Commit 7dd4b69dde for openssl.org
commit 7dd4b69dde2ebe94b72595a171993186169a4525
Author: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Tue May 3 12:42:58 2022 +0200
public API: Remove needless 'const' from scalar types
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18229)
diff --git a/CHANGES.md b/CHANGES.md
index b8452c0454..b6e40fa1fc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -114,7 +114,11 @@ OpenSSL 4.0
*Bob Beck*
- * various function parameters have been constified,
+ * Remove needless 'const' from scalar types in the public API, mostly for AES and Camellia
+
+ *David von Oheimb*
+
+ * Various function parameters have been constified,
in particular for X509-related functions.
*David von Oheimb*
diff --git a/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c
index e6a184a19f..18a70e6288 100644
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@@ -24,7 +24,7 @@
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc)
+ unsigned char *ivec, int *num, int enc)
{
CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
@@ -34,7 +34,7 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
/* N.B. This expects the input to be packed, MS bit first */
void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc)
+ unsigned char *ivec, int *num, int enc)
{
CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)AES_encrypt);
@@ -42,7 +42,7 @@ void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc)
+ unsigned char *ivec, int *num, int enc)
{
CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)AES_encrypt);
diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c
index b376e7e47d..1d28327588 100644
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -628,7 +628,7 @@ static void KeyExpansion(const unsigned char *key, u64 *w,
/**
* Expand the cipher key into the encryption key schedule.
*/
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key)
{
u64 *rk;
@@ -654,7 +654,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
/**
* Expand the cipher key into the decryption key schedule.
*/
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_decrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key)
{
return AES_set_encrypt_key(userKey, bits, key);
@@ -3042,7 +3042,7 @@ static const u32 rcon[] = {
/**
* Expand the cipher key into the encryption key schedule.
*/
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key)
{
@@ -3125,7 +3125,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
/**
* Expand the cipher key into the decryption key schedule.
*/
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_decrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key)
{
@@ -3482,7 +3482,7 @@ static const u32 rcon[] = {
/**
* Expand the cipher key into the encryption key schedule.
*/
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key)
{
u32 *rk;
@@ -3564,7 +3564,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
/**
* Expand the cipher key into the decryption key schedule.
*/
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_decrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key)
{
diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c
index 0308f3f225..220a96b539 100644
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@@ -47,7 +47,7 @@ typedef struct {
/* Use of this function is deprecated. */
void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
- unsigned char *ivec, const int enc)
+ unsigned char *ivec, int enc)
{
size_t n;
size_t len = length / AES_BLOCK_SIZE;
@@ -180,7 +180,7 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
const AES_KEY *key2, const unsigned char *ivec,
- const int enc)
+ int enc)
{
size_t n;
size_t len = length;
diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c
index 0fa994871b..e47cf7a797 100644
--- a/crypto/aes/aes_x86core.c
+++ b/crypto/aes/aes_x86core.c
@@ -476,7 +476,7 @@ static const u32 rcon[] = {
/**
* Expand the cipher key into the encryption key schedule.
*/
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key)
{
@@ -559,7 +559,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
/**
* Expand the cipher key into the decryption key schedule.
