summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/connect.c5
-rw-r--r--lib/cookie.c10
-rw-r--r--lib/doh.c7
-rw-r--r--lib/hostcheck.c6
-rw-r--r--lib/hostip6.c5
-rw-r--r--lib/inet_pton.c3
-rw-r--r--lib/ldap.c3
-rw-r--r--lib/md4.c7
-rw-r--r--lib/md5.c7
-rw-r--r--lib/memdebug.c3
-rw-r--r--lib/security.c5
-rw-r--r--lib/ssh-libssh.c8
-rw-r--r--lib/ssh.c2
-rw-r--r--lib/transfer.c14
-rw-r--r--lib/urlapi.c4
-rw-r--r--lib/vtls/cyassl.c2
-rw-r--r--lib/vtls/gskit.c15
-rw-r--r--lib/vtls/gtls.c37
-rw-r--r--lib/vtls/mbedtls.c11
-rw-r--r--lib/vtls/polarssl_threadlock.c32
-rw-r--r--lib/vtls/schannel.c16
-rw-r--r--lib/vtls/vtls.c22
-rw-r--r--lib/x509asn1.c15
23 files changed, 115 insertions, 124 deletions
diff --git a/lib/connect.c b/lib/connect.c
index 0250ceb45..b106fa872 100644
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -628,7 +628,6 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
long *port)
{
- unsigned short us_port;
struct sockaddr_in *si = NULL;
#ifdef ENABLE_IPV6
struct sockaddr_in6 *si6 = NULL;
@@ -642,7 +641,7 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
si = (struct sockaddr_in *)(void *) sa;
if(Curl_inet_ntop(sa->sa_family, &si->sin_addr,
addr, MAX_IPADR_LEN)) {
- us_port = ntohs(si->sin_port);
+ unsigned short us_port = ntohs(si->sin_port);
*port = us_port;
return TRUE;
}
@@ -652,7 +651,7 @@ UNITTEST bool getaddressinfo(struct sockaddr *sa, char *addr,
si6 = (struct sockaddr_in6 *)(void *) sa;
if(Curl_inet_ntop(sa->sa_family, &si6->sin6_addr,
addr, MAX_IPADR_LEN)) {
- us_port = ntohs(si6->sin6_port);
+ unsigned short us_port = ntohs(si6->sin6_port);
*port = us_port;
return TRUE;
}
diff --git a/lib/cookie.c b/lib/cookie.c
index 15bb28166..05ce62193 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -1509,10 +1509,6 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
struct Cookie *co;
FILE *out;
bool use_stdout = FALSE;
- char *format_ptr;
- unsigned int i;
- unsigned int j;
- struct Cookie **array;
if(!c)
/* no cookie engine alive */
@@ -1539,6 +1535,10 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
out);
if(c->numcookies) {
+ unsigned int i;
+ unsigned int j;
+ struct Cookie **array;
+
array = malloc(sizeof(struct Cookie *) * c->numcookies);
if(!array) {
if(!use_stdout)
@@ -1558,7 +1558,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
qsort(array, c->numcookies, sizeof(struct Cookie *), cookie_sort_ct);
for(i = 0; i < j; i++) {
- format_ptr = get_netscape_format(array[i]);
+ char *format_ptr = get_netscape_format(array[i]);
if(format_ptr == NULL) {
fprintf(out, "#\n# Fatal libcurl error\n");
free(array);
diff --git a/lib/doh.c b/lib/doh.c
index 7d4a69d2f..6d1f3303b 100644
--- a/lib/doh.c
+++ b/lib/doh.c
@@ -584,7 +584,6 @@ UNITTEST DOHcode doh_decode(unsigned char *doh,
unsigned short qdcount;
unsigned short ancount;
unsigned short type = 0;
- unsigned short class;
unsigned short rdlength;
unsigned short nscount;
unsigned short arcount;
@@ -612,6 +611,7 @@ UNITTEST DOHcode doh_decode(unsigned char *doh,
ancount = get16bit(doh, 6);
while(ancount) {
+ unsigned short class;
unsigned int ttl;
rc = skipqname(doh, dohlen, &index);
@@ -896,8 +896,6 @@ CURLcode Curl_doh_is_resolved(struct connectdata *conn,
DOHcode rc;
DOHcode rc2;
struct dohentry de;
- struct Curl_dns_entry *dns;
- struct Curl_addrinfo *ai;
/* remove DOH handles from multi handle and close them */
curl_multi_remove_handle(data->multi, data->req.doh.probe[0].easy);
Curl_close(data->req.doh.probe[0].easy);
@@ -927,6 +925,9 @@ CURLcode Curl_doh_is_resolved(struct connectdata *conn,
data->req.doh.host);
}
if(!rc || !rc2) {
