summaryrefslogtreecommitdiff
path: root/lib/libtls/tls_verify.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libtls/tls_verify.c')
-rw-r--r--lib/libtls/tls_verify.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/libtls/tls_verify.c b/lib/libtls/tls_verify.c
index 685146a4a9a..fbbed7969c4 100644
--- a/lib/libtls/tls_verify.c
+++ b/lib/libtls/tls_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_verify.c,v 1.21 2023/05/05 14:05:33 tb Exp $ */
+/* $OpenBSD: tls_verify.c,v 1.22 2023/05/10 13:48:54 op Exp $ */
/*
* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
*
@@ -126,12 +126,12 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
continue;
if (type == GEN_DNS) {
- unsigned char *data;
+ const unsigned char *data;
int format, len;
format = ASN1_STRING_type(altname->d.dNSName);
if (format == V_ASN1_IA5STRING) {
- data = ASN1_STRING_data(altname->d.dNSName);
+ data = ASN1_STRING_get0_data(altname->d.dNSName);
len = ASN1_STRING_length(altname->d.dNSName);
if (len < 0 || (size_t)len != strlen(data)) {
@@ -171,11 +171,11 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
}
} else if (type == GEN_IPADD) {
- unsigned char *data;
+ const unsigned char *data;
int datalen;
datalen = ASN1_STRING_length(altname->d.iPAddress);
- data = ASN1_STRING_data(altname->d.iPAddress);
+ data = ASN1_STRING_get0_data(altname->d.iPAddress);
if (datalen < 0) {
tls_set_errorx(ctx,