Const-correct some functions.
Callers should not mutate these.
Update-Note: I believe I've fixed up everything. If I missed one, the
fix should be straightforward.
Change-Id: Ifbce4961204822f57502a0de33aaa5a2a08b026d
Reviewed-on: https://boringssl-review.googlesource.com/28266
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 1033749..187eb74 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1458,7 +1458,7 @@
// verification. The caller does not take ownership of the result.
//
// This is the |CRYPTO_BUFFER| variant of |SSL_get_peer_full_cert_chain|.
-OPENSSL_EXPORT STACK_OF(CRYPTO_BUFFER) *
+OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) *
SSL_get0_peer_certificates(const SSL *ssl);
// SSL_get0_signed_cert_timestamp_list sets |*out| and |*out_len| to point to
@@ -2556,8 +2556,8 @@
//
// The returned stack is owned by |ssl|, as are its contents. It should not be
// used past the point where the handshake is restarted after the callback.
-OPENSSL_EXPORT STACK_OF(CRYPTO_BUFFER) *SSL_get0_server_requested_CAs(
- const SSL *ssl);
+OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) *
+ SSL_get0_server_requested_CAs(const SSL *ssl);
// SSL_CTX_get_client_CA_list returns |ctx|'s client certificate CA list.
OPENSSL_EXPORT STACK_OF(X509_NAME) *
diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index 8b56955..a089c40 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc
@@ -818,7 +818,7 @@
ssl_cert_set_cert_cb(ssl->config->cert, cb, arg);
}
-STACK_OF(CRYPTO_BUFFER) *SSL_get0_peer_certificates(const SSL *ssl) {
+const STACK_OF(CRYPTO_BUFFER) *SSL_get0_peer_certificates(const SSL *ssl) {
SSL_SESSION *session = SSL_get_session(ssl);
if (session == NULL) {
return NULL;
@@ -827,7 +827,7 @@
return session->certs;
}
-STACK_OF(CRYPTO_BUFFER) *SSL_get0_server_requested_CAs(const SSL *ssl) {
+const STACK_OF(CRYPTO_BUFFER) *SSL_get0_server_requested_CAs(const SSL *ssl) {
if (ssl->s3->hs == NULL) {
return NULL;
}
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 347f9da..6ff7948 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -3293,7 +3293,7 @@
SSL_CTX_set_cert_cb(
client_ctx.get(),
[](SSL *ssl, void *arg) -> int {
- STACK_OF(CRYPTO_BUFFER) *peer_names =
+ const STACK_OF(CRYPTO_BUFFER) *peer_names =
SSL_get0_server_requested_CAs(ssl);
EXPECT_EQ(1u, sk_CRYPTO_BUFFER_num(peer_names));
CRYPTO_BUFFER *peer_name = sk_CRYPTO_BUFFER_value(peer_names, 0);
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index cd9b770..08206d3 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -599,7 +599,7 @@
}
}
- STACK_OF(CRYPTO_BUFFER) *buffers = SSL_get0_server_requested_CAs(ssl);
+ const STACK_OF(CRYPTO_BUFFER) *buffers = SSL_get0_server_requested_CAs(ssl);
if (sk_CRYPTO_BUFFER_num(buffers) != num_received) {
fprintf(stderr,
"Mismatch between SSL_get_server_requested_CAs and "