Camp, TracyX E wrote:
....
> Comments, etc. welcomed.


I've committed one part of the patch (to OpenSSL_0_9_8-stable and the
cvs head). The changes in crypto/x509/ are little bit problematic IMHO
as it could require code changes in application using the existing
macros. For example if you have something like:
const X509 *cert = ....;
...
const ASN1_TIME *atime = X509_get_notBefore(cert);
this should at least create a warning as your function prototype
is
ASN1_TIME *X509_get_notBefore(X509 *);
I would prefer
const ASN1_TIME *X509_get_notBefore(const X509 *);
but this will cause problems if the code relies on the fact
the returned object is not const ...
For 0.9.9-dev I would prefer making the parameter (and hence the
return type) in the X509_foo_get() functions const but I'm not
sure if we should change this behaviour in 0.9.8-stable.
Comments are welcome.

Cheers,
Nils
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org