Constify X509* usage where needed and use ASN1_STRING accessors

[seektechnz]

Fixes: #5237

OpenSSL is moving most X509 pointers to const, this makes handlers compatible with const pointers. OpenSSL has also begun removing direct access to ASN1_STRING members, so we use the accessor functions instead of direct struct members.

[matejk]

Nice, clean PR — the changes are correct, minimal, and backward-compatible with OpenSSL >= 1.1.0.

One suggestion: in validFrom() and expiresOn(), the std::string is constructed from ASN1_STRING_get0_data() relying on null-termination:

std::string dateTime(reinterpret_cast<const char*>(ASN1_STRING_get0_data(certTime)));

It would be more robust to use the length accessor as well:

std::string dateTime(reinterpret_cast<const char*>(ASN1_STRING_get0_data(certTime)), ASN1_STRING_length(certTime));

This is a pre-existing issue (the old code did the same with certTime->data), so not a blocker for this PR, but worth considering as part of this change since you're already touching these lines.

[seektechnz]

That should be fixed now for safety. Thanks for looking it over!