Attention is currently required from: flichtenheld, plaisthos.
Hello mandree, plaisthos,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/1445?usp=email
to look at the new patch set (#2).
Change subject: ssl_verify_openssl: Avoid conversion warning in
x509_verify_cert_ku
......................................................................
ssl_verify_openssl: Avoid conversion warning in x509_verify_cert_ku
Just use the correct types.
v2:
- Change type of expected_len argument to size_t
Change-Id: Ia6c3f0395bd6cd67064fe77420d9df2b66763049
Signed-off-by: Frank Lichtenheld <[email protected]>
---
M src/openvpn/ssl_verify_backend.h
M src/openvpn/ssl_verify_mbedtls.c
M src/openvpn/ssl_verify_openssl.c
3 files changed, 5 insertions(+), 14 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/45/1445/2
diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h
index 1d56533..d70f2df 100644
--- a/src/openvpn/ssl_verify_backend.h
+++ b/src/openvpn/ssl_verify_backend.h
@@ -243,7 +243,7 @@
* if key usage is not enabled, or the values do not
match.
*/
result_t x509_verify_cert_ku(openvpn_x509_cert_t *x509, const unsigned *const
expected_ku,
- int expected_len);
+ size_t expected_len);
/*
* Verify X.509 extended key usage extension field.
diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c
index b7de550..a38f5e9 100644
--- a/src/openvpn/ssl_verify_mbedtls.c
+++ b/src/openvpn/ssl_verify_mbedtls.c
@@ -483,7 +483,7 @@
}
result_t
-x509_verify_cert_ku(mbedtls_x509_crt *cert, const unsigned *const expected_ku,
int expected_len)
+x509_verify_cert_ku(mbedtls_x509_crt *cert, const unsigned int *const
expected_ku, size_t expected_len)
{
msg(D_HANDSHAKE, "Validating certificate key usage");
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 633f78d..ec7acf8 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -674,13 +674,8 @@
return FAILURE;
}
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wconversion"
-#endif
-
result_t
-x509_verify_cert_ku(X509 *x509, const unsigned *const expected_ku, int
expected_len)
+x509_verify_cert_ku(X509 *x509, const unsigned int *const expected_ku, size_t
expected_len)
{
ASN1_BIT_STRING *ku = X509_get_ext_d2i(x509, NID_key_usage, NULL, NULL);
@@ -697,8 +692,8 @@
return SUCCESS;
}
- unsigned nku = 0;
- for (size_t i = 0; i < 8; i++)
+ unsigned int nku = 0;
+ for (int i = 0; i < 8; i++)
{
if (ASN1_BIT_STRING_get_bit(ku, i))
{
@@ -738,10 +733,6 @@
return fFound;
}
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
result_t
x509_verify_cert_eku(X509 *x509, const char *const expected_oid)
{
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1445?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newpatchset
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: Ia6c3f0395bd6cd67064fe77420d9df2b66763049
Gerrit-Change-Number: 1445
Gerrit-PatchSet: 2
Gerrit-Owner: flichtenheld <[email protected]>
Gerrit-Reviewer: mandree <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
Gerrit-Attention: flichtenheld <[email protected]>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