*/
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_decrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key)
{
diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl
index 541f7f8d11..0d4307a712 100755
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
@@ -2022,7 +2022,7 @@ sub declast()
# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
# size_t length, const AES_KEY *key,
-# unsigned char *ivp,const int enc);
+# unsigned char *ivp, int enc);
{
# stack frame layout
# -4(%esp) # return address 0(%esp)
@@ -2870,8 +2870,7 @@ sub enckey()
&set_label("exit");
&function_end("_x86_AES_set_encrypt_key");
-# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-# AES_KEY *key)
+# int AES_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key)
&function_begin_B("AES_set_encrypt_key");
&call ("_x86_AES_set_encrypt_key");
&ret ();
@@ -2932,8 +2931,7 @@ sub deckey()
&mov (&DWP(4*$i,$key),$tp1);
}
-# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-# AES_KEY *key)
+# int AES_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key)
&function_begin_B("AES_set_decrypt_key");
&call ("_x86_AES_set_encrypt_key");
&cmp ("eax",0);
diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl
index 4127cbb98b..c8d461d31a 100755
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -1337,8 +1337,7 @@ $code.=<<___;
___
}
-# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-# AES_KEY *key)
+# int AES_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key)
$code.=<<___;
.globl AES_set_encrypt_key
.type AES_set_encrypt_key,\@function,3
@@ -1618,8 +1617,7 @@ $code.=<<___;
___
}
-# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-# AES_KEY *key)
+# int AES_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key)
$code.=<<___;
.globl AES_set_decrypt_key
.type AES_set_decrypt_key,\@function,3
@@ -1715,7 +1713,7 @@ ___
# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
# size_t length, const AES_KEY *key,
-# unsigned char *ivp,const int enc);
+# unsigned char *ivp, int enc);
{
# stack frame layout
# -8(%rsp) return address
diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl
index 195d4cd54b..e1e7a073b5 100644
--- a/crypto/camellia/asm/cmll-x86.pl
+++ b/crypto/camellia/asm/cmll-x86.pl
@@ -549,7 +549,7 @@ my $bias=int(@T[0])?shift(@T):0;
}
# void Camellia_Ekeygen(
-# const int keyBitLength,
+# int keyBitLength,
# const Byte *rawKey,
# KEY_TABLE_TYPE keyTable)
&function_begin("Camellia_Ekeygen");
@@ -807,7 +807,7 @@ for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); }
# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out,
# size_t length, const CAMELLIA_KEY *key,
-# unsigned char *ivp,const int enc);
+# unsigned char *ivp, int enc);
{
# stack frame layout
# -4(%esp) # return address 0(%esp)
diff --git a/crypto/camellia/cmll_cbc.c b/crypto/camellia/cmll_cbc.c
index 51d8310b48..0797cbb963 100644
--- a/crypto/camellia/cmll_cbc.c
+++ b/crypto/camellia/cmll_cbc.c
@@ -18,7 +18,7 @@
void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const CAMELLIA_KEY *key,
- unsigned char *ivec, const int enc)
+ unsigned char *ivec, int enc)
{
if (enc)
diff --git a/crypto/camellia/cmll_cfb.c b/crypto/camellia/cmll_cfb.c
index ea4ab67512..a73034c40a 100644
--- a/crypto/camellia/cmll_cfb.c
+++ b/crypto/camellia/cmll_cfb.c
@@ -24,7 +24,7 @@
void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key,
- unsigned char *ivec, int *num, const int enc)
+ unsigned char *ivec, int *num, int enc)
{
CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
@@ -34,7 +34,7 @@ void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
/* N.B. This expects the input to be packed, MS bit first */
void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key,
- unsigned char *ivec, int *num, const int enc)
+ unsigned char *ivec, int *num, int enc)
{
CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)Camellia_encrypt);
@@ -42,7 +42,7 @@ void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const CAMELLIA_KEY *key,
- unsigned char *ivec, int *num, const int enc)
+ unsigned char *ivec, int *num, int enc)
{
CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
(block128_f)Camellia_encrypt);
diff --git a/crypto/camellia/cmll_ecb.c b/crypto/camellia/cmll_ecb.c
index fddf7c7837..dafd7fa578 100644
--- a/crypto/camellia/cmll_ecb.c
+++ b/crypto/camellia/cmll_ecb.c
@@ -17,7 +17,7 @@
#include "cmll_local.h"
void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
- const CAMELLIA_KEY *key, const int enc)
+ const CAMELLIA_KEY *key, int enc)
{
if (CAMELLIA_ENCRYPT == enc)
Camellia_encrypt(in, out, key);
diff --git a/crypto/camellia/cmll_misc.c b/crypto/camellia/cmll_misc.c
index 30db3a380c..bad991c2c3 100644
--- a/crypto/camellia/cmll_misc.c
+++ b/crypto/camellia/cmll_misc.c
@@ -17,7 +17,7 @@
#include <openssl/camellia.h>
#include "cmll_local.h"
-int Camellia_set_key(const unsigned char *userKey, const int bits,
+int Camellia_set_key(const unsigned char *userKey, int bits,
CAMELLIA_KEY *key)
{
if (!userKey || !key)
diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c
index f5436d1d3b..276cd0afd0 100644
--- a/crypto/x509/v3_addr.c
+++ b/crypto/x509/v3_addr.c
@@ -544,7 +544,7 @@ err:
* Add an inheritance element.