+ struct Curl_dns_entry *dns;
+ struct Curl_addrinfo *ai;
+
infof(data, "DOH Host name: %s\n", data->req.doh.host);
showdoh(data, &de);
diff --git a/lib/hostcheck.c b/lib/hostcheck.c
index 6fcd0a901..115d24b2e 100644
--- a/lib/hostcheck.c
+++ b/lib/hostcheck.c
@@ -127,16 +127,14 @@ static int hostmatch(char *hostname, char *pattern)
int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
{
- char *matchp;
- char *hostp;
int res = 0;
if(!match_pattern || !*match_pattern ||
!hostname || !*hostname) /* sanity check */
;
else {
- matchp = strdup(match_pattern);
+ char *matchp = strdup(match_pattern);
if(matchp) {
- hostp = strdup(hostname);
+ char *hostp = strdup(hostname);
if(hostp) {
if(hostmatch(hostp, matchp) == CURL_HOST_MATCH)
res = 1;
diff --git a/lib/hostip6.c b/lib/hostip6.c
index fb2f35ce3..5511f1aab 100644
--- a/lib/hostip6.c
+++ b/lib/hostip6.c
@@ -102,14 +102,15 @@ static void dump_addrinfo(struct connectdata *conn, const Curl_addrinfo *ai)
printf("dump_addrinfo:\n");
for(; ai; ai = ai->ai_next) {
char buf[INET6_ADDRSTRLEN];
- char buffer[STRERROR_LEN];
printf(" fam %2d, CNAME %s, ",
ai->ai_family, ai->ai_canonname ? ai->ai_canonname : "<none>");
if(Curl_printable_address(ai, buf, sizeof(buf)))
printf("%s\n", buf);
- else
+ else {
+ char buffer[STRERROR_LEN];
printf("failed; %s\n",
Curl_strerror(SOCKERRNO, buffer, sizeof(buffer)));
+ }
}
}
#else
diff --git a/lib/inet_pton.c b/lib/inet_pton.c
index fef9610d1..0d65ae0ec 100644
--- a/lib/inet_pton.c
+++ b/lib/inet_pton.c
@@ -153,7 +153,7 @@ inet_pton6(const char *src, unsigned char *dst)
static const char xdigits_l[] = "0123456789abcdef",
xdigits_u[] = "0123456789ABCDEF";
unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
- const char *xdigits, *curtok;
+ const char *curtok;
int ch, saw_xdigit;
size_t val;
@@ -168,6 +168,7 @@ inet_pton6(const char *src, unsigned char *dst)
saw_xdigit = 0;
val = 0;
while((ch = *src++) != '\0') {
+ const char *xdigits;
const char *pch;
pch = strchr((xdigits = xdigits_l), ch);
diff --git a/lib/ldap.c b/lib/ldap.c
index 79dc2f2ed..fd31faa3e 100644
--- a/lib/ldap.c
+++ b/lib/ldap.c
@@ -1069,8 +1069,6 @@ static int _ldap_url_parse(const struct connectdata *conn,
static void _ldap_free_urldesc(LDAPURLDesc *ludp)
{
- size_t i;
-
if(!ludp)
return;
@@ -1078,6 +1076,7 @@ static void _ldap_free_urldesc(LDAPURLDesc *ludp)
free(ludp->lud_filter);
if(ludp->lud_attrs) {
+ size_t i;
for(i = 0; i < ludp->lud_attrs_dups; i++)
free(ludp->lud_attrs[i]);
free(ludp->lud_attrs);
diff --git a/lib/md4.c b/lib/md4.c
index 9dfaabc22..e7c77bc36 100644
--- a/lib/md4.c
+++ b/lib/md4.c
@@ -115,7 +115,6 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
{
const unsigned char *ptr;
MD4_u32plus a, b, c, d;
- MD4_u32plus saved_a, saved_b, saved_c, saved_d;
ptr = (const unsigned char *)data;
@@ -125,6 +124,8 @@ static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
d = ctx->d;
do {
+ MD4_u32plus saved_a, saved_b, saved_c, saved_d;
+
saved_a = a;
saved_b = b;
saved_c = c;
@@ -214,7 +215,7 @@ static void MD4_Init(MD4_CTX *ctx)
static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
{
MD4_u32plus saved_lo;
- unsigned long used, available;
+ unsigned long used;
saved_lo = ctx->lo;
ctx->lo = (saved_lo + size) & 0x1fffffff;
@@ -225,7 +226,7 @@ static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
used = saved_lo & 0x3f;
if(used) {
- available = 64 - used;
+ unsigned long available = 64 - used;
if(size < available) {
memcpy(&ctx->buffer[used], data, size);
diff --git a/lib/md5.c b/lib/md5.c
index f4e37d6cb..2b81ca455 100644
