Open Bug 1201900 Opened 9 years ago Updated 5 months ago

using the external array SSL_ImplementedCiphers[] directly should be deprecated

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Version:
3.20
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: kdudka, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
Build ID: 20150827075926

Steps to reproduce:

I have updated the documentation at:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/SSL_functions/sslfnc.html

... and fixed curl to access the array through the accessors:
https://github.com/bagder/curl/commit/7380433d


Actual results:

Despite accessor functions were introduced in 2010 (see bug #496993), software using NSS continues to accessing the external array SSL_ImplementedCiphers[] directly.  This causes dynamic linking issues at run-time after an update of NSS:
https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html


Expected results:

It should have been clarified in the ssl.h header file that using the array SSL_ImplementedCiphers[] directly is deprecated and it is recommended to access the array through the accessor functions.
Indeed, please add a compile-time deprecation warning and a link-time warning as well.

Also, please reorder the cipher suites so that the disabled/never-to-be-used ones are at the end.  If the array is used internally, please keep a complete copy, so that it is not truncated by the dynamic linker.  glibc will hopefully provide a more helpful warning message in the future:

https://sourceware.org/bugzilla/show_bug.cgi?id=18924
ping?

anything on this?
Priority: -- → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.