support openssl v3; add const qualifier

[skaji]

Description

Currently make fails against openssl v3:

❯ sw_vers
ProductName:    macOS
ProductVersion: 12.2.1
BuildVersion:   21D62

❯ perl -i -pe 's/openssl\\\@1.1/openssl\\\@3/' Makefile.PL

❯ perl Makefile.PL
Generating a Unix-style Makefile
Writing Makefile for Crypt::OpenSSL::X509
Writing MYMETA.yml and MYMETA.json

❯ make
cp X509.pm blib/lib/Crypt/OpenSSL/X509.pm
Running Mkbootstrap for X509 ()
chmod 644 "X509.bs"
"/Users/skaji/env/plenv/versions/5.34.0/bin/perl" -MExtUtils::Command::MM -e 'cp_nonempty' -- X509.bs blib/arch/auto/Crypt/OpenSSL/X509/X509.bs 644
"/Users/skaji/env/plenv/versions/5.34.0/bin/perl" "/Users/skaji/env/plenv/versions/5.34.0/lib/perl5/site_perl/5.34.0/ExtUtils/xsubpp"  -typemap '/Users/skaji/env/plenv/versions/5.34.0/lib/perl5/5.34.0/ExtUtils/typemap' -typemap '/Users/skaji/src/github.com/dsully/perl-crypt-openssl-x509/typemap'  X509.xs > X509.xsc
Warning: Aliases 'subject_hash' and 'hash' have identical values in X509.xs, line 422
mv X509.xsc X509.c
cc -c  -I/usr/local/opt/openssl@3/include -fno-common -DPERL_DARWIN -mmacosx-version-min=12.2 -fno-strict-aliasing -pipe -fstack-protector-strong -I/usr/local/include -DPERL_USE_SAFE_PUTENV -Wno-error=implicit-function-declaration -O2 -g -Wall -Werror -Wno-deprecated-declarations -Wno-compound-token-split-by-macro   -DVERSION=\"1.913\" -DXS_VERSION=\"1.913\"  "-I/Users/skaji/env/plenv/versions/5.34.0/lib/perl5/5.34.0/darwin-2level/CORE"   X509.c
X509.xs:604:16: error: assigning to 'RSA *' (aka 'struct rsa_st *') from 'const struct rsa_st *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
      rsa_pkey = EVP_PKEY_get0_RSA(pkey);
               ^ ~~~~~~~~~~~~~~~~~~~~~~~
X509.xs:609:16: error: assigning to 'DSA *' (aka 'struct dsa_st *') from 'const struct dsa_st *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
      dsa_pkey = EVP_PKEY_get0_DSA(pkey);
               ^ ~~~~~~~~~~~~~~~~~~~~~~~
X509.xs:623:15: error: assigning to 'EC_KEY *' (aka 'struct ec_key_st *') from 'const struct ec_key_st *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
      ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
              ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
X509.xs:672:13: error: assigning to 'EC_KEY *' (aka 'struct ec_key_st *') from 'const struct ec_key_st *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
    ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
            ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
X509.xs:720:14: error: assigning to 'RSA *' (aka 'struct rsa_st *') from 'const struct rsa_st *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
    rsa_pkey = EVP_PKEY_get0_RSA(pkey);
             ^ ~~~~~~~~~~~~~~~~~~~~~~~
X509.xs:729:14: error: assigning to 'DSA *' (aka 'struct dsa_st *') from 'const struct dsa_st *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
    dsa_pkey = EVP_PKEY_get0_DSA(pkey);
             ^ ~~~~~~~~~~~~~~~~~~~~~~~
X509.xs:739:13: error: assigning to 'EC_KEY *' (aka 'struct ec_key_st *') from 'const struct ec_key_st *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
    ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
            ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
X509.xs:795:14: error: assigning to 'RSA *' (aka 'struct rsa_st *') from 'const struct rsa_st *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
    rsa_pkey = EVP_PKEY_get0_RSA(pkey);
             ^ ~~~~~~~~~~~~~~~~~~~~~~~
X509.xs:898:14: error: assigning to 'RSA *' (aka 'struct rsa_st *') from 'const struct rsa_st *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
    rsa_pkey = EVP_PKEY_get0_RSA(pkey);
             ^ ~~~~~~~~~~~~~~~~~~~~~~~
X509.xs:904:14: error: assigning to 'DSA *' (aka 'struct dsa_st *') from 'const struct dsa_st *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
    dsa_pkey = EVP_PKEY_get0_DSA(pkey);
             ^ ~~~~~~~~~~~~~~~~~~~~~~~
X509.xs:911:13: error: assigning to 'EC_KEY *' (aka 'struct ec_key_st *') from 'const struct ec_key_st *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
    ec_pkey = EVP_PKEY_get0_EC_KEY(pkey);
            ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
11 errors generated.
make: *** [X509.o] Error 1

In openssl v3, it seems that a lot of functions return const XXX types, not plain XXX types; so make fails. This PR adds const qualifier to some functions so that make passes against openssl v3.

Type of change

Please delete options that are not relevant.

• [ ] Bug fix (non-breaking change which fixes an issue)
• [x] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
• [ ] This change requires a documentation update

Checklist:

• [ ] My code follows the style guidelines of this project
• [x] I have performed a self-review of my own code
• [x] I have commented my code, particularly in hard-to-understand areas
• [ ] I have made corresponding changes to the documentation
• [x] My changes generate no new warnings
• [ ] I have added tests that prove my fix is effective or that my feature works
• [x] New and existing unit tests pass locally with my changes
• [ ] Any dependent changes have been merged and published in downstream modules
• [x] Changes have been manually tested (please provide information on test platform using the fields below)

Test / Development Platform Information

• Operating system and version: macOS 12.2
• Crypt::OpenSSL::X509 version: 1.913
• Perl version: 5.34.0
• OpenSSL version: 1.1.1m, 3.0.1

[skaji]

Maybe fix #91

[jonasbn]

@timlegge do you have time to do a review of PR from @skaji, I will get to it eventually, but more eyes would be beneficial

[timlegge]

@jonasbn I reviewed as above and it looks proper. This will be fine for any of the 3.0 versions (I think) but if you compile with DOPENSSL_NO_DEPRECATED_3_0_0 it will error on any of the things that were deprecated in 3.0.0 (and below I assume).

So there is still some work to be done to get full 3.0 compatibility.

[jonasbn]

Hi @skaji and @timlegge

This has been included in the release 1.9.14-TRIAL, just uploaded to PAUSE/CPAN.

Please let me know if you experience any issues or have any feedback. The 1.9.14 release will be made in due time depending on the outcome/feedback of the trial release.

Thanks for your contributions.