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -275,7 +275,6 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
{
const unsigned char *ptr;
MD5_u32plus a, b, c, d;
- MD5_u32plus saved_a, saved_b, saved_c, saved_d;
ptr = (const unsigned char *)data;
@@ -285,6 +284,8 @@ static const void *body(MD5_CTX *ctx, const void *data, unsigned long size)
d = ctx->d;
do {
+ MD5_u32plus saved_a, saved_b, saved_c, saved_d;
+
saved_a = a;
saved_b = b;
saved_c = c;
@@ -392,7 +393,7 @@ static void MD5_Init(MD5_CTX *ctx)
static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
{
MD5_u32plus saved_lo;
- unsigned long used, available;
+ unsigned long used;
saved_lo = ctx->lo;
ctx->lo = (saved_lo + size) & 0x1fffffff;
@@ -403,7 +404,7 @@ static void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size)
used = saved_lo & 0x3f;
if(used) {
- available = 64 - used;
+ unsigned long available = 64 - used;
if(size < available) {
memcpy(&ctx->buffer[used], data, size);
diff --git a/lib/memdebug.c b/lib/memdebug.c
index 00e57e9a1..ede60094b 100644
--- a/lib/memdebug.c
+++ b/lib/memdebug.c
@@ -306,9 +306,8 @@ void *curl_dbg_realloc(void *ptr, size_t wantedsize,
void curl_dbg_free(void *ptr, int line, const char *source)
{
- struct memdebug *mem;
-
if(ptr) {
+ struct memdebug *mem;
#ifdef __INTEL_COMPILER
# pragma warning(push)
diff --git a/lib/security.c b/lib/security.c
index d64f49a03..82ae5c2cd 100644
--- a/lib/security.c
+++ b/lib/security.c
@@ -410,8 +410,6 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
static int sec_set_protection_level(struct connectdata *conn)
{
int code;
- char *pbsz;
- static unsigned int buffer_size = 1 << 20; /* 1048576 */
enum protection_level level = conn->request_data_prot;
DEBUGASSERT(level > PROT_NONE && level < PROT_LAST);
@@ -427,6 +425,9 @@ static int sec_set_protection_level(struct connectdata *conn)
return 0;
if(level) {
+ char *pbsz;
+ static unsigned int buffer_size = 1 << 20; /* 1048576 */
+
code = ftp_send_command(conn, "PBSZ %u", buffer_size);
if(code < 0)
return -1;
diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c
index 9bc092390..6cfd6bda8 100644
--- a/lib/ssh-libssh.c
+++ b/lib/ssh-libssh.c
@@ -1946,14 +1946,13 @@ static int myssh_getsock(struct connectdata *conn,
static void myssh_block2waitfor(struct connectdata *conn, bool block)
{
struct ssh_conn *sshc = &conn->proto.sshc;
- int dir;
/* If it didn't block, or nothing was returned by ssh_get_poll_flags
* have the original set */
conn->waitfor = sshc->orig_waitfor;
if(block) {
- dir = ssh_get_poll_flags(sshc->ssh_session);
+ int dir = ssh_get_poll_flags(sshc->ssh_session);
if(dir & SSH_READ_PENDING) {
/* translate the libssh define bits into our own bit defines */
conn->waitfor = KEEP_RECV;
@@ -2050,7 +2049,6 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
CURLcode result;
curl_socket_t sock = conn->sock[FIRSTSOCKET];
struct Curl_easy *data = conn->data;
- int rc;
/* initialize per-handle data if not already */
if(!data->req.protop)
@@ -2104,8 +2102,8 @@ static CURLcode myssh_connect(struct connectdata *conn, bool *done)
ssh->pubkey = NULL;
if(data->set.str[STRING_SSH_PUBLIC_KEY]) {
- rc = ssh_pki_import_pubkey_file(data->set.str[STRING_SSH_PUBLIC_KEY],
- &ssh->pubkey);
+ int rc = ssh_pki_import_pubkey_file(data->set.str[STRING_SSH_PUBLIC_KEY],
+ &ssh->pubkey);
if(rc != SSH_OK) {
failf(data, "Could not load public key file");
/* ignore */
diff --git a/lib/ssh.c b/lib/ssh.c
index e8b8ed61a..a265c3c9a 100644
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -587,13 +587,13 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn)
