switch two ASN1_STRING_data() to ASN1_STRING_get0_data()

and while here mark as const data.

This diff is actually from gilles@, in OpenSMTPD-portable bundled
libtls.

ok tb@, jsing@

diff --git a/lib/libtls/tls_verify.c b/lib/libtls/tls_verify.c
index 685146a..fbbed79 100644 (file)
--- a/lib/libtls/tls_verify.c
+++ b/lib/libtls/tls_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_verify.c,v 1.21 2023/05/05 14:05:33 tb Exp $ */
+/* $OpenBSD: tls_verify.c,v 1.22 2023/05/10 13:48:54 op Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  *
@@ -126,12 +126,12 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
                        continue;
 
                if (type == GEN_DNS) {
-                       unsigned char   *data;
+                       const unsigned char     *data;
                        int              format, len;
 
                        format = ASN1_STRING_type(altname->d.dNSName);
                        if (format == V_ASN1_IA5STRING) {
-                               data = ASN1_STRING_data(altname->d.dNSName);
+                               data = ASN1_STRING_get0_data(altname->d.dNSName);
                                len = ASN1_STRING_length(altname->d.dNSName);
 
                                if (len < 0 || (size_t)len != strlen(data)) {
@@ -171,11 +171,11 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
                        }
 
                } else if (type == GEN_IPADD) {
-                       unsigned char   *data;
+                       const unsigned char     *data;
                        int              datalen;
 
                        datalen = ASN1_STRING_length(altname->d.iPAddress);
-                       data = ASN1_STRING_data(altname->d.iPAddress);
+                       data = ASN1_STRING_get0_data(altname->d.iPAddress);
 
                        if (datalen < 0) {
                                tls_set_errorx(ctx,