[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 154/220: openssl: build warning free with boringssl
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 154/220: openssl: build warning free with boringssl |
|
Date: |
Thu, 12 Sep 2019 17:28:34 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 3e8a9bfd17b4c3b7b9f822739b6afc9ed6b92208
Author: Daniel Stenberg <address@hidden>
AuthorDate: Tue Aug 20 11:30:25 2019 +0200
openssl: build warning free with boringssl
Closes #4244
---
.travis.yml | 2 +-
lib/vtls/openssl.c | 32 +++++++++++++++++++++++++++-----
2 files changed, 28 insertions(+), 6 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 0a03e3bba..827b86f7d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -521,7 +521,7 @@ script:
- |
set -eo pipefail
if [ "$T" = "novalgrind" ]; then
- ./configure $C
+ ./configure --enable-werror $C
make && make examples
make TFLAGS=-n test-nonflaky
fi
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index c2d195656..20eae6c9e 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -391,7 +391,11 @@ static const char *SSL_ERROR_to_str(int err)
*/
static char *ossl_strerror(unsigned long error, char *buf, size_t size)
{
+#ifdef OPENSSL_IS_BORINGSSL
+ ERR_error_string_n((uint32_t)error, buf, size);
+#else
ERR_error_string_n(error, buf, size);
+#endif
return buf;
}
@@ -1529,8 +1533,13 @@ static CURLcode verifyhost(struct connectdata *conn,
X509 *server_cert)
altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL);
if(altnames) {
+#ifdef OPENSSL_IS_BORINGSSL
+ size_t numalts;
+ size_t i;
+#else
int numalts;
int i;
+#endif
bool dnsmatched = FALSE;
bool ipmatched = FALSE;
@@ -2147,8 +2156,14 @@ get_ssl_version_txt(SSL *ssl)
}
#endif
+#ifdef OPENSSL_IS_BORINGSSL
+typedef uint32_t ctx_option_t;
+#else
+typedef long ctx_option_t;
+#endif
+
static CURLcode
-set_ssl_version_min_max(long *ctx_options, struct connectdata *conn,
+set_ssl_version_min_max(ctx_option_t *ctx_options, struct connectdata *conn,
int sockindex)
{
#if (OPENSSL_VERSION_NUMBER < 0x1000100FL) || !defined(TLS1_3_VERSION)
@@ -2287,7 +2302,8 @@ static CURLcode ossl_connect_step1(struct connectdata
*conn, int sockindex)
X509_LOOKUP *lookup = NULL;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- long ctx_options = 0;
+ ctx_option_t ctx_options = 0;
+
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
bool sni;
const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
@@ -3031,6 +3047,12 @@ static int X509V3_ext(struct Curl_easy *data,
return 0; /* all is fine */
}
+#ifdef OPENSSL_IS_BORINGSSL
+typedef size_t numcert_t;
+#else
+typedef int numcert_t;
+#endif
+
static CURLcode get_cert_chain(struct connectdata *conn,
struct ssl_connect_data *connssl)
@@ -3039,7 +3061,7 @@ static CURLcode get_cert_chain(struct connectdata *conn,
STACK_OF(X509) *sk;
int i;
struct Curl_easy *data = conn->data;
- int numcerts;
+ numcert_t numcerts;
BIO *mem;
sk = SSL_get_peer_cert_chain(BACKEND->handle);
@@ -3049,14 +3071,14 @@ static CURLcode get_cert_chain(struct connectdata *conn,
numcerts = sk_X509_num(sk);
- result = Curl_ssl_init_certinfo(data, numcerts);
+ result = Curl_ssl_init_certinfo(data, (int)numcerts);
if(result) {
return result;
}
mem = BIO_new(BIO_s_mem());
- for(i = 0; i < numcerts; i++) {
+ for(i = 0; i < (int)numcerts; i++) {
ASN1_INTEGER *num;
X509 *x = sk_X509_value(sk, i);
EVP_PKEY *pubkey = NULL;
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [GNUnet-SVN] [gnurl] 89/220: alt-svc: send Alt-Used: in redirected requests, (continued)
- [GNUnet-SVN] [gnurl] 89/220: alt-svc: send Alt-Used: in redirected requests, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 141/220: vssh: move ssh init/cleanup functions into backend code, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 114/220: CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 120/220: curl_version_info: make the quic_version a const, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 126/220: connect: connections are persistent by default for HTTP/3, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 134/220: travis: reduce number of torture tests in 'coverage', gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 150/220: configure: use pkg-config to detect quiche, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 129/220: ngtcp2: Consume QUIC STREAM data properly, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 137/220: travis: add a quiche build, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 149/220: CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 154/220: openssl: build warning free with boringssl,
gnunet <=
- [GNUnet-SVN] [gnurl] 165/220: ngtcp2: use nghttp3_version(), gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 166/220: ngtcp2: improve h3 response receiving, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 136/220: http: fix use of credentials from URL when using HTTP proxy, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 155/220: spnego_sspi: add typecast to fix build warning, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 152/220: ngtcp2: make postfields-set posts work, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 162/220: http: the 'closed' struct field is used by both ngh2 and ngh3, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 164/220: ngtcp2: sync with upstream API changes, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 167/220: ngtcp2: add support for SSLKEYLOGFILE, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 143/220: ssh: add a generic Curl_ssh_version function for SSH backends, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 139/220: TODO/ROADMAP: remove "refuse downgrade redirects" and HTTP/3, gnunet, 2019/09/12