summaryrefslogtreecommitdiff
path: root/lib/vtls/openssl.c
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2019-01-15 23:57:25 +0100
committerDaniel Stenberg <daniel@haxx.se>2019-01-16 08:20:57 +0100
commit16a3307e813fa82776dc265201ffc7dac1c842a7 (patch)
tree514cb6c275518fa0e36faffa9bfdfbd55675c958 /lib/vtls/openssl.c
parent2fa0d57e2e3b7a808af55e52912827813d19c38f (diff)
downloadcurl-16a3307e813fa82776dc265201ffc7dac1c842a7.tar.gz
openssl: fix the SSL_get_tlsext_status_ocsp_resp call
.... to not pass in a const in the second argument as that's not how it is supposed to be used and might cause compiler warnings. Reported-by: Pavel Pavlov Fixes #3477 Closes #3478
Diffstat (limited to 'lib/vtls/openssl.c')
-rw-r--r--lib/vtls/openssl.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 45e72d6a3..9d11b89e5 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1692,6 +1692,7 @@ static CURLcode verifystatus(struct connectdata *conn,
struct ssl_connect_data *connssl)
{
int i, ocsp_status;
+ unsigned char *status;
const unsigned char *p;
CURLcode result = CURLE_OK;
struct Curl_easy *data = conn->data;
@@ -1701,14 +1702,14 @@ static CURLcode verifystatus(struct connectdata *conn,
X509_STORE *st = NULL;
STACK_OF(X509) *ch = NULL;
- long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p);
+ long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status);
- if(!p) {
+ if(!status) {
failf(data, "No OCSP response received");
result = CURLE_SSL_INVALIDCERTSTATUS;
goto end;
}
-
+ p = status;
rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
if(!rsp) {
failf(data, "Invalid OCSP response");