commit 5f001d142302910ac0c0534dd7d6f2526bc2ed31
author David Benjamin <davidben@google.com> Tue May 08 16:46:48 2018 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri May 11 15:10:35 2018 +0000
tree f30cb6c5cd0ee5cb1d27f4667c0b957b93d4100f
parent 26ba48a6fbbf7b25bbfb521d3f5591e2d5a0b4bd

Const-correct some functions.

Callers should not mutate these.

Update-Note: I believe I've fixed up everything. If I missed one, the
fix should be straightforward.

Change-Id: Ifbce4961204822f57502a0de33aaa5a2a08b026d
Reviewed-on: https://boringssl-review.googlesource.com/28266
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>

include/openssl/ssl.h

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 1033749..187eb74 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1458,7 +1458,7 @@
 // verification. The caller does not take ownership of the result.
 //
 // This is the |CRYPTO_BUFFER| variant of |SSL_get_peer_full_cert_chain|.
-OPENSSL_EXPORT STACK_OF(CRYPTO_BUFFER) *
+OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) *
     SSL_get0_peer_certificates(const SSL *ssl);
 
 // SSL_get0_signed_cert_timestamp_list sets |*out| and |*out_len| to point to
@@ -2556,8 +2556,8 @@
 //
 // The returned stack is owned by |ssl|, as are its contents. It should not be
 // used past the point where the handshake is restarted after the callback.
-OPENSSL_EXPORT STACK_OF(CRYPTO_BUFFER) *SSL_get0_server_requested_CAs(
-    const SSL *ssl);
+OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) *
+    SSL_get0_server_requested_CAs(const SSL *ssl);
 
 // SSL_CTX_get_client_CA_list returns |ctx|'s client certificate CA list.
 OPENSSL_EXPORT STACK_OF(X509_NAME) *

ssl/ssl_cert.cc

diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index 8b56955..a089c40 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc
@@ -818,7 +818,7 @@
   ssl_cert_set_cert_cb(ssl->config->cert, cb, arg);
 }
 
-STACK_OF(CRYPTO_BUFFER) *SSL_get0_peer_certificates(const SSL *ssl) {
+const STACK_OF(CRYPTO_BUFFER) *SSL_get0_peer_certificates(const SSL *ssl) {
   SSL_SESSION *session = SSL_get_session(ssl);
   if (session == NULL) {
     return NULL;
@@ -827,7 +827,7 @@
   return session->certs;
 }
 
-STACK_OF(CRYPTO_BUFFER) *SSL_get0_server_requested_CAs(const SSL *ssl) {
+const STACK_OF(CRYPTO_BUFFER) *SSL_get0_server_requested_CAs(const SSL *ssl) {
   if (ssl->s3->hs == NULL) {
     return NULL;
   }

ssl/ssl_test.cc

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 347f9da..6ff7948 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -3293,7 +3293,7 @@
   SSL_CTX_set_cert_cb(
       client_ctx.get(),
       [](SSL *ssl, void *arg) -> int {
-        STACK_OF(CRYPTO_BUFFER) *peer_names =
+        const STACK_OF(CRYPTO_BUFFER) *peer_names =
             SSL_get0_server_requested_CAs(ssl);
         EXPECT_EQ(1u, sk_CRYPTO_BUFFER_num(peer_names));
         CRYPTO_BUFFER *peer_name = sk_CRYPTO_BUFFER_value(peer_names, 0);

ssl/test/bssl_shim.cc

diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index cd9b770..08206d3 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -599,7 +599,7 @@
       }
     }
 
-    STACK_OF(CRYPTO_BUFFER) *buffers = SSL_get0_server_requested_CAs(ssl);
+    const STACK_OF(CRYPTO_BUFFER) *buffers = SSL_get0_server_requested_CAs(ssl);
     if (sk_CRYPTO_BUFFER_num(buffers) != num_received) {
       fprintf(stderr,
               "Mismatch between SSL_get_server_requested_CAs and "