From: Bob Beck Date: Mon, 29 Sep 2025 22:47:44 +0000 (-0600) Subject: Constify X509_get_ext() and friends.. X-Git-Tag: openssl-4.0.0-alpha1~149 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e75bd84ffc73;p=thirdparty%2Fopenssl.git Constify X509_get_ext() and friends.. These all took const, but returned non const, they should return const. This then triggers constifying of a whole class of get_ext() functions. Part of #28654 and #29117 Fixes: openssl/project#1779 Reviewed-by: Eugene Syromiatnikov Reviewed-by: Neil Horman MergeDate: Tue Feb 24 18:53:25 2026 (Merged from https://github.com/openssl/openssl/pull/29465) --- diff --git a/CHANGES.md b/CHANGES.md index 9a6d5c04eba..0ac57fedf07 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -172,6 +172,12 @@ OpenSSL 4.0 *Kurt Roeckx* + * Various function return values have been constified, particularly in X509 + and related areas, and when functions were returning non-const objects + owned by a const parameter. + + *Bob Beck* + * The script tool `c_rehash` was removed. Use `openssl rehash` instead. *Norbert Pocs* diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 099e7401ec4..bf51b291254 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -1276,8 +1276,8 @@ int copy_extensions(X509 *x, X509_REQ *req, int copy_type) exts = X509_REQ_get_extensions(req); for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { - X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); - ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext); + const X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); + const ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext); int idx = X509_get_ext_by_OBJ(x, obj, -1); /* Does extension exist in target? */ @@ -2414,13 +2414,12 @@ static int adapt_keyid_ext(X509 *cert, X509V3_CTX *ext_ctx, idx = X509v3_get_ext_by_OBJ(exts, X509_EXTENSION_get_object(new_ext), -1); if (idx >= 0) { - X509_EXTENSION *found_ext = X509v3_get_ext(exts, idx); - ASN1_OCTET_STRING *encoded = X509_EXTENSION_get_data(found_ext); + const X509_EXTENSION *found_ext = X509v3_get_ext(exts, idx); + const ASN1_OCTET_STRING *encoded = X509_EXTENSION_get_data(found_ext); int disabled = ASN1_STRING_length(encoded) <= 2; /* indicating "none" */ if (disabled) { - X509_delete_ext(cert, idx); - X509_EXTENSION_free(found_ext); + X509_EXTENSION_free(X509_delete_ext(cert, idx)); } /* else keep existing key identifier, which might be outdated */ rv = 1; } else { diff --git a/apps/x509.c b/apps/x509.c index c1e0a8fa2c0..b0dc3e683c9 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -274,7 +274,7 @@ static X509_REQ *x509_to_req(X509 *cert, int ext_copy, const char *names) goto err; for (i = 0; i < n; i++) { X509_EXTENSION *ex = sk_X509_EXTENSION_value(cert_exts, i); - ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex); + const ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex); if (OBJ_cmp(obj, skid) != 0 && OBJ_cmp(obj, akid) != 0 && !sk_X509_EXTENSION_push(exts, ex)) @@ -904,7 +904,7 @@ cert_loop: if (clrext && ext_names != NULL) BIO_puts(bio_err, "Warning: Ignoring -ext since -clrext is given\n"); for (i = X509_get_ext_count(x) - 1; i >= 0; i--) { - X509_EXTENSION *ex = X509_get_ext(x, i); + const X509_EXTENSION *ex = X509_get_ext(x, i); const char *sn = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ex))); if (clrext || (ext_names != NULL && strstr(ext_names, sn) == NULL)) @@ -1343,7 +1343,7 @@ static int print_x509v3_exts(BIO *bio, X509 *x, const char *ext_names) const STACK_OF(X509_EXTENSION) *exts = NULL; STACK_OF(X509_EXTENSION) *exts2 = NULL; X509_EXTENSION *ext = NULL; - ASN1_OBJECT *obj; + const ASN1_OBJECT *obj; int i, j, ret = 0, num, nn = 0; const char *sn, **names = NULL; char *tmp_ext_names = NULL; diff --git a/crypto/ct/ct_sct_ctx.c b/crypto/ct/ct_sct_ctx.c index aa1ebbfea79..cbe318e3921 100644 --- a/crypto/ct/ct_sct_ctx.c +++ b/crypto/ct/ct_sct_ctx.c @@ -74,11 +74,15 @@ static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) */ __owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner) { + int ret = 0; int preidx, certidx; int pre_akid_ext_is_dup, cert_akid_ext_is_dup; + X509_EXTENSION *new = NULL; - if (presigner == NULL) - return 1; + if (presigner == NULL) { + ret = 1; + goto done; + } preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier, &pre_akid_ext_is_dup); @@ -87,32 +91,41 @@ __owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner) /* An error occurred whilst searching for the extension */ if (preidx < -1 || certidx < -1) - return 0; + goto done; /* Invalid certificate if they contain duplicate extensions */ if (pre_akid_ext_is_dup || cert_akid_ext_is_dup) - return 0; + goto done; /* AKID must be present in both certificate or absent in both */ if (preidx >= 0 && certidx == -1) - return 0; + goto done; if (preidx == -1 && certidx >= 0) - return 0; + goto done; /* Copy issuer name */ if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner))) - return 