CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/04/02 20:10:11
Modified files:
usr.sbin/rpki-client: cert.c
Log message:
rpki-client: cast away const for X509_get_X509_PUBKEY()
In cert_check_spki() the pubkey is a libcrypto-internal pointer hanging
off cert->x509, which is then passed to the very const-incorrect getter
X509_PUBKEY_get0_param(): that's a piece of art which hands back pointers
to things deeper down in the x509 - some of them const, some non-const.
OpenSSL 3 made its X509_PUBKEY argument const, but their X509_ALGOR **
still isn't. I don't believe they thought about this in #11894 as they
had a more important _cmp() vs _eq() bikeshed to sort out.
discussed with claudio
