Instead of needlessly casting const away, simply update the prototype
of ossl_ipaddr_to_asc(), that doesn't modify the passed data in any way
anyway.
Fixes: f584ae959cbc "Let's support multiple names for certificate verification"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
MergeDate: Sat May 2 18:07:19 2026
(Merged from https://github.com/openssl/openssl/pull/31051)
return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, 0, NULL);
}
-char *ossl_ipaddr_to_asc(unsigned char *p, int len)
+char *ossl_ipaddr_to_asc(const unsigned char *p, int len)
{
/*
* 40 is enough space for the longest IPv6 address + nul terminator byte
char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param)
{
size_t iplen;
- /* XXX casts away const */
- unsigned char *ip = (unsigned char *)int_X509_VERIFY_PARAM_get0_ip(param, &iplen, 0);
+ const unsigned char *ip = int_X509_VERIFY_PARAM_get0_ip(param, &iplen, 0);
return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, (int)iplen);
}
char *ossl_sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text,
const char *sep, size_t max_len);
-char *ossl_ipaddr_to_asc(unsigned char *p, int len);
+char *ossl_ipaddr_to_asc(const unsigned char *p, int len);
char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep);
unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen,
projects / thirdparty / openssl.git / commitdiff