0; + goto done; if (preidx != -1) { /* Retrieve and copy AKID encoding */ - X509_EXTENSION *preext = X509_get_ext(presigner, preidx); - X509_EXTENSION *certext = X509_get_ext(cert, certidx); - ASN1_OCTET_STRING *preextdata; + const X509_EXTENSION *preext = X509_get_ext(presigner, preidx); + const X509_EXTENSION *certext = X509_get_ext(cert, certidx); + const ASN1_OCTET_STRING *preextdata; /* Should never happen */ if (preext == NULL || certext == NULL) - return 0; + goto done; + if ((new = X509_EXTENSION_dup(certext)) == NULL) + goto done; preextdata = X509_EXTENSION_get_data(preext); - if (preextdata == NULL || !X509_EXTENSION_set_data(certext, preextdata)) - return 0; + if (preextdata == NULL || !X509_EXTENSION_set_data(new, preextdata)) + goto done; + X509_EXTENSION_free(X509_delete_ext(cert, certidx)); + certext = NULL; + if (!X509_add_ext(cert, new, certidx)) + goto done; + ret = 1; } - return 1; +done: + X509_EXTENSION_free(new); + return ret; } int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 4149f7f66d2..81cc51fdc95 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -41,7 +41,7 @@ int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) return (X509v3_get_ext_by_critical(x->tbsRequest.requestExtensions, crit, lastpos)); } -X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) +const X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) { return X509v3_get_ext(x->tbsRequest.requestExtensions, loc); } @@ -63,7 +63,7 @@ int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, crit, flags); } -int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, const X509_EXTENSION *ex, int loc) { return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) != NULL); } @@ -91,7 +91,7 @@ int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos) return (X509v3_get_ext_by_critical(x->singleRequestExtensions, crit, lastpos)); } -X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc) +const X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc) { return X509v3_get_ext(x->singleRequestExtensions, loc); } @@ -113,7 +113,7 @@ int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, flags); } -int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, const X509_EXTENSION *ex, int loc) { return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL); } @@ -142,7 +142,7 @@ int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, return (X509v3_get_ext_by_critical(x->tbsResponseData.responseExtensions, crit, lastpos)); } -X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) +const X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) { return X509v3_get_ext(x->tbsResponseData.responseExtensions, loc); } @@ -166,7 +166,7 @@ int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, value, crit, flags); } -int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, const X509_EXTENSION *ex, int loc) { return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc) != NULL); @@ -196,7 +196,7 @@ int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, return X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos); } -X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc) +const X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc) { return X509v3_get_ext(x->singleExtensions, loc); } @@ -218,7 +218,7 @@ int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); } -int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, const X509_EXTENSION *ex, int loc) { return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL); } @@ -310,7 +310,7 @@ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) */ int req_idx, resp_idx; - X509_EXTENSION *req_ext, *resp_ext; + const X509_EXTENSION *req_ext, *resp_ext; req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); /* Check both absent */ @@ -339,7 +339,7 @@ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req) { - X509_EXTENSION *req_ext; + const X509_EXTENSION *req_ext; int req_idx; /* Check for nonce in request */ req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index c4392ef02ee..2de28f38974 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -48,8 +48,8 @@ int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj) int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions) { int i, critical, n; - X509_EXTENSION *ex; - ASN1_OBJECT *obj; + const X509_EXTENSION *ex; + const ASN1_OBJECT *obj; BIO_printf(bio, "Extensions:\n"); n = X509v3_get_ext_count(extensions); diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c index 89e1bda450a..a8818d56d6a 100644 --- a/crypto/ts/ts_req_utils.c +++ b/crypto/ts/ts_req_utils.c @@ -162,7 +162,7 @@ int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos) return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); } -X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc) +const X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc) { return X509v3_get_ext(a->extensions, loc); } diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c