> On 26 May 2026, at 08:02, Michael Paquier <[email protected]> wrote: > > On Tue, May 19, 2026 at 02:18:08PM -0700, Daniel Gustafsson wrote: >>> On 8 May 2026, at 00:21, Daniel Gustafsson <[email protected]> wrote: >> >>> I think the changes are straightforward enough that we can go ahead with >>> them. >>> I'll re-test and re-post a new patchset for all branches once the minors >>> ship. >> >> Attached are rebased versions of this patchset for v14-master. > > I have a question here. Most of the changes relate to the use of const > where the OpenSSL APIs require these to be so, but why is this a new > requirement for 4.0? I can see that for most of the upstream > routines, the const changes are much older, like in 8cc86b81ac20 for > X509_NAME_get_text_by_NID() applying down to branch openssl-3.0.
It is very true that OpenSSL has been constifying the API over time, the change in 4.0 revolves around making more returnvalues const. In the case at hand, X509_get_subject_name() now returns a const X509_NAME pointer since commit b0f2107b4404. This wouldn't be a problem since X509_NAME_get_text_by_NID() does as you say take a const parameter, but since we have shoehorned LibreSSL support into the same file we are tied to the least common denominator and LibreSSL is far behind OpenSSL on constifying. So in this case, we need to unconstify() to keep LibreSSL compiling. I have plans for fixing this in v20 but for 14-19 there isn't much we can do except unconstifying. -- Daniel Gustafsson
