--- h:\prj\1original\openssl\openssl\crypto\x509\x509_cmp.c	2010-01-12 19:29:33.000000000 +-0200
+++ h:\prj\3actual\openssl\crypto\x509\x509_cmp.c	2010-05-01 01:39:34.000000000 +-0200
@@ -79,30 +79,31 @@
 #ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_and_serial_hash(X509 *a)
+unsigned long X509_issuer_and_serial_hash(const X509 *a)
 	{
 	unsigned long ret=0;
 	EVP_MD_CTX ctx;
 	unsigned char md[16];
 	char *f;
+	size_t l; /* [i_a] for strlen() so 'ret' is not 'damaged' when anyone decided to 'goto err' ;-) */
 
 	EVP_MD_CTX_init(&ctx);
 	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
-	ret=strlen(f);
+	l=strlen(f); /* [i_a] */
 	if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
 		goto err;
-	if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
+	if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,l))
 		goto err;
 	OPENSSL_free(f);
 	if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
 		(unsigned long)a->cert_info->serialNumber->length))
 		goto err;
 	if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL))
 		goto err;
 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
 		)&0xffffffffL;
-	err:
+err:
 	EVP_MD_CTX_cleanup(&ctx);
 	return(ret);
 	}
 #endif