diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2019-08-20 11:30:25 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2019-08-20 11:30:25 +0200 |
| commit | 0b27fd4fd17b5724e013adb89da5436c5438dd2d (patch) | |
| tree | e639844ebcd0e083827611f58a292b668fd0371e | |
| parent | 1a0dc6f6a31fe0c7dd83af9f6f4531b37cdd72a5 (diff) | |
| download | curl-bagder/boringssl-warningfree.tar.gz | |
openssl: build warning free with boringsslbagder/boringssl-warningfree
| -rw-r--r-- | .travis.yml | 2 | ||||
| -rw-r--r-- | lib/vtls/openssl.c | 32 |
2 files changed, 28 insertions, 6 deletions
diff --git a/.travis.yml b/.travis.yml index 810ebb8f2..2d60b7b27 100644 --- a/.travis.yml +++ b/.travis.yml @@ -521,7 +521,7 @@ script: - | set -eo pipefail if [ "$T" = "novalgrind" ]; then - ./configure $C + ./configure --enable-werror $C make && make examples make TFLAGS=-n test-nonflaky fi diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index c2d195656..20eae6c9e 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -391,7 +391,11 @@ static const char *SSL_ERROR_to_str(int err) */ static char *ossl_strerror(unsigned long error, char *buf, size_t size) { +#ifdef OPENSSL_IS_BORINGSSL + ERR_error_string_n((uint32_t)error, buf, size); +#else ERR_error_string_n(error, buf, size); +#endif return buf; } @@ -1529,8 +1533,13 @@ static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert) altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL); if(altnames) { +#ifdef OPENSSL_IS_BORINGSSL + size_t numalts; + size_t i; +#else int numalts; int i; +#endif bool dnsmatched = FALSE; bool ipmatched = FALSE; @@ -2147,8 +2156,14 @@ get_ssl_version_txt(SSL *ssl) } #endif +#ifdef OPENSSL_IS_BORINGSSL +typedef uint32_t ctx_option_t; +#else +typedef long ctx_option_t; +#endif + static CURLcode -set_ssl_version_min_max(long *ctx_options, struct connectdata *conn, +set_ssl_version_min_max(ctx_option_t *ctx_options, struct connectdata *conn, int sockindex) { #if (OPENSSL_VERSION_NUMBER < 0x1000100FL) || !defined(TLS1_3_VERSION) @@ -2287,7 +2302,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) X509_LOOKUP *lookup = NULL; curl_socket_t sockfd = conn->sock[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - long ctx_options = 0; + ctx_option_t ctx_options = 0; + #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME bool sni; const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : @@ -3031,6 +3047,12 @@ static int X509V3_ext(struct Curl_easy *data, return 0; /* all is fine */ } +#ifdef OPENSSL_IS_BORINGSSL +typedef size_t numcert_t; +#else +typedef int numcert_t; +#endif + static CURLcode get_cert_chain(struct connectdata *conn, struct ssl_connect_data *connssl) @@ -3039,7 +3061,7 @@ static CURLcode get_cert_chain(struct connectdata *conn, STACK_OF(X509) *sk; int i; struct Curl_easy *data = conn->data; - int numcerts; + numcert_t numcerts; BIO *mem; sk = SSL_get_peer_cert_chain(BACKEND->handle); @@ -3049,14 +3071,14 @@ static CURLcode get_cert_chain(struct connectdata *conn, numcerts = sk_X509_num(sk); - result = Curl_ssl_init_certinfo(data, numcerts); + result = Curl_ssl_init_certinfo(data, (int)numcerts); if(result) { return result; } mem = BIO_new(BIO_s_mem()); - for(i = 0; i < numcerts; i++) { + for(i = 0; i < (int)numcerts; i++) { ASN1_INTEGER *num; X509 *x = sk_X509_value(sk, i); EVP_PKEY *pubkey = NULL; |