From 403fdbac7c204cc18847ba31a18f347a52a25838 Mon Sep 17 00:00:00 2001 From: tb Date: Mon, 25 Mar 2024 01:48:50 +0000 Subject: [PATCH] Const correct the trust handlers The certificates no longer need to be modified since we cache the extensions up front. ok beck --- lib/libcrypto/x509/x509_trs.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index 1cec0760f28..091340641bf 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_trs.c,v 1.50 2024/03/25 01:00:02 tb Exp $ */ +/* $OpenBSD: x509_trs.c,v 1.51 2024/03/25 01:48:50 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -69,17 +69,16 @@ #include "x509_local.h" typedef struct x509_trust_st { - int trust; - int (*check_trust)(int, X509 *); + int (*check_trust)(int, const X509 *); int nid; } X509_TRUST; static int -obj_trust(int id, X509 *x) +obj_trust(int id, const X509 *x) { ASN1_OBJECT *obj; int i, nid; - X509_CERT_AUX *aux; + const X509_CERT_AUX *aux; if ((aux = x->aux) == NULL) return X509_TRUST_UNTRUSTED; @@ -102,7 +101,7 @@ obj_trust(int id, X509 *x) } static int -trust_compat(int nid, X509 *x) +trust_compat(int nid, const X509 *x) { /* Extensions already cached in X509_check_trust(). */ if (x->ex_flags & EXFLAG_SS) @@ -112,7 +111,7 @@ trust_compat(int nid, X509 *x) } static int -trust_1oidany(int nid, X509 *x) +trust_1oidany(int nid, const X509 *x) { if (x->aux && (x->aux->trust || x->aux->reject)) return obj_trust(nid, x); @@ -123,7 +122,7 @@ trust_1oidany(int nid, X509 *x) } static int -trust_1oid(int nid, X509 *x) +trust_1oid(int nid, const X509 *x) { if (x->aux) return obj_trust(nid, x); -- 2.20.1