mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-03-14 03:22:06 +01:00
73732abfb2
Starting with OpenSSL 4.0, X509_get_subject_name(), X509_get_issuer_name(), and X509_CRL_get_issuer() return a const-qualified X509_NAME pointer. Similarly, X509_NAME_get_entry() returns a const X509_NAME_ENTRY *, and X509_NAME_ENTRY_get_data() returns a const ASN1_STRING *. Introduce the __X509_NAME_CONST__ macro (defined to 'const' for OpenSSL >= 4.0.0, empty for WolfSSL and older OpenSSL version which lacks const on these APIs) and use it to qualify X509_NAME * variables and the parameters of the three DN helper functions ssl_sock_get_dn_entry(), ssl_sock_get_dn_formatted(), and ssl_sock_get_dn_oneline(). This avoids both const-qualifier warnings on OpenSSL 4.0 and discarded-qualifier warnings on WolfSSL, without needing explicit casts at call sites. In ssl_sock.c (ssl_get_client_ca_file) and ssl_gencert.c (ssl_sock_do_create_cert), a __X509_NAME_CONST__ X509_NAME * variable was being reused to store the result of X509_NAME_dup() and then passed to mutating functions (X509_NAME_add_entry_by_txt, X509_NAME_free). Introduce separate X509_NAME * variables (xn_dup, subject) to hold the mutable duplicate. Original patch from Alexandr Nedvedicky <sashan@openssl.org>: https://www.mail-archive.com/haproxy@formilux.org/msg46696.html