This adds const qualifiers to the OCSP_* functions and a handful of
X509{,v3}_* functions as needed to make this work. Completely
straightforward.
Tested in sthen's bulk with no fallout.
Index: lib/libcrypto/ocsp/ocsp.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/ocsp/ocsp.h,v
retrieving revision 1.12
diff -u -p -r1.12 ocsp.h
--- lib/libcrypto/ocsp/ocsp.h 17 Mar 2018 14:44:34 -0000 1.12
+++ lib/libcrypto/ocsp/ocsp.h 13 May 2018 06:53:20 -0000
@@ -383,8 +383,8 @@ typedef struct ocsp_service_locator_st {
OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
int maxline);
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
@@ -394,8 +394,8 @@ int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT
OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
- ASN1_BIT_STRING* issuerKey, ASN1_INTEGER *serialNumber);
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName,
+ const ASN1_BIT_STRING* issuerKey, const ASN1_INTEGER *serialNumber);
OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
@@ -428,8 +428,8 @@ int OCSP_check_validity(ASN1_GENERALIZED
int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
X509_STORE *store, unsigned long flags);
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath,
- int *pssl);
+int OCSP_parse_url(const char *url, char **phost, char **pport,
+ char **ppath, int *pssl);
int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
@@ -449,17 +449,17 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP
int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags);
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
+X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim);
X509_EXTENSION *OCSP_accept_responses_new(char **oids);
X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, const char **urls);
int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
int lastpos);
int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit,
int lastpos);
@@ -472,7 +472,7 @@ int OCSP_REQUEST_add_ext(OCSP_REQUEST *x
int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj,
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj,
int lastpos);
int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
@@ -484,7 +484,7 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x,
int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
int lastpos);
int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
int lastpos);
@@ -499,8 +499,8 @@ int OCSP_BASICRESP_add_ext(OCSP_BASICRES
int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid,
int lastpos);
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
- int lastpos);
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x,
+ const ASN1_OBJECT *obj, int lastpos);
int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
int lastpos);
X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
Index: lib/libcrypto/ocsp/ocsp_ext.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/ocsp/ocsp_ext.c,v
retrieving revision 1.15
diff -u -p -r1.15 ocsp_ext.c
--- lib/libcrypto/ocsp/ocsp_ext.c 27 Dec 2016 16:01:19 -0000 1.15
+++ lib/libcrypto/ocsp/ocsp_ext.c 13 May 2018 06:53:20 -0000
@@ -88,7 +88,7 @@ OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST
}
int
-OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos)
+OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, int
lastpos)
{
return X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions, obj,
lastpos);
@@ -149,7 +149,7 @@ OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *
}
int
-OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
+OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos)
{
return X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos);
}
@@ -209,7 +209,8 @@ OCSP_BASICRESP_get_ext_by_NID(OCSP_BASIC
}
int
-OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos)
+OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
+ int lastpos)
{
return X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,
obj, lastpos);
@@ -271,7 +272,7 @@ OCSP_SINGLERESP_get_ext_by_NID(OCSP_SING
}
int
-OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
+OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj,
int lastpos)
{
return X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos);
@@ -435,7 +436,7 @@ OCSP_copy_nonce(OCSP_BASICRESP *resp, OC
}
X509_EXTENSION *
-OCSP_crlID_new(char *url, long *n, char *tim)
+OCSP_crlID_new(const char *url, long *n, char *tim)
{
