The previous commit to crypto/stack/*.[ch] pulled the type-safety strings yet tighter, and also put some heat on the rest of the library by insisting (correctly) that compare callbacks used in stacks are prototyped with "const" parameters. This has led to a depth-first explosion of compiler warnings in the code where 1 constification has led to 3 or 4 more. Fortunately these have all been resolved to completion and the code seems cleaner as a result - in particular many of the _cmp() functions should have been prototyped with "const"s, and now are. There was one little problem however; X509_cmp() should by rights compare "const X509 *" pointers, and it is now declared as such. However, it's internal workings can involve recalculating hash values and extensions if they have not already been setup. Someone with a more intricate understanding of the flow control of X509 might be able to tighten this up, but for now - this seemed the obvious place to stop the "depth-first" constification of the code by using an evil cast (they have migrated all the way here from safestack.h). Fortunately, this is the only place in the code where this was required to complete these type-safety changes, and it's reasonably clear and commented, and seemed the least unacceptable of the options. Trying to take the constification further ends up exploding out considerably, and indeed leads directly into generalised ASN functions which are not likely to cooperate well with this.
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 6a09d6a..1977707 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c
@@ -69,7 +69,7 @@ static int ssl3_client_hello(SSL *s); static int ssl3_get_server_hello(SSL *s); static int ssl3_get_certificate_request(SSL *s); -static int ca_dn_cmp(X509_NAME **a,X509_NAME **b); +static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); static int ssl3_get_server_done(SSL *s); static int ssl3_send_client_verify(SSL *s); static int ssl3_send_client_certificate(SSL *s); @@ -1275,7 +1275,7 @@ return(ret); } -static int ca_dn_cmp(X509_NAME **a, X509_NAME **b) +static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) { return(X509_NAME_cmp(*a,*b)); }
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index e134e6f..fc8b8a7 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c
@@ -568,7 +568,7 @@ return(add_client_CA(&(ctx->client_CA),x)); } -static int xname_cmp(X509_NAME **a,X509_NAME **b) +static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) { return(X509_NAME_cmp(*a,*b)); } @@ -649,7 +649,7 @@ X509 *x=NULL; X509_NAME *xn=NULL; int ret=1; - int (*oldcmp)(X509_NAME **a, X509_NAME **b); + int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index a5b2b97..817b6b3 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c
@@ -1037,7 +1037,8 @@ return(NULL); } -static int sk_comp_cmp(SSL_COMP **a,SSL_COMP **b) +static int sk_comp_cmp(const SSL_COMP * const *a, + const SSL_COMP * const *b) { return((*a)->id-(*b)->id); }
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c515c41..f4eb35b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -874,7 +874,7 @@ } } -int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b) +int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) { long l; @@ -885,7 +885,8 @@ return((l > 0)?1:-1); } -int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp) +int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, + const SSL_CIPHER * const *bp) { long l;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 9a52bab..d70fff4 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h
@@ -423,8 +423,9 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session,int len); -int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b); -int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp); +int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); +int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, + const SSL_CIPHER * const *bp); STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, STACK_OF(SSL_CIPHER) **skp); int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);