From: Frank Lichtenheld <[email protected]> Just use the correct types.
v2: - Change type of expected_len argument to size_t Change-Id: Ia6c3f0395bd6cd67064fe77420d9df2b66763049 Signed-off-by: Frank Lichtenheld <[email protected]> Acked-by: Gert Doering <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1445 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1445 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering <[email protected]> diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h index 1d56533..d70f2df 100644 --- a/src/openvpn/ssl_verify_backend.h +++ b/src/openvpn/ssl_verify_backend.h @@ -243,7 +243,7 @@ * if key usage is not enabled, or the values do not match. */ result_t x509_verify_cert_ku(openvpn_x509_cert_t *x509, const unsigned *const expected_ku, - int expected_len); + size_t expected_len); /* * Verify X.509 extended key usage extension field. diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c index b7de550..a38f5e9 100644 --- a/src/openvpn/ssl_verify_mbedtls.c +++ b/src/openvpn/ssl_verify_mbedtls.c @@ -483,7 +483,7 @@ } result_t -x509_verify_cert_ku(mbedtls_x509_crt *cert, const unsigned *const expected_ku, int expected_len) +x509_verify_cert_ku(mbedtls_x509_crt *cert, const unsigned int *const expected_ku, size_t expected_len) { msg(D_HANDSHAKE, "Validating certificate key usage"); diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index 633f78d..ec7acf8 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -674,13 +674,8 @@ return FAILURE; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - result_t -x509_verify_cert_ku(X509 *x509, const unsigned *const expected_ku, int expected_len) +x509_verify_cert_ku(X509 *x509, const unsigned int *const expected_ku, size_t expected_len) { ASN1_BIT_STRING *ku = X509_get_ext_d2i(x509, NID_key_usage, NULL, NULL); @@ -697,8 +692,8 @@ return SUCCESS; } - unsigned nku = 0; - for (size_t i = 0; i < 8; i++) + unsigned int nku = 0; + for (int i = 0; i < 8; i++) { if (ASN1_BIT_STRING_get_bit(ku, i)) { @@ -738,10 +733,6 @@ return fFound; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif - result_t x509_verify_cert_eku(X509 *x509, const char *const expected_oid) { _______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
