[openssl-dev] [PATCH] libssl: scsv variable must be const

Mon Jan 26 22:59:54 UTC 2015

On Mon, Jan 26, 2015 at 07:47:41PM -0300, Cristian Rodr?guez wrote:

You say "scsv variable must be const".  I agree it *should* be
declared constant as a matter of hygiene, and so we should adopt
the patch.  Still I am puzzled why you use the word "must".  Did
some compiler object?  If so, which one?

> --- a/ssl/ssl_lib.c
> +++ b/ssl/ssl_lib.c
> @@ -1481,7 +1481,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
>       */
>      if (p != q) {
>          if (empty_reneg_info_scsv) {
> -            static SSL_CIPHER scsv = {
> +            static const SSL_CIPHER scsv = {
>                  0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
>              };
>              j = put_cb(&scsv, p);
> @@ -1492,7 +1492,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
>  #endif
>          }
>          if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
> -            static SSL_CIPHER scsv = {
> +            static const SSL_CIPHER scsv = {
>                  0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
>              };
>              j = put_cb(&scsv, p);

The put_cb() callback takes a "const SSL_CIPHER *" as its first
argument, passing a non-const argument is AFAIK acceptable.

-- 
	Viktor.