1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libtls/tls_verify.c b/src/lib/libtls/tls_verify.c
index 685146a4a9..fbbed7969c 100644
--- a/src/lib/libtls/tls_verify.c
+++ b/src/lib/libtls/tls_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_verify.c,v 1.21 2023/05/05 14:05:33 tb Exp $ */
+/* $OpenBSD: tls_verify.c,v 1.22 2023/05/10 13:48:54 op Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 *
@@ -126,12 +126,12 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
                        continue;
                if (type == GEN_DNS) {
-                        unsigned char   *data;
+                        const unsigned char     *data;
                        int              format, len;
                        format = ASN1_STRING_type(altname->d.dNSName);
                        if (format == V_ASN1_IA5STRING) {
-                                data = ASN1_STRING_data(altname->d.dNSName);
+                                data = ASN1_STRING_get0_data(altname->d.dNSName);
                                len = ASN1_STRING_length(altname->d.dNSName);
                                if (len < 0 || (size_t)len != strlen(data)) {
@@ -171,11 +171,11 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
                        }
                } else if (type == GEN_IPADD) {
-                        unsigned char   *data;
+                        const unsigned char     *data;
                        int              datalen;
                        datalen = ASN1_STRING_length(altname->d.iPAddress);
-                        data = ASN1_STRING_data(altname->d.iPAddress);
+                        data = ASN1_STRING_get0_data(altname->d.iPAddress);
                        if (datalen < 0) {
                                tls_set_errorx(ctx,

diff --git a/src/lib/libtls/tls_verify.c b/src/lib/libtls/tls_verify.c index 685146a4a9..fbbed7969c 100644 --- a/src/lib/libtls/tls_verify.c +++ b/src/lib/libtls/tls_verify.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_verify.c,v 1.21 2023/05/05 14:05:33 tb Exp $ */	1	/* $OpenBSD: tls_verify.c,v 1.22 2023/05/10 13:48:54 op Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>	3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4	*	4	*
@@ -126,12 +126,12 @@ tls_check_subject_altname(struct tls ctx, X509 cert, const char *name,
126	continue;	126	continue;
127		127
128	if (type == GEN_DNS) {	128	if (type == GEN_DNS) {
129	unsigned char *data;	129	const unsigned char *data;
130	int format, len;	130	int format, len;
131		131
132	format = ASN1_STRING_type(altname->d.dNSName);	132	format = ASN1_STRING_type(altname->d.dNSName);
133	if (format == V_ASN1_IA5STRING) {	133	if (format == V_ASN1_IA5STRING) {
134	data = ASN1_STRING_data(altname->d.dNSName);	134	data = ASN1_STRING_get0_data(altname->d.dNSName);
135	len = ASN1_STRING_length(altname->d.dNSName);	135	len = ASN1_STRING_length(altname->d.dNSName);
136		136
137	if (len < 0 \|\| (size_t)len != strlen(data)) {	137	if (len < 0 \|\| (size_t)len != strlen(data)) {
@@ -171,11 +171,11 @@ tls_check_subject_altname(struct tls ctx, X509 cert, const char *name,
171	}	171	}
172		172
173	} else if (type == GEN_IPADD) {	173	} else if (type == GEN_IPADD) {
174	unsigned char *data;	174	const unsigned char *data;
175	int datalen;	175	int datalen;
176		176
177	datalen = ASN1_STRING_length(altname->d.iPAddress);	177	datalen = ASN1_STRING_length(altname->d.iPAddress);
178	data = ASN1_STRING_data(altname->d.iPAddress);	178	data = ASN1_STRING_get0_data(altname->d.iPAddress);
179		179
180	if (datalen < 0) {	180	if (datalen < 0) {
181	tls_set_errorx(ctx,	181	tls_set_errorx(ctx,