Open Bug 1201900 Opened 10 years ago Updated 2 years ago

using the external array SSL_ImplementedCiphers[] directly should be deprecated

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Version:
3.20
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: kdudka, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 Build ID: 20150827075926 Steps to reproduce: I have updated the documentation at: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/SSL_functions/sslfnc.html ... and fixed curl to access the array through the accessors: https://github.com/bagder/curl/commit/7380433d Actual results: Despite accessor functions were introduced in 2010 (see bug #496993), software using NSS continues to accessing the external array SSL_ImplementedCiphers[] directly. This causes dynamic linking issues at run-time after an update of NSS: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html Expected results: It should have been clarified in the ssl.h header file that using the array SSL_ImplementedCiphers[] directly is deprecated and it is recommended to access the array through the accessor functions.
Indeed, please add a compile-time deprecation warning and a link-time warning as well. Also, please reorder the cipher suites so that the disabled/never-to-be-used ones are at the end. If the array is used internally, please keep a complete copy, so that it is not truncated by the dynamic linker. glibc will hopefully provide a more helpful warning message in the future: https://sourceware.org/bugzilla/show_bug.cgi?id=18924
ping? anything on this?
Priority: -- → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.