struct Curl_easy *data = conn->data;
const char *pubkey_md5 = data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5];
char md5buffer[33];
- int i;
const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
LIBSSH2_HOSTKEY_HASH_MD5);
if(fingerprint) {
/* The fingerprint points to static storage (!), don't free() it. */
+ int i;
for(i = 0; i < 16; i++)
msnprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
diff --git a/lib/transfer.c b/lib/transfer.c
index 60ad1bb7e..514330e8c 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -157,15 +157,8 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
size_t buffersize = bytes;
size_t nread;
-#ifndef CURL_DISABLE_HTTP
- struct curl_slist *trailers = NULL;
- CURLcode c;
- int trailers_ret_code;
-#endif
-
curl_read_callback readfunc = NULL;
void *extra_data = NULL;
- bool added_crlf = FALSE;
#ifdef CURL_DOES_CONVERSIONS
bool sending_http_headers = FALSE;
@@ -182,6 +175,10 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
#ifndef CURL_DISABLE_HTTP
if(data->state.trailers_state == TRAILERS_INITIALIZED) {
+ struct curl_slist *trailers = NULL;
+ CURLcode c;
+ int trailers_ret_code;
+
/* at this point we already verified that the callback exists
so we compile and store the trailers buffer, then proceed */
infof(data,
@@ -296,7 +293,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
here, knowing they'll become CRLFs later on.
*/
- char hexbuffer[11] = "";
+ bool added_crlf = FALSE;
int hexlen = 0;
const char *endofline_native;
const char *endofline_network;
@@ -317,6 +314,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes,
/* if we're not handling trailing data, proceed as usual */
if(data->state.trailers_state != TRAILERS_SENDING) {
+ char hexbuffer[11] = "";
hexlen = msnprintf(hexbuffer, sizeof(hexbuffer),
"%zx%s", nread, endofline_native);
diff --git a/lib/urlapi.c b/lib/urlapi.c
index 0d05f4d92..3fef2fcf7 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -605,9 +605,9 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname)
/* only valid letters are ok */
len = strspn(hostname, l);
if(hlen != len) {
- /* this could now be '%[zone id]' */
- char zoneid[16];
if(hostname[len] == '%') {
+ /* this could now be '%[zone id]' */
+ char zoneid[16];
int i = 0;
char *h = &hostname[len + 1];
/* pass '25' if present and is a url encoded percent sign */
diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c
index 2fd8f486c..44a2bdda6 100644
--- a/lib/vtls/cyassl.c
+++ b/lib/vtls/cyassl.c
@@ -143,7 +143,6 @@ static CURLcode
cyassl_connect_step1(struct connectdata *conn,
int sockindex)
{
- char error_buffer[CYASSL_MAX_ERROR_SZ];
char *ciphers;
struct Curl_easy *data = conn->data;
struct ssl_connect_data* connssl = &conn->ssl[sockindex];
@@ -420,6 +419,7 @@ cyassl_connect_step1(struct connectdata *conn,
if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
/* we got a session id, use it! */
if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) {
+ char error_buffer[CYASSL_MAX_ERROR_SZ];
Curl_ssl_sessionid_unlock(conn);
failf(data, "SSL: SSL_set_session failed: %s",
ERR_error_string(SSL_get_error(BACKEND->handle, 0),
diff --git a/lib/vtls/gskit.c b/lib/vtls/gskit.c
index 0498bf05f..130d82a81 100644
--- a/lib/vtls/gskit.c
+++ b/lib/vtls/gskit.c
@@ -734,12 +734,11 @@ static ssize_t gskit_recv(struct connectdata *conn, int num, char *buf,
{
struct ssl_connect_data *connssl = &conn->ssl[num];
struct Curl_easy *data = conn->data;
- int buffsize;
int nread;
CURLcode cc = CURLE_RECV_ERROR;
if(pipe_ssloverssl(conn, num, SOS_READ) >= 0) {
- buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
