Ignore the serial number for now and just do the rest.

Reviewed-by: N Stephen Henson <steve@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1367)

Ignore the serial number for now and just do the rest.
Reviewed-by: N Stephen Henson <steve@openssl.org> Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1367)
22293ea1 · Richard J. Moore · Rich Salz · 1421aead · 22293ea1 · 22293ea1
5 changed file
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -980,14 +980,14 @@ end_of_options:
        if (verbose)
            BIO_printf(bio_err, "writing new certificates\n");
        for (i = 0; i < sk_X509_num(cert_sk); i++) {
-            const ASN1_INTEGER *serialNumber = X509_get_serialNumber(x);
+            ASN1_INTEGER *serialNumber = X509_get_serialNumber(x);
            int k;
            char *n;

            x = sk_X509_value(cert_sk, i);

            j = ASN1_STRING_length(serialNumber);
-            p = (const char *)ASN1_STRING_data((ASN1_INTEGER *)serialNumber);
+            p = (const char *)ASN1_STRING_data(serialNumber);

            if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
                BIO_printf(bio_err, "certificate file name too long\n");
@@ -1685,7 +1685,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
        goto end;
 #endif

-    if (BN_to_ASN1_INTEGER(serial, (ASN1_INTEGER *)X509_get_serialNumber(ret)) == NULL)
+    if (BN_to_ASN1_INTEGER(serial, X509_get_serialNumber(ret)) == NULL)
        goto end;
    if (selfsign) {
        if (!X509_set_issuer_name(ret, subject))

--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -22,7 +22,7 @@
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
 {
    X509_NAME *iname;
-    const ASN1_INTEGER *serial;
+    ASN1_INTEGER *serial;
    ASN1_BIT_STRING *ikey;
    if (!dgst)
        dgst = EVP_sha1();
@@ -40,7 +40,7 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
 OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
                              X509_NAME *issuerName,
                              ASN1_BIT_STRING *issuerKey,
-                              const ASN1_INTEGER *serialNumber)
+                              ASN1_INTEGER *serialNumber)
 {
    int nid;
    unsigned int i;

--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -102,7 +102,7 @@ X509_NAME *X509_get_subject_name(const X509 *a)
    return (a->cert_info.subject);
 }

-const ASN1_INTEGER *X509_get_serialNumber(const X509 *a)
+ASN1_INTEGER *X509_get_serialNumber(X509 *a)
 {
    return &a->cert_info.serialNumber;
 }

--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -187,7 +187,7 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
 OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
                              X509_NAME *issuerName,
                              ASN1_BIT_STRING *issuerKey,
-                              const ASN1_INTEGER *serialNumber);
+                              ASN1_INTEGER *serialNumber);

 OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);


--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -612,7 +612,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
 long X509_get_version(const X509 *x);
 int X509_set_version(X509 *x, long version);
 int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
-const ASN1_INTEGER *X509_get_serialNumber(const X509 *x);
+ASN1_INTEGER *X509_get_serialNumber(X509 *x);
 int X509_set_issuer_name(X509 *x, X509_NAME *name);
 X509_NAME *X509_get_issuer_name(const X509 *a);
 int X509_set_subject_name(X509 *x, X509_NAME *name);