Const-correct sk_FOO_deep_copy's copy callback.
This aligns with upstream OpenSSL, so it's hopefully more compatible.
Code search says no one outside of the project uses this function, so
it's unlikely to break anyone.
Whether it makes things better is a bit of a wash: OBJ_dup and
OPENSSL_strdup loose a pointless wrapper. X509_NAME_dup gains one, but
hopefully that can be resolved once we solve the X509_NAME
const-correctness problem. CRYPTO_BUFFER_up_ref gains one... really
FOO_up_ref should have type const T * -> T *, but OpenSSL decided it
returns int, so we've got to cast.
Change-Id: Ifa6eaf26777ac7239db6021fc1eafcaed98e42c4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/56032
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index 05bcf6f..5b61eba 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@@ -214,9 +214,9 @@
}
}
if (session->certs != nullptr) {
- auto buf_up_ref = [](CRYPTO_BUFFER *buf) {
- CRYPTO_BUFFER_up_ref(buf);
- return buf;
+ auto buf_up_ref = [](const CRYPTO_BUFFER *buf) {
+ CRYPTO_BUFFER_up_ref(const_cast<CRYPTO_BUFFER *>(buf));
+ return const_cast<CRYPTO_BUFFER*>(buf);
};
new_session->certs.reset(sk_CRYPTO_BUFFER_deep_copy(
session->certs.get(), buf_up_ref, CRYPTO_BUFFER_free));
