From: Todd C. Miller <millert@openbsd.org>
Subject: Re: isakmpd: don't reach into ASN1_STRING [step 1/2]
To: Theo Buehler <tb@theobuehler.org>
Cc: tech@openbsd.org, beck@openbsd.org
Date: Mon, 24 Nov 2025 16:03:11 -0700

On Mon, 24 Nov 2025 15:31:58 +0100, Theo Buehler wrote:

> beck and davidben have plans to make ASN1_STRING opaque in OpenSSL 4 [1].
> This breaks somewhere in the vicinity of 200 ports, so I don't think we'll
> flip the switch anytime soon in libressl, but I want base to be ready for
> that since that makes my life easier.
>
> This is the first of two steps to convert isakmpd. ASN1_STRING_length()
> and ASN1_STRING_get0_data() are dumb accessors. The latter returns a
> const pointer, so add a minor adjustment for that, the rest is entirely
> straightforward.

OK millert@

 - todd