+ int buffsize = buffersize > (size_t) INT_MAX? INT_MAX: (int) buffersize;
cc = gskit_status(data, gsk_secure_soc_read(BACKEND->handle,
buf, buffsize, &nread),
"gsk_secure_soc_read()", CURLE_RECV_ERROR);
@@ -806,7 +805,6 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
conn->host.name;
const char *sni;
unsigned int protoflags = 0;
- long timeout;
Qso_OverlappedIO_t commarea;
int sockpair[2];
static const int sobufsize = CURL_MAX_WRITE_SIZE;
@@ -914,7 +912,7 @@ static CURLcode gskit_connect_step1(struct connectdata *conn, int sockindex)
if(!result) {
/* Compute the handshake timeout. Since GSKit granularity is 1 second,
we round up the required value. */
- timeout = Curl_timeleft(data, NULL, TRUE);
+ long timeout = Curl_timeleft(data, NULL, TRUE);
if(timeout < 0)
result = CURLE_OPERATION_TIMEDOUT;
else
@@ -1021,14 +1019,13 @@ static CURLcode gskit_connect_step2(struct connectdata *conn, int sockindex,
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
Qso_OverlappedIO_t cstat;
- long timeout_ms;
struct timeval stmv;
CURLcode result;
/* Poll or wait for end of SSL asynchronous handshake. */
for(;;) {
- timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
+ long timeout_ms = nonblocking? 0: Curl_timeleft(data, NULL, TRUE);
if(timeout_ms < 0)
timeout_ms = 0;
stmv.tv_sec = timeout_ms / 1000;
@@ -1077,7 +1074,6 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
const char *cert = (const char *) NULL;
const char *certend;
const char *ptr;
- int i;
CURLcode result;
/* SSL handshake done: gather certificate info and verify host. */
@@ -1087,6 +1083,8 @@ static CURLcode gskit_connect_step3(struct connectdata *conn, int sockindex)
&cdev, &cdec),
"gsk_attribute_get_cert_info()", CURLE_SSL_CONNECT_ERROR) ==
CURLE_OK) {
+ int i;
+
infof(data, "Server certificate:\n");
p = cdev;
for(i = 0; i++ < cdec; p++)
@@ -1261,7 +1259,6 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct Curl_easy *data = conn->data;
- ssize_t nread;
int what;
int rc;
char buf[120];
@@ -1278,6 +1275,8 @@ static int Curl_gskit_shutdown(struct connectdata *conn, int sockindex)
SSL_SHUTDOWN_TIMEOUT);
for(;;) {
+ ssize_t nread;
+
if(what < 0) {
/* anything that gets here is fatally bad */
failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 639fa58e2..e597eac5e 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -286,11 +286,11 @@ static CURLcode handshake(struct connectdata *conn,
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
gnutls_session_t session = BACKEND->session;
curl_socket_t sockfd = conn->sock[sockindex];
- time_t timeout_ms;
- int rc;
- int what;
for(;;) {
+ time_t timeout_ms;
+ int rc;
+
/* check allowed time left */
timeout_ms = Curl_timeleft(data, NULL, duringconnect);
@@ -303,7 +303,7 @@ static CURLcode handshake(struct connectdata *conn,
/* if ssl is expecting something, check if it's available. */
if(connssl->connecting_state == ssl_connect_2_reading
|| connssl->connecting_state == ssl_connect_2_writing) {
-
+ int what;
curl_socket_t writefd = ssl_connect_2_writing ==
connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
curl_socket_t readfd = ssl_connect_2_reading ==
@@ -957,7 +957,6 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
gnutls_pubkey_t key = NULL;
/* Result is returned to caller */
- int ret = 0;
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
/* if a path wasn't specified, don't pin */
@@ -968,6 +967,8 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
return result;
do {
+ int ret;
+
/* Begin Gyrations to get the public key */
gnutls_pubkey_init(&key);
