diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 99d68b32b4..9b92f2ac2b 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -391,8 +391,7 @@ int ossl_x509_print_ex_brief(BIO *bio, const X509 *cert, unsigned long neg_cflag if (BIO_printf(bio, " certificate\n") <= 0 || !X509_print_ex(bio, cert, flags, ~X509_FLAG_NO_SUBJECT)) goto err; - /* XXX casts away const - remove cast once #30067 lands */ - if (X509_check_issued((X509 *)cert, (X509 *)cert) == X509_V_OK) { + if (X509_check_issued(cert, cert) == X509_V_OK) { if (BIO_printf(bio, " self-issued\n") <= 0) goto err; } else { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index c5428dc15d..8d93eca935 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -493,8 +493,7 @@ end: /* Check that the given certificate |x| is issued by the certificate |issuer| */ static int check_issued(ossl_unused X509_STORE_CTX *ctx, const X509 *x, const X509 *issuer) { - /* XXX casts away const, remove cast when #30067 lands */ - int err = ossl_x509_likely_issued((X509 *)issuer, (X509 *)x); + int err = ossl_x509_likely_issued(issuer, x); if (err == X509_V_OK) return 1; @@ -2693,7 +2692,7 @@ void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth) ctx->error_depth = depth; } -const X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx) +X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx) { return ctx->current_cert; } @@ -2715,7 +2714,7 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx) return X509_chain_up_ref(ctx->chain); } -const X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx) +X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx) { return ctx->current_issuer; } @@ -2730,10 +2729,9 @@ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx) return ctx->parent; } -void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, const X509 *x) +void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) { - /* XXX casts away const - fix by making ctx->cert const */ - ctx->cert = (X509 *)x; + ctx->cert = x; } void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *rpk) @@ -3075,7 +3073,7 @@ void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx, ctx->current_reasons = current_reasons; } -const X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx) +X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx) { return ctx->cert; } diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod index dae6fa7d03..e1c7ae734c 100644 --- a/doc/man3/X509_STORE_CTX_get_error.pod +++ b/doc/man3/X509_STORE_CTX_get_error.pod @@ -18,9 +18,9 @@ information void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); - const X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx); + X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); - const X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); + X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx); diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index fb34afdb1e..143438655e 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -32,13 +32,13 @@ X509_STORE_CTX_purpose_inherit void X509_STORE_CTX_free(X509_STORE_CTX *ctx); int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, - const X509 *target, STACK_OF(X509) *untrusted); + X509 *target, STACK_OF(X509) *untrusted); int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store, EVP_PKEY *rpk); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); - void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, const X509 *target); + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target); diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in index 575299c91d..3d1fe26e0f 100644 --- a/include/openssl/x509_vfy.h.in +++ b/include/openssl/x509_vfy.h.in @@ -505,7 +505,7 @@ void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx); -const X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); @@ -688,14 +688,14 @@ int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); -const X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); -const X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx); X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx); X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); -void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, const X509 *target); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);