Make OCSP response and SCT list getter const-correct.
The data is owned by the SSL_SESSION, so the caller should not modify it. This
will require changes in Chromium, but they should be trivial.
Change-Id: I314718530c7d810f7c7b8852339b782b4c2dace1
Reviewed-on: https://boringssl-review.googlesource.com/2409
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index a833e63..f3afd1b 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1068,14 +1068,16 @@
* If no SCT was received then |*out_len| will be zero on return.
*
* WARNING: the returned data is not guaranteed to be well formed. */
-OPENSSL_EXPORT void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, uint8_t **out, size_t *out_len);
+OPENSSL_EXPORT void SSL_get0_signed_cert_timestamp_list(const SSL *ssl,
+ const uint8_t **out, size_t *out_len);
/* SSL_get0_ocsp_response sets |*out| and |*out_len| to point to |*out_len|
* bytes of an OCSP response from the server. This is the DER encoding of an
* OCSPResponse type as defined in RFC 2560.
*
* WARNING: the returned data is not guaranteed to be well formed. */
-OPENSSL_EXPORT void SSL_get0_ocsp_response(const SSL *ssl, uint8_t **out, size_t *out_len);
+OPENSSL_EXPORT void SSL_get0_ocsp_response(const SSL *ssl,
+ const uint8_t **out, size_t *out_len);
OPENSSL_EXPORT void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
int (*cb) (SSL *ssl,
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5fb13da..6b48a0c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1612,7 +1612,7 @@
return 1;
}
-void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, uint8_t **out, size_t *out_len)
+void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out, size_t *out_len)
{
SSL_SESSION *session = ssl->session;
@@ -1626,7 +1626,7 @@
*out_len = session->tlsext_signed_cert_timestamp_list_length;
}
-void SSL_get0_ocsp_response(const SSL *ssl, uint8_t **out, size_t *out_len)
+void SSL_get0_ocsp_response(const SSL *ssl, const uint8_t **out, size_t *out_len)
{
SSL_SESSION *session = ssl->session;