@@ -1279,10 +1280,7 @@ gtls_connect_step3(struct connectdata *conn,
#define use_addr in_addr
#endif
unsigned char addrbuf[sizeof(struct use_addr)];
- unsigned char certaddr[sizeof(struct use_addr)];
- size_t addrlen = 0, certaddrlen;
- int i;
- int ret = 0;
+ size_t addrlen = 0;
if(Curl_inet_pton(AF_INET, hostname, addrbuf) > 0)
addrlen = 4;
@@ -1292,10 +1290,13 @@ gtls_connect_step3(struct connectdata *conn,
#endif
if(addrlen) {
+ unsigned char certaddr[sizeof(struct use_addr)];
+ int i;
+
for(i = 0; ; i++) {
- certaddrlen = sizeof(certaddr);
- ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
- &certaddrlen, NULL);
+ size_t certaddrlen = sizeof(certaddr);
+ int ret = gnutls_x509_crt_get_subject_alt_name(x509_cert, i, certaddr,
+ &certaddrlen, NULL);
/* If this happens, it wasn't an IP address. */
if(ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
continue;
@@ -1465,8 +1466,6 @@ gtls_connect_step3(struct connectdata *conn,
already got it from the cache and asked to use it in the connection, it
might've been rejected and then a new one is in use now and we need to
detect that. */
- bool incache;
- void *ssl_sessionid;
void *connect_sessionid;
size_t connect_idsize = 0;
@@ -1475,6 +1474,9 @@ gtls_connect_step3(struct connectdata *conn,
connect_sessionid = malloc(connect_idsize); /* get a buffer for it */
if(connect_sessionid) {
+ bool incache;
+ void *ssl_sessionid;
+
/* extract session ID to the allocated buffer */
gnutls_session_get_data(session, connect_sessionid, &connect_idsize);
@@ -1635,11 +1637,8 @@ static void Curl_gtls_close(struct connectdata *conn, int sockindex)
static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
- ssize_t result;
int retval = 0;
struct Curl_easy *data = conn->data;
- bool done = FALSE;
- char buf[120];
/* This has only been tested on the proftpd server, and the mod_tls code
sends a close notify alert without waiting for a close notify alert in
@@ -1650,6 +1649,10 @@ static int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
gnutls_bye(BACKEND->session, GNUTLS_SHUT_WR);
if(BACKEND->session) {
+ ssize_t result;
+ bool done = FALSE;
+ char buf[120];
+
while(!done) {
int what = SOCKET_READABLE(conn->sock[sockindex],
SSL_SHUTDOWN_TIMEOUT);
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index 22c22fa78..ab357dd87 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -540,13 +540,6 @@ mbed_connect_step2(struct connectdata *conn,
data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG];
-#ifdef HAS_ALPN
- const char *next_protocol;
-#endif
-
- char errorbuf[128];
- errorbuf[0] = 0;
-
conn->recv[sockindex] = mbed_recv;
conn->send[sockindex] = mbed_send;
@@ -561,6 +554,8 @@ mbed_connect_step2(struct connectdata *conn,
return CURLE_OK;
}
else if(ret) {
+ char errorbuf[128];
+ errorbuf[0] = 0;
#ifdef MBEDTLS_ERROR_C
mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
#endif /* MBEDTLS_ERROR_C */
@@ -665,7 +660,7 @@ mbed_connect_step2(struct connectdata *conn,
#ifdef HAS_ALPN
if(conn->bits.tls_enable_alpn) {
- next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl);
+ const char *next_protocol = mbedtls_ssl_get_alpn_protocol(&BACKEND->ssl);
if(next_protocol) {
infof(data, "ALPN, server accepted to use %s\n", next_protocol);
diff --git a/lib/vtls/polarssl_threadlock.c b/lib/vtls/polarssl_threadlock.c
index 8ef651d40..27c94b11e 100644
--- a/lib/vtls/polarssl_threadlock.c
+++ b/lib/vtls/polarssl_threadlock.c
@@ -49,25 +49,23 @@ static POLARSSL_MUTEX_T *mutex_buf = NULL;
int Curl_polarsslthreadlock_thread_setup(void)
{
int i;
- int ret;
mutex_buf = calloc(NUMT * sizeof(POLARSSL_MUTEX_T), 1);