*/
int X509v3_addr_add_inherit(IPAddrBlocks *addr,
- const unsigned afi, const unsigned *safi)
+ unsigned afi, const unsigned *safi)
{
IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
@@ -595,7 +595,7 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
int X509v3_addr_add_prefix(IPAddrBlocks *addr,
const unsigned afi,
const unsigned *safi,
- unsigned char *a, const int prefixlen)
+ unsigned char *a, int prefixlen)
{
IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
IPAddressOrRange *aor;
@@ -613,7 +613,7 @@ int X509v3_addr_add_prefix(IPAddrBlocks *addr,
* Add a range.
*/
int X509v3_addr_add_range(IPAddrBlocks *addr,
- const unsigned afi,
+ unsigned afi,
const unsigned *safi,
unsigned char *min, unsigned char *max)
{
@@ -652,9 +652,9 @@ static int extract_min_max(IPAddressOrRange *aor,
* Public wrapper for extract_min_max().
*/
int X509v3_addr_get_range(IPAddressOrRange *aor,
- const unsigned afi,
+ unsigned afi,
unsigned char *min,
- unsigned char *max, const int length)
+ unsigned char *max, int length)
{
int afi_length = length_from_afi(afi);
diff --git a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
index a0a4bd6367..d3e69583bf 100644
--- a/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
@@ -14,7 +14,7 @@ SSL_set_tlsext_host_name - handle server name indication (SNI)
int (*cb)(SSL *s, int *al, void *arg));
long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
- const char *SSL_get_servername(const SSL *s, const int type);
+ const char *SSL_get_servername(const SSL *s, int type);
int SSL_get_servername_type(const SSL *s);
int SSL_set_tlsext_host_name(const SSL *s, const char *name);
diff --git a/include/openssl/aes.h b/include/openssl/aes.h
index 2b6c683988..892d0bd168 100644
--- a/include/openssl/aes.h
+++ b/include/openssl/aes.h
@@ -47,10 +47,10 @@ typedef struct aes_key_st AES_KEY;
#ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0 const char *AES_options(void);
OSSL_DEPRECATEDIN_3_0
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_encrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key);
OSSL_DEPRECATEDIN_3_0
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+int AES_set_decrypt_key(const unsigned char *userKey, int bits,
AES_KEY *key);
OSSL_DEPRECATEDIN_3_0
void AES_encrypt(const unsigned char *in, unsigned char *out,
@@ -60,23 +60,23 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
const AES_KEY *key);
OSSL_DEPRECATEDIN_3_0
void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
- const AES_KEY *key, const int enc);
+ const AES_KEY *key, int enc);
OSSL_DEPRECATEDIN_3_0
void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
- unsigned char *ivec, const int enc);
+ unsigned char *ivec, int enc);
OSSL_DEPRECATEDIN_3_0
void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc);
+ unsigned char *ivec, int *num, int enc);
OSSL_DEPRECATEDIN_3_0
void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc);
+ unsigned char *ivec, int *num, int enc);
OSSL_DEPRECATEDIN_3_0
void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc);
+ unsigned char *ivec, int *num, int enc);
OSSL_DEPRECATEDIN_3_0
void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
@@ -86,12 +86,12 @@ void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
OSSL_DEPRECATEDIN_3_0
void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key,
- unsigned char *ivec, const int enc);
+ unsigned char *ivec, int enc);
/* NB: the IV is _four_ blocks long */
OSSL_DEPRECATEDIN_3_0
void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
size_t length, const AES_KEY *key, const AES_KEY *key2,
- const unsigned char *ivec, const int enc);
+ const unsigned char *ivec, int enc);
OSSL_DEPRECATEDIN_3_0
