Commit 584e176a3c for openssl.org
commit 584e176a3c2b85ad38709494934bc2979c8eb2b8
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date: Thu Mar 5 18:46:54 2026 +0100
Un-constify X509_OBJECT_get0_X509 and X509_OBJECT_set1_X509
This partially reverts commit 367c54ef1105 "Constify
X509_OBJECT_[get0|set1]_X509 and friends", as well as removes them from
the list added in c0f82d915f38 "Describe X509 constification and ASN1_STRING
changes". Constification of X509_get_pubkey() arguments remains in place.
Resolves: https://github.com/openssl/project/issues/1892
Complements: 367c54ef1105 "Constify X509_OBJECT_[get0|set1]_X509 and friends"
Complements: c0f82d915f38 "Describe X509 constification and ASN1_STRING changes"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Fri Mar 6 18:36:10 2026
(Merged from https://github.com/openssl/openssl/pull/30276)
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index fa0414cd94..073be0dc6d 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -412,7 +412,7 @@ static int obj_ht_foreach_certs(HT_VALUE *v, void *arg)
int i, r;
for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
- const X509 *cert = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i));
+ X509 *cert = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i));
if (cert == NULL)
continue;
@@ -613,7 +613,7 @@ int X509_OBJECT_up_ref_count(X509_OBJECT *a)
return 1;
}
-const X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
{
if (a == NULL || a->type != X509_LU_X509)
return NULL;
@@ -658,14 +658,14 @@ static void x509_object_free_internal(X509_OBJECT *a)
}
}
-int X509_OBJECT_set1_X509(X509_OBJECT *a, const X509 *obj)
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj)
{
- if (a == NULL || !X509_up_ref((X509 *)obj))
+ if (a == NULL || !X509_up_ref(obj))
return 0;
x509_object_free_internal(a);
a->type = X509_LU_X509;
- a->data.x509 = (X509 *)obj;
+ a->data.x509 = obj;
return 1;
}
@@ -830,7 +830,7 @@ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store)
ossl_ht_foreach_until(store->objs_ht, obj_ht_foreach_certs, &sk);
} else {
for (int i = 0; i < sk_X509_OBJECT_num(store->objs); i++) {
- const X509 *cert = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(store->objs, i));
+ X509 *cert = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(store->objs, i));
if (cert != NULL
&& !X509_add_cert(sk, cert, X509_ADD_FLAG_UP_REF))
diff --git a/doc/man7/ossl-guide-migration.pod b/doc/man7/ossl-guide-migration.pod
index f8fd539825..b8e3352c47 100644
--- a/doc/man7/ossl-guide-migration.pod
+++ b/doc/man7/ossl-guide-migration.pod
@@ -149,8 +149,6 @@ X509_issuer_name_hash
X509_issuer_name_hash_old
X509_keyid_get0
X509_load_http
-X509_OBJECT_get0_X509
-X509_OBJECT_set1_X509
X509_print_ex_fp
X509_print_fp
X509_REQ_get1_email
diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in
index 3d1fe26e0f..81bdb6df91 100644
--- a/include/openssl/x509_vfy.h.in
+++ b/include/openssl/x509_vfy.h.in
@@ -416,8 +416,8 @@ int X509_OBJECT_up_ref_count(X509_OBJECT *a);
X509_OBJECT *X509_OBJECT_new(void);
void X509_OBJECT_free(X509_OBJECT *a);
X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a);
-const X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
-int X509_OBJECT_set1_X509(X509_OBJECT *a, const X509 *obj);
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
X509_STORE *X509_STORE_new(void);