From 3130d2a2d699478c599513e90c53b911843ac7df Mon Sep 17 00:00:00 2001
From: op <op@openbsd.org>
Date: Wed, 10 May 2023 13:48:54 +0000
Subject: [PATCH] switch two ASN1_STRING_data() to ASN1_STRING_get0_data()

and while here mark as const data.

This diff is actually from gilles@, in OpenSMTPD-portable bundled
libtls.

ok tb@, jsing@
---
 lib/libtls/tls_verify.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/libtls/tls_verify.c b/lib/libtls/tls_verify.c
index 685146a4a9a..fbbed7969c4 100644
--- a/lib/libtls/tls_verify.c
+++ b/lib/libtls/tls_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_verify.c,v 1.21 2023/05/05 14:05:33 tb Exp $ */
+/* $OpenBSD: tls_verify.c,v 1.22 2023/05/10 13:48:54 op Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  *
@@ -126,12 +126,12 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
 			continue;
 
 		if (type == GEN_DNS) {
-			unsigned char	*data;
+			const unsigned char	*data;
 			int		 format, len;
 
 			format = ASN1_STRING_type(altname->d.dNSName);
 			if (format == V_ASN1_IA5STRING) {
-				data = ASN1_STRING_data(altname->d.dNSName);
+				data = ASN1_STRING_get0_data(altname->d.dNSName);
 				len = ASN1_STRING_length(altname->d.dNSName);
 
 				if (len < 0 || (size_t)len != strlen(data)) {
@@ -171,11 +171,11 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
 			}
 
 		} else if (type == GEN_IPADD) {
-			unsigned char	*data;
+			const unsigned char	*data;
 			int		 datalen;
 
 			datalen = ASN1_STRING_length(altname->d.iPAddress);
-			data = ASN1_STRING_data(altname->d.iPAddress);
+			data = ASN1_STRING_get0_data(altname->d.iPAddress);
 
 			if (datalen < 0) {
 				tls_set_errorx(ctx,
-- 
2.20.1