From 8155187edeca288fb0ec5527b78ee7a73c76bce2 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 3 Apr 2026 02:33:21 +0000 Subject: [PATCH] rpki-client: cast extension passed to X509_EXTENSION_get_object() Again this is currently a noop which is needed since this simple getter isn't const correct in OpenSSL < 4 and LibreSSL and because OpenSSL 4 fixed this. discussed with claudio --- usr.sbin/rpki-client/cert.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr.sbin/rpki-client/cert.c b/usr.sbin/rpki-client/cert.c index 84d2131d2d6..7913fb9fa06 100644 --- a/usr.sbin/rpki-client/cert.c +++ b/usr.sbin/rpki-client/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.228 2026/04/03 02:23:33 tb Exp $ */ +/* $OpenBSD: cert.c,v 1.229 2026/04/03 02:33:21 tb Exp $ */ /* * Copyright (c) 2022,2025 Theo Buehler * Copyright (c) 2021 Job Snijders @@ -1530,7 +1530,8 @@ cert_parse_extensions(const char *fn, struct cert *cert) for (i = 0; i < extsz; i++) { ext = X509_get_ext(x, i); assert(ext != NULL); - obj = X509_EXTENSION_get_object(ext); + /* XXX - cast away const for OpenSSL 3 and LibreSSL */ + obj = X509_EXTENSION_get_object((X509_EXTENSION *)ext); assert(obj != NULL); /* The switch is ordered following RFC 6487, section 4.8. */