan defines conflicting symbols and has been relying on them only being defined in <openssl/x509v3.h>. Defining the constants in <openssl/x509.h> would break strongswan, so move them back for now. Long term, we would like for new code to only need <openssl/x509.h>, so I've left a TODO to introduce properly namespaced versions of these constants and, separately, see if we can fix strongswan to similarly avoid the conflict. Between OpenSSL, strongswan, and wincrypt.h all defining these constants, it seems best for everyone to just avoid them going forward. Change-Id: I23ce4c5013a80a831e0dc74fda8623027017190c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65387 Commit-Queue: Bob Beck <[email protected]> Auto-Submit: David Benjamin <[email protected]> Reviewed-by: Bob Beck <[email protected]> Commit-Queue: David Benjamin <[email protected]>
google · Jan 13, 2024 · 45f5e5d · 45f5e5d
1 parent 518172c
commit 45f5e5d
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 12 deletions.
diff --git a/crypto/x509/v3_enum.c b/crypto/x509/v3_enum.c
@@ -59,6 +59,7 @@
 #include <openssl/mem.h>
 #include <openssl/obj.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
 #include "internal.h"
 

diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
@@ -63,6 +63,7 @@
 #include <openssl/stack.h>
 #include <openssl/thread.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
 #include <assert.h>
 

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
@@ -4245,18 +4245,6 @@ typedef struct DIST_POINT_NAME_st {
 // All existing reasons
 #define CRLDP_ALL_REASONS 0x807f
 
-#define CRL_REASON_NONE (-1)
-#define CRL_REASON_UNSPECIFIED 0
-#define CRL_REASON_KEY_COMPROMISE 1
-#define CRL_REASON_CA_COMPROMISE 2
-#define CRL_REASON_AFFILIATION_CHANGED 3
-#define CRL_REASON_SUPERSEDED 4
-#define CRL_REASON_CESSATION_OF_OPERATION 5
-#define CRL_REASON_CERTIFICATE_HOLD 6
-#define CRL_REASON_REMOVE_FROM_CRL 8
-#define CRL_REASON_PRIVILEGE_WITHDRAWN 9
-#define CRL_REASON_AA_COMPROMISE 10
-
 struct DIST_POINT_st {
   DIST_POINT_NAME *distpoint;
   ASN1_BIT_STRING *reasons;

diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
@@ -20,6 +20,30 @@
 // However, due to conflicts, some deprecated symbols are defined here.
 #include <openssl/x509.h>
 
+
+// CRL reason constants.
+
+// TODO(davidben): These constants live here because strongswan defines
+// conflicting symbols and has been relying on them only being defined in
+// <openssl/x509v3.h>. Defining the constants in <openssl/x509.h> would break
+// strongswan, but we would also like for new code to only need
+// <openssl/x509.h>. Introduce properly namespaced versions of these constants
+// and, separately, see if we can fix strongswan to similarly avoid the
+// conflict. Between OpenSSL, strongswan, and wincrypt.h all defining these
+// constants, it seems best for everyone to just avoid them going forward.
+#define CRL_REASON_NONE (-1)
+#define CRL_REASON_UNSPECIFIED 0
+#define CRL_REASON_KEY_COMPROMISE 1
+#define CRL_REASON_CA_COMPROMISE 2
+#define CRL_REASON_AFFILIATION_CHANGED 3
+#define CRL_REASON_SUPERSEDED 4
+#define CRL_REASON_CESSATION_OF_OPERATION 5
+#define CRL_REASON_CERTIFICATE_HOLD 6
+#define CRL_REASON_REMOVE_FROM_CRL 8
+#define CRL_REASON_PRIVILEGE_WITHDRAWN 9
+#define CRL_REASON_AA_COMPROMISE 10
+
+
 // Deprecated constants.
 
 // The following constants are legacy aliases for |X509v3_KU_*|. They are