int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
unsigned char *out, const unsigned char *in,
diff --git a/include/openssl/camellia.h b/include/openssl/camellia.h
index aec94e4efc..e9b726571f 100644
--- a/include/openssl/camellia.h
+++ b/include/openssl/camellia.h
@@ -56,7 +56,7 @@ typedef struct camellia_key_st CAMELLIA_KEY;
#endif /* OPENSSL_NO_DEPRECATED_3_0 */
#ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0 int Camellia_set_key(const unsigned char *userKey,
- const int bits,
+ int bits,
CAMELLIA_KEY *key);
OSSL_DEPRECATEDIN_3_0 void Camellia_encrypt(const unsigned char *in,
unsigned char *out,
@@ -67,34 +67,34 @@ OSSL_DEPRECATEDIN_3_0 void Camellia_decrypt(const unsigned char *in,
OSSL_DEPRECATEDIN_3_0 void Camellia_ecb_encrypt(const unsigned char *in,
unsigned char *out,
const CAMELLIA_KEY *key,
- const int enc);
+ int enc);
OSSL_DEPRECATEDIN_3_0 void Camellia_cbc_encrypt(const unsigned char *in,
unsigned char *out,
size_t length,
const CAMELLIA_KEY *key,
unsigned char *ivec,
- const int enc);
+ int enc);
OSSL_DEPRECATEDIN_3_0 void Camellia_cfb128_encrypt(const unsigned char *in,
unsigned char *out,
size_t length,
const CAMELLIA_KEY *key,
unsigned char *ivec,
int *num,
- const int enc);
+ int enc);
OSSL_DEPRECATEDIN_3_0 void Camellia_cfb1_encrypt(const unsigned char *in,
unsigned char *out,
size_t length,
const CAMELLIA_KEY *key,
unsigned char *ivec,
int *num,
- const int enc);
+ int enc);
OSSL_DEPRECATEDIN_3_0 void Camellia_cfb8_encrypt(const unsigned char *in,
unsigned char *out,
size_t length,
const CAMELLIA_KEY *key,
unsigned char *ivec,
int *num,
- const int enc);
+ int enc);
OSSL_DEPRECATEDIN_3_0 void Camellia_ofb128_encrypt(const unsigned char *in,
unsigned char *out,
size_t length,
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 34d376863a..7dfd8c1be4 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -247,7 +247,7 @@ int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
#define TLSEXT_MAXLEN_host_name 255
-__owur const char *SSL_get_servername(const SSL *s, const int type);
+__owur const char *SSL_get_servername(const SSL *s, int type);
__owur int SSL_get_servername_type(const SSL *s);
/*
* SSL_export_keying_material exports a value derived from the master secret,
diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in
index 29231d22de..e35e52fbb8 100644
--- a/include/openssl/x509v3.h.in
+++ b/include/openssl/x509v3.h.in
@@ -945,17 +945,17 @@ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
ASN1_INTEGER *min, ASN1_INTEGER *max);
int X509v3_addr_add_inherit(IPAddrBlocks *addr,
- const unsigned afi, const unsigned *safi);
+ unsigned afi, const unsigned *safi);
int X509v3_addr_add_prefix(IPAddrBlocks *addr,
- const unsigned afi, const unsigned *safi,
+ unsigned afi, const unsigned *safi,
unsigned char *a, const int prefixlen);
int X509v3_addr_add_range(IPAddrBlocks *addr,
- const unsigned afi, const unsigned *safi,
+ unsigned afi, const unsigned *safi,
unsigned char *min, unsigned char *max);
unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
-int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
+int X509v3_addr_get_range(IPAddressOrRange *aor, unsigned afi,
unsigned char *min, unsigned char *max,
- const int length);
+ int length);
/*
* Canonical forms.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9efda38100..60bb051f26 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3471,7 +3471,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
*
* Note that only the host_name type is defined (RFC 3546).
*/
-const char *SSL_get_servername(const SSL *s, const int type)
+const char *SSL_get_servername(const SSL *s, int type)
{
const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
int server;