if(!mutex_buf)
return 0; /* error, no number of threads defined */
-#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
for(i = 0; i < NUMT; i++) {
+ int ret;
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_init(&mutex_buf[i], NULL);
if(ret)
return 0; /* pthread_mutex_init failed */
- }
#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
- for(i = 0; i < NUMT; i++) {
mutex_buf[i] = CreateMutex(0, FALSE, 0);
if(mutex_buf[i] == 0)
return 0; /* CreateMutex failed */
- }
#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
+ }
return 1; /* OK */
}
@@ -75,24 +73,22 @@ int Curl_polarsslthreadlock_thread_setup(void)
int Curl_polarsslthreadlock_thread_cleanup(void)
{
int i;
- int ret;
if(!mutex_buf)
return 0; /* error, no threads locks defined */
-#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
for(i = 0; i < NUMT; i++) {
+ int ret;
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_destroy(&mutex_buf[i]);
if(ret)
return 0; /* pthread_mutex_destroy failed */
- }
#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
- for(i = 0; i < NUMT; i++) {
ret = CloseHandle(mutex_buf[i]);
if(!ret)
return 0; /* CloseHandle failed */
- }
#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
+ }
free(mutex_buf);
mutex_buf = NULL;
@@ -101,51 +97,47 @@ int Curl_polarsslthreadlock_thread_cleanup(void)
int Curl_polarsslthreadlock_lock_function(int n)
{
- int ret;
-#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
if(n < NUMT) {
+ int ret;
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_lock(&mutex_buf[n]);
if(ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_lock_function failed\n"));
return 0; /* pthread_mutex_lock failed */
}
- }
#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
- if(n < NUMT) {
ret = (WaitForSingleObject(mutex_buf[n], INFINITE) == WAIT_FAILED?1:0);
if(ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_lock_function failed\n"));
return 0; /* pthread_mutex_lock failed */
}
- }
#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
+ }
return 1; /* OK */
}
int Curl_polarsslthreadlock_unlock_function(int n)
{
- int ret;
-#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
if(n < NUMT) {
+ int ret;
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
ret = pthread_mutex_unlock(&mutex_buf[n]);
if(ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_unlock_function failed\n"));
return 0; /* pthread_mutex_unlock failed */
}
- }
#elif defined(USE_THREADS_WIN32) && defined(HAVE_PROCESS_H)
- if(n < NUMT) {
ret = ReleaseMutex(mutex_buf[n]);
if(!ret) {
DEBUGF(fprintf(stderr,
"Error: polarsslthreadlock_unlock_function failed\n"));
return 0; /* pthread_mutex_lock failed */
}
- }
#endif /* USE_THREADS_POSIX && HAVE_PTHREAD_H */
+ }
return 1; /* OK */
}
diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 2480bbbe3..0f6f734fd 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -868,13 +868,11 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
unsigned char *reallocated_buffer;
- size_t reallocated_length;
SecBuffer outbuf[3];
SecBufferDesc outbuf_desc;
SecBuffer inbuf[2];
SecBufferDesc inbuf_desc;
SECURITY_STATUS sspi_status = SEC_E_OK;
- TCHAR *host_name;
CURLcode result;
bool doread;
char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
@@ -917,7 +915,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
if(BACKEND->encdata_length - BACKEND->encdata_offset <
CURL_SCHANNEL_BUFFER_FREE_SIZE) {
/* increase internal encrypted data buffer */
- reallocated_length = BACKEND->encdata_offset +
+ size_t reallocated_length = BACKEND->encdata_offset +
CURL_SCHANNEL_BUFFER_FREE_