diff options
author | Patrick Schlangen <patrick@schlangen.me> | 2018-01-10 12:06:35 -0500 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2018-01-10 12:48:44 -0500 |
commit | a41a6120cdcb7e883481bc1bed55e7157c9255c4 (patch) | |
tree | 901fcd65a06da5b7b22233538831c7c44a58e55d /doc/man3/SSL_CTX_dane_enable.pod | |
parent | 433a2e038423f111f5f9e66fe6d8ad67dd241422 (diff) | |
download | openssl-new-a41a6120cdcb7e883481bc1bed55e7157c9255c4.tar.gz |
Make data argument const in SSL_dane_tlsa_add
The data argument of SSL_dane_tlsa_add is used read-only, so it
should be const.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5056)
Diffstat (limited to 'doc/man3/SSL_CTX_dane_enable.pod')
-rw-r--r-- | doc/man3/SSL_CTX_dane_enable.pod | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/man3/SSL_CTX_dane_enable.pod b/doc/man3/SSL_CTX_dane_enable.pod index 9415065b2d..1efe60763c 100644 --- a/doc/man3/SSL_CTX_dane_enable.pod +++ b/doc/man3/SSL_CTX_dane_enable.pod @@ -18,7 +18,7 @@ TLS client uint8_t mtype, uint8_t ord); int SSL_dane_enable(SSL *s, const char *basedomain); int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, - uint8_t mtype, unsigned char *data, size_t dlen); + uint8_t mtype, unsigned const char *data, size_t dlen); int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, uint8_t *mtype, unsigned const char **data, @@ -76,6 +76,8 @@ TLSA records that apply to the remote TLS peer. The arguments specify the fields of the TLSA record. The B<data> field is provided in binary (wire RDATA) form, not the hexadecimal ASCII presentation form, with an explicit length passed via B<dlen>. +The library takes a copy of the B<data> buffer contents and the caller may +free the original B<data> buffer when convenient. A return value of 0 indicates that "unusable" TLSA records (with invalid or unsupported parameters) were provided. A negative return value indicates an internal error in processing the record. |