index 2352c7adb96..c83bedf79f4 100644 --- a/crypto/ts/ts_rsp_utils.c +++ b/crypto/ts/ts_rsp_utils.c @@ -323,7 +323,7 @@ int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos) return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); } -X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc) +const X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc) { return X509v3_get_ext(a->extensions, loc); } diff --git a/crypto/x509/t_acert.c b/crypto/x509/t_acert.c index 12ca9478847..2a79940e9da 100644 --- a/crypto/x509/t_acert.c +++ b/crypto/x509/t_acert.c @@ -242,8 +242,8 @@ int X509_ACERT_print_ex(BIO *bp, X509_ACERT *x, unsigned long nmflags, if (BIO_printf(bp, "%8sExtensions:\n", "") <= 0) goto err; for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { - ASN1_OBJECT *obj; - X509_EXTENSION *ex; + const ASN1_OBJECT *obj; + const X509_EXTENSION *ex; int critical; ex = sk_X509_EXTENSION_value(exts, i); diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c index 75a79618c56..418a6eb4acc 100644 --- a/crypto/x509/t_req.c +++ b/crypto/x509/t_req.c @@ -169,8 +169,8 @@ int X509_REQ_print_ex(BIO *bp, const X509_REQ *x, unsigned long nmflags, unsigne if (BIO_printf(bp, "%12sRequested Extensions:\n", "") <= 0) goto err; for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { - ASN1_OBJECT *obj; - X509_EXTENSION *ex; + const ASN1_OBJECT *obj; + const X509_EXTENSION *ex; int critical; ex = sk_X509_EXTENSION_value(exts, i); if (BIO_printf(bp, "%16s", "") <= 0) diff --git a/crypto/x509/v3_akid.c b/crypto/x509/v3_akid.c index c6696577ee3..d5afc4f8808 100644 --- a/crypto/x509/v3_akid.c +++ b/crypto/x509/v3_akid.c @@ -106,7 +106,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; ASN1_INTEGER *serial = NULL; - X509_EXTENSION *ext; + const X509_EXTENSION *ext; X509 *issuer_cert; int same_issuer, ss; AUTHORITY_KEYID *akeyid = AUTHORITY_KEYID_new(); diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.c index 9ccda067320..4f0539c90e1 100644 --- a/crypto/x509/v3_conf.c +++ b/crypto/x509/v3_conf.c @@ -294,7 +294,7 @@ static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext) { int idx; - ASN1_OBJECT *obj; + const ASN1_OBJECT *obj; obj = X509_EXTENSION_get_object(dext); while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) diff --git a/crypto/x509/v3_lib.c b/crypto/x509/v3_lib.c index fe6c235c5d1..8217fcdb2cc 100644 --- a/crypto/x509/v3_lib.c +++ b/crypto/x509/v3_lib.c @@ -70,7 +70,7 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) return sk_X509V3_EXT_METHOD_value(ext_list, idx); } -const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) +const X509V3_EXT_METHOD *X509V3_EXT_get(const X509_EXTENSION *ext) { int nid; if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef) @@ -131,11 +131,11 @@ int X509V3_add_standard_extensions(void) /* Return an extension internal structure */ -void *X509V3_EXT_d2i(X509_EXTENSION *ext) +void *X509V3_EXT_d2i(const X509_EXTENSION *ext) { const X509V3_EXT_METHOD *method; const unsigned char *p; - ASN1_STRING *extvalue; + const ASN1_STRING *extvalue; int extlen; if ((method = X509V3_EXT_get(ext)) == NULL) diff --git a/crypto/x509/v3_prn.c b/crypto/x509/v3_prn.c index 2a363d37ed7..6c2dd137498 100644 --- a/crypto/x509/v3_prn.c +++ b/crypto/x509/v3_prn.c @@ -66,12 +66,12 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, /* Main routine: print out a general extension */ -int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, +int X509V3_EXT_print(BIO *out, const X509_EXTENSION *ext, unsigned long flag, int indent) { void *ext_str = NULL; char *value = NULL; - ASN1_OCTET_STRING *extoct; + const ASN1_OCTET_STRING *extoct; const unsigned char *p; int extlen; const X509V3_EXT_METHOD *method; @@ -150,8 +150,8 @@ int X509V3_extensions_print(BIO *bp, const char *title, } for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { - ASN1_OBJECT *obj; - X509_EXTENSION *ex; + const ASN1_OBJECT *obj; + const X509_EXTENSION *ex; ex = sk_X509_EXTENSION_value(exts, i); obj = X509_EXTENSION_get_object(ex); diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index 016fd5a6062..535dce409f1 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -304,7 +304,7 @@ static int nid_cmp(const int *a, const int *b) DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid); IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid); -int X509_supported_extension(X509_EXTENSION *ex) +int X509_supported_extension(const X509_EXTENSION *ex) { /* * This table is a list of the NIDs of supported extensions: that is @@ -639,7 +639,7 @@ int ossl_x509v3_cache_extensions(const X509 *const_x) x->ex_flags |= EXFLAG_INVALID; #endif for (i = 0; i < X509_get_ext_count(x); i++) { - X509_EXTENSION *ex = X509_get_ext(x, i); + const X509_EXTENSION *ex = X509_get_ext(x, i); int nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); if (nid == NID_freshest_crl) @@ -965,7 +965,7 @@ static int