New issue
Advanced search Search tips

Issue 590914 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Mar 2016
Cc:
davidben@chromium.org
erikc...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug

Blocking:
issue 547071



Sign in to add a comment

Functions in cssmapi.h are deprecated as of OSX 10.7.

Project Member Reported by erikc...@chromium.org, Mar 1 2016 
As of OSX 10.7, all the functions have been deprecated:
https://opensource.apple.com/source/Security/Security-55179.1/libsecurity_cssm/lib/cssmapi.h?txt

Now that the deployment target is being bumped to 10.9, we should consider switching to SecTransform.h. For now, I'm going to disable the compile-time warnings.

Comment 1 by rsleevi@chromium.org, Mar 1 2016

Status: WontFix (was: Untriaged)
SecTransport and Security.framework are not suitable replacement targets. wtc@ and I went back when OS X 10.7 was introduced to annotate deprecations, but alas, email retention & codereviews are failing me.

To be concrete as to why I'm WontFixing:
- There is no plan to move off the CDSA/CSSM interfaces we're presently using, because there is no suitable alternative from Security.framework
- Apple is aware of this plan (at the engineering and management level)
- Apple has no plans to introduce suitable alternatives for a number of functional pieces of what we're using
- The overall migration off deprecated APIs is possible if/when we move certificate verification from depending on OS X's APIs to our own verification library. That work is ongoing for Linux/ChromeOS, but no firm product direction for OS X (there are security and usability implications, unsurprisingly) have been set - we're focusing on the known/knowns first.

Comment 2 by erikc...@chromium.org, Mar 1 2016 

Acknowledged. I will mark our use of the CSSM API with the appropriate clang annotations.
Project Member

Comment 3 by bugdroid1@chromium.org, Mar 2 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bedc26167ab5402cf9e4a51afeeeb90ababb9da0

commit bedc26167ab5402cf9e4a51afeeeb90ababb9da0
Author: erikchen <erikchen@chromium.org>
Date: Wed Mar 02 02:52:08 2016

Suppress the clang warning "-Wdeprecated-declarations" for CSSM API calls.

The CSSM API has been deprecated since OSX 10.7, but there is no replacement.

BUG= 590914 

Review URL: https://codereview.chromium.org/1753553002

Cr-Commit-Position: refs/heads/master@{#378668}

[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/crypto/cssm_init.cc
[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/crypto/cssm_init.h
[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/net/base/keygen_handler_mac.cc
[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/net/cert/cert_verify_proc_mac.cc
[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/net/cert/x509_cert_types_mac.cc
[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/net/cert/x509_certificate_mac.cc
[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/net/cert/x509_util_mac.cc
[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/net/cert/x509_util_mac.h
[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/net/ssl/client_cert_store_mac.cc
[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/net/ssl/ssl_platform_key_mac.cc
[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/third_party/apple_apsl/README.chromium
[modify] https://crrev.com/bedc26167ab5402cf9e4a51afeeeb90ababb9da0/third_party/apple_apsl/cssmapplePriv.h

Sign in to add a comment