Ensure using const variables with EVP_PKEY_get0_*

These functions return const pointers in OpenSSL 3.0.0alpha14, so
our pointers should be also const to avoid casting the const away.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210408133626.29232-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22081.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 73b51276c97569a59614b63ee9eed6d67ccda2f2..3120c51a8d03b6f8d1eb04611c8b4a7011885539 100644 (file)
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -1248,12 +1248,11 @@ static int
 tls_ctx_use_external_rsa_key(struct tls_root_ctx *ctx, EVP_PKEY *pkey)
 {
     RSA *rsa = NULL;
-    RSA *pub_rsa;
     RSA_METHOD *rsa_meth;
 
     ASSERT(NULL != ctx);
 
-    pub_rsa = EVP_PKEY_get0_RSA(pkey);
+    const RSA *pub_rsa = EVP_PKEY_get0_RSA(pkey);
     ASSERT(NULL != pub_rsa);
 
     /* allocate custom RSA method object */
@@ -2027,7 +2026,7 @@ print_cert_details(X509 *cert, char *buf, size_t buflen)
 #ifndef OPENSSL_NO_EC
     if (typeid == EVP_PKEY_EC && EVP_PKEY_get0_EC_KEY(pkey) != NULL)
     {
-        EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+        const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
         const EC_GROUP *group = EC_KEY_get0_group(ec);
 
         int nid = EC_GROUP_get_curve_name(group);