BIO_new_mem_buf has had const since 2018, so this workaround is no longer needed.
Index: ssl.c =================================================================== RCS file: /cvs/src/usr.sbin/relayd/ssl.c,v retrieving revision 1.35 diff -u -p -r1.35 ssl.c --- ssl.c 27 Jan 2021 20:33:05 -0000 1.35 +++ ssl.c 8 Dec 2021 03:47:48 -0000 @@ -123,16 +123,9 @@ ssl_update_certificate(const uint8_t *ol BIO *in, *out = NULL; BUF_MEM *bptr = NULL; X509 *cert = NULL; - uint8_t *newcert = NULL, *foo = NULL; + uint8_t *newcert = NULL; - /* XXX BIO_new_mem_buf is not using const so work around this */ - if ((foo = malloc(oldlen)) == NULL) { - log_warn("%s: malloc", __func__); - return (NULL); - } - memcpy(foo, oldcert, oldlen); - - if ((in = BIO_new_mem_buf(foo, oldlen)) == NULL) { + if ((in = BIO_new_mem_buf(oldcert, oldlen)) == NULL) { log_warnx("%s: BIO_new_mem_buf failed", __func__); goto done; } @@ -193,7 +186,6 @@ ssl_update_certificate(const uint8_t *ol *newlen = bptr->length; done: - free(foo); if (in) BIO_free(in); if (out)