From: Theo Buehler <tb@theobuehler.org>
Subject: rpki-client: sprinkle some const
To: tech@openbsd.org
Date: Tue, 15 Oct 2024 23:30:24 +0200

This makes rpki-client build cleanly when compiled against OpenSSL 3
and configured with --with-openssl-cflags=-DOPENSSL_SUPPRESS_DEPRECATED.
I'm not sure we want this flag in -portable, but there is no harm in
const correctness for OpenSSL 3 here.

Index: validate.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/validate.c,v
diff -u -p -r1.76 validate.c
--- validate.c	17 Jun 2024 18:52:50 -0000	1.76
+++ validate.c	15 Oct 2024 21:01:23 -0000
@@ -587,7 +587,7 @@ valid_uuid(const char *s)
 static int
 valid_ca_pkey_rsa(const char *fn, EVP_PKEY *pkey)
 {
-	RSA		*rsa;
+	const RSA	*rsa;
 	const BIGNUM	*rsa_e;
 	int		 key_bits;
 
@@ -618,7 +618,7 @@ valid_ca_pkey_rsa(const char *fn, EVP_PK
 static int
 valid_ca_pkey_ec(const char *fn, EVP_PKEY *pkey)
 {
-	EC_KEY		*ec;
+	const EC_KEY	*ec;
 	const EC_GROUP	*group;
 	int		 nid;
 	const char	*cname;
Index: x509.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/x509.c,v
diff -u -p -r1.103 x509.c
--- x509.c	7 Oct 2024 14:45:33 -0000	1.103
+++ x509.c	15 Oct 2024 21:00:30 -0000
@@ -413,7 +413,7 @@ char *
 x509_get_pubkey(X509 *x, const char *fn)
 {
 	EVP_PKEY	*pkey;
-	EC_KEY		*eckey;
+	const EC_KEY	*eckey;
 	int		 nid;
 	const char	*cname;
 	uint8_t		*pubkey = NULL;