X509_EXTENSION *x = NULL;
OCSP_CRLID *cid = NULL;
@@ -517,7 +518,7 @@ err:
* method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
*/
X509_EXTENSION *
-OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
+OCSP_url_svcloc_new(X509_NAME* issuer, const char **urls)
{
X509_EXTENSION *x = NULL;
ASN1_IA5STRING *ia5 = NULL;
Index: lib/libcrypto/ocsp/ocsp_ht.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/ocsp/ocsp_ht.c,v
retrieving revision 1.24
diff -u -p -r1.24 ocsp_ht.c
--- lib/libcrypto/ocsp/ocsp_ht.c 29 Jan 2017 17:49:23 -0000 1.24
+++ lib/libcrypto/ocsp/ocsp_ht.c 13 May 2018 06:53:20 -0000
@@ -149,7 +149,7 @@ OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *r
}
OCSP_REQ_CTX *
-OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, int maxline)
+OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, int maxline)
{
OCSP_REQ_CTX *rctx;
@@ -440,7 +440,7 @@ next_line:
/* Blocking OCSP request handler: now a special case of non-blocking I/O */
OCSP_RESPONSE *
-OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
+OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
{
OCSP_RESPONSE *resp = NULL;
OCSP_REQ_CTX *ctx;
Index: lib/libcrypto/ocsp/ocsp_lib.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/ocsp/ocsp_lib.c,v
retrieving revision 1.20
diff -u -p -r1.20 ocsp_lib.c
--- lib/libcrypto/ocsp/ocsp_lib.c 29 Jan 2017 17:49:23 -0000 1.20
+++ lib/libcrypto/ocsp/ocsp_lib.c 13 May 2018 06:53:20 -0000
@@ -99,8 +99,8 @@ OCSP_cert_to_id(const EVP_MD *dgst, X509
}
OCSP_CERTID *
-OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
- ASN1_BIT_STRING* issuerKey, ASN1_INTEGER *serialNumber)
+OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName,
+ const ASN1_BIT_STRING* issuerKey, const ASN1_INTEGER *serialNumber)
{
int nid;
unsigned int i;
@@ -180,7 +180,8 @@ OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID
* it is SSL.
*/
int
-OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
+OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
+ int *pssl)
{
char *host, *path, *port, *tmp;
Index: lib/libcrypto/x509/x509.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509.h,v
retrieving revision 1.47
diff -u -p -r1.47 x509.h
--- lib/libcrypto/x509/x509.h 13 May 2018 06:48:00 -0000 1.47
+++ lib/libcrypto/x509/x509.h 13 May 2018 06:53:20 -0000
@@ -987,9 +987,9 @@ int X509_set_version(X509 *x, long ver
int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
ASN1_INTEGER * X509_get_serialNumber(X509 *x);
int X509_set_issuer_name(X509 *x, X509_NAME *name);
-X509_NAME * X509_get_issuer_name(X509 *a);
+X509_NAME * X509_get_issuer_name(const X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name);
-X509_NAME * X509_get_subject_name(X509 *a);
+X509_NAME * X509_get_subject_name(const X509 *a);
int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
@@ -1130,7 +1130,7 @@ int X509v3_get_ext_count(const STACK_OF
int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
int nid, int lastpos);
int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
- ASN1_OBJECT *obj,int lastpos);
+ const ASN1_OBJECT *obj,int lastpos);
int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
int crit, int lastpos);
X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
Index: lib/libcrypto/x509/x509_cmp.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_cmp.c,v
retrieving revision 1.31
diff -u -p -r1.31 x509_cmp.c
--- lib/libcrypto/x509/x509_cmp.c 1 May 2018 19:01:28 -0000 1.31
+++ lib/libcrypto/x509/x509_cmp.c 13 May 2018 06:53:20 -0000
@@ -145,7 +145,7 @@ X509_CRL_match(const X509_CRL *a, const
#endif
X509_NAME *
-X509_get_issuer_name(X509 *a)
+X509_get_issuer_name(const X509 *a)
{
return (a->cert_info->issuer);
}
@@ -165,7 +165,7 @@ X509_issuer_name_hash_old(X509 *x)
#endif
X509_NAME *
-X509_get_subject_name(X509 *a)
+X509_get_subject_name(const X509 *a)
{
return (a->cert_info->subject);
}
Index: lib/libcrypto/x509/x509_v3.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/x509/x509_v3.c,v
retrieving revision 1.14
diff -u -p -r1.14 x509_v3.c
--- lib/libcrypto/x509/x509_v3.c 29 Jan 2017 17:49:23 -0000 1.14
+++ lib/libcrypto/x509/x509_v3.c 13 May 2018 06:53:20 -0000
@@ -86,8 +86,8 @@ X509v3_get_ext_by_NID(const STACK_OF(X50
}
int
-X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
- int lastpos)
+X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
+ const ASN1_OBJECT *obj, int lastpos)
{
int n;
X509_EXTENSION *ex;