check_purpose_code_sign(const X509_PURPOSE *xp, const X509 *x, if (i_ext < 0) return 0; if (i_ext >= 0) { - X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext); + const X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext); if (!X509_EXTENSION_get_critical(ext)) return 0; } diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c index fcd7465271c..e06fdb9543e 100644 --- a/crypto/x509/v3_san.c +++ b/crypto/x509/v3_san.c @@ -337,7 +337,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) { GENERAL_NAMES *ialt = NULL; GENERAL_NAME *gen; - X509_EXTENSION *ext; + const X509_EXTENSION *ext; int i, num; if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0) diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index 88315e6d5c3..f5c807caf5a 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -37,7 +37,7 @@ int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos) return X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos); } -X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc) +const X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc) { return X509v3_get_ext(x->crl.extensions, loc); } @@ -70,7 +70,7 @@ int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags); } -int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) +int X509_CRL_add_ext(X509_CRL *x, const X509_EXTENSION *ex, int loc) { return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL); } @@ -95,7 +95,7 @@ int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos) return (X509v3_get_ext_by_critical(x->cert_info.extensions, crit, lastpos)); } -X509_EXTENSION *X509_get_ext(const X509 *x, int loc) +const X509_EXTENSION *X509_get_ext(const X509 *x, int loc) { return X509v3_get_ext(x->cert_info.extensions, loc); } @@ -105,7 +105,7 @@ X509_EXTENSION *X509_delete_ext(X509 *x, int loc) return delete_ext(&x->cert_info.extensions, loc); } -int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) +int X509_add_ext(X509 *x, const X509_EXTENSION *ex, int loc) { return (X509v3_add_ext(&(x->cert_info.extensions), ex, loc) != NULL); } @@ -143,7 +143,7 @@ int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpo return X509v3_get_ext_by_critical(x->extensions, crit, lastpos); } -X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc) +const X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc) { return X509v3_get_ext(x->extensions, loc); } diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 611a5dabd61..fe4229e61f5 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -80,7 +80,7 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, return -1; } -X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) +const X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) { if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) return NULL; @@ -99,7 +99,7 @@ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) } STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, - X509_EXTENSION *ex, int loc) + const X509_EXTENSION *ex, int loc) { X509_EXTENSION *new_ex = NULL; int n; @@ -154,8 +154,8 @@ STACK_OF(X509_EXTENSION) *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **targe } for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { - X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); - ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext); + const X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); + const ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext); int idx = X509v3_get_ext_by_OBJ(*target, obj, -1); /* Does extension exist in target? */ @@ -237,7 +237,7 @@ int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) return 1; } -int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) +int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data) { int i; @@ -249,14 +249,14 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) return 1; } -ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex) +const ASN1_OBJECT *X509_EXTENSION_get_object(const X509_EXTENSION *ex) { if (ex == NULL) return NULL; return ex->object; } -ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) +const ASN1_OCTET_STRING *X509_EXTENSION_get_data(const X509_EXTENSION *ex) { if (ex == NULL) return NULL; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f13be6e768c..ff18cdc60b1 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1590,7 +1590,7 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, */ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) { - ASN1_OCTET_STRING *exta = NULL, *extb = NULL; + const ASN1_OCTET_STRING *exta = NULL, *extb = NULL; int i = X509_CRL_get_ext_by_NID(a, nid, -1); if (i >= 0) { @@ -2630,8 +2630,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, * number to correct value too. */ for (i = 0; i < X509_CRL_get_ext_count(newer); i++) { - X509_EXTENSION *ext = X509_CRL_get_ext(newer, i); - + const X509_EXTENSION *ext = X509_CRL_get_ext(newer, i); if (!X509_CRL_add_ext(crl, ext, -1)) { ERR_raise(ERR_LIB_X509, ERR_R_X509_LIB); goto err; diff --git a/doc/man3/X509V3_get_d2i.pod b/doc/man3/X509V3_get_d2i.pod index 330464e0c8d..430596adc27 100644 --- a/doc/man3/X509V3_get_d2i.pod +++ b/doc/man3/X509V3_get_d2i.pod @@ -19,7 +19,7 @@ X509_REVOKED_get0_extensions - X509 extension decode and encode functions int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); - void *X509V3_EXT_d2i(X509_EXTENSION *ext); + void *X509V3_EXT_d2i(const X509_EXTENSION *ext); X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); diff --git a/doc/man3/X509_EXTENSION_set_object.pod b/doc/man3/X509_EXTENSION_set_object.pod index ff5de78ad77..5df8fe85813 100644 --- a/doc/man3/X509_EXTENSION_set_object.pod +++ b/doc/man3/X509_EXTENSION_set_object.pod @@ -12,7 +12,7 @@ functions int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); - int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); + int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data); X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit, @@ -21,9 +21,9 @@ functions const ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data); - ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); + const ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); - ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); + const ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); =head1 DESCRIPTION diff --git a/doc/man3/X509v3_get_ext_by_NID.pod b/doc/man3/X509v3_get_ext_by_NID.pod index 38caf524a63..5bd7e6058a1 100644 --- a/doc/man3/X509v3_get_ext_by_NID.pod +++ b/doc/man3/X509v3_get_ext_by_NID.pod @@ -18,7 +18,7 @@ X509_REVOKED_add_ext - extension stack utility functions #include int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); - X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); + const X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, int lastpos); @@ -34,24 +34,24 @@ X509_REVOKED_add_ext - extension stack utility functions const STACK_OF(X509_EXTENSION) *exts); int X509_get_ext_count(const X509 *x); - X509_EXTENSION *X509_get_ext(const X509 *x, int loc); + const X509_EXTENSION *X509_get_ext(const X509 *x, int loc); int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); X509_EXTENSION *X509_delete_ext(X509 *x, int loc); - int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); + int X509_add_ext(X509 *x, const X509_EXTENSION *ex, int loc); int X509_CRL_get_ext_count(const X509_CRL *x); - X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); + const X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); - int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); + int X509_CRL_add_ext(X509_CRL *x, const X509_EXTENSION *ex, int loc); int X509_REVOKED_get_ext_count(const X509_REVOKED *x); - X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); + const X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, int lastpos); diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in index c3a849ed01d..8c8f093afe4 100644 --- a/include/openssl/ocsp.h.in +++ b/include/openssl/ocsp.h.in @@ -310,24 +310,24 @@ int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, int lastpos); int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); -X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +const X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx); int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, unsigned long flags); -int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, const X509_EXTENSION *ex, int loc); int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); -X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +const X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, unsigned long flags); -int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, const X509_EXTENSION *ex, int loc); int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); @@ -335,13 +335,13 @@ int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, int lastpos); int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos); -X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +const X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx); int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, unsigned long flags); -int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, const X509_EXTENSION *ex, int loc); int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); @@ -349,13 +349,13 @@ int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, int lastpos); int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos); -X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +const X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx); int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, unsigned long flags); -int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, const X509_EXTENSION *ex, int loc); const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) diff --git a/include/openssl/ts.h b/include/openssl/ts.h index ace878db6df..175dcd436a1 100644 --- a/include/openssl/ts.h +++ b/include/openssl/ts.h @@ -155,7 +155,7 @@ int TS_REQ_get_ext_count(TS_REQ *a); int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); -X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +const X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); @@ -217,7 +217,7 @@ int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, int lastpos); int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); -X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +const X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index b5b519ecf00..ab3f8dd013c 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -899,10 +899,10 @@ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, const ASN1_OBJECT *obj, int lastpos); int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, int crit, int lastpos); -X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +const X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, - X509_EXTENSION *ex, int loc); + const X509_EXTENSION *ex, int loc); STACK_OF(X509_EXTENSION) *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, const STACK_OF(X509_EXTENSION) *exts); @@ -910,9 +910,9 @@ int X509_get_ext_count(const X509 *x); int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); -X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +const X509_EXTENSION *X509_get_ext(const X509 *x, int loc); X509_EXTENSION *X509_delete_ext(X509 *x, int loc); -int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +int X509_add_ext(X509 *x, const X509_EXTENSION *ex, int loc); void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags); @@ -922,9 +922,9 @@ int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); -X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +const X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); -int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +int X509_CRL_add_ext(X509_CRL *x, const X509_EXTENSION *ex, int loc); void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, unsigned long flags); @@ -935,7 +935,7 @@ int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, int lastpos); int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos); -X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +const X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, @@ -951,9 +951,9 @@ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, ASN1_OCTET_STRING *data); int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); -int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); -ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); -ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data); +const ASN1_OBJECT *X509_EXTENSION_get_object(const X509_EXTENSION *ex); +const ASN1_OCTET_STRING *X509_EXTENSION_get_data(const X509_EXTENSION *ne); int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in index 1cc66047dd3..d2d9ccb991e 100644 --- a/include/openssl/x509v3.h.in +++ b/include/openssl/x509v3.h.in @@ -715,11 +715,11 @@ int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); int X509V3_EXT_add_alias(int nid_to, int nid_from); void X509V3_EXT_cleanup(void); -const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get(const X509_EXTENSION *ext); const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); int X509V3_add_standard_extensions(void); STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); -void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_EXT_d2i(const X509_EXTENSION *ext); void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); @@ -735,7 +735,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml); -int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, +int X509V3_EXT_print(BIO *out, const X509_EXTENSION *ext, unsigned long flag, int indent); #ifndef OPENSSL_NO_STDIO int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); @@ -746,7 +746,7 @@ int X509V3_extensions_print(BIO *out, const char *title, int X509_check_ca(const X509 *x); int X509_check_purpose(const X509 *x, int id, int ca); -int X509_supported_extension(X509_EXTENSION *ex); +int X509_supported_extension(const X509_EXTENSION *ex); int X509_check_issued(X509 *issuer, X509 *subject); int X509_check_akid(const X509 *issuer, const AUTHORITY_KEYID *akid); void X509_set_proxy_flag(X509 *x); diff --git a/test/ct_test.c b/test/ct_test.c index 6d970cbe202..0ac2dcca2a3 100644 --- a/test/ct_test.c +++ b/test/ct_test.c @@ -149,7 +149,7 @@ end: return result; } -static int compare_extension_printout(X509_EXTENSION *extension, +static int compare_extension_printout(const X509_EXTENSION *extension, const char *expected_output) { BIO *text_buffer = NULL; @@ -250,7 +250,7 @@ static int execute_cert_test(CT_TEST_FIXTURE *fixture) if (fixture->certificate_file != NULL) { int sct_extension_index; int i; - X509_EXTENSION *sct_extension = NULL; + const X509_EXTENSION *sct_extension = NULL; if (!TEST_ptr(cert = load_pem_cert(fixture->certs_dir, fixture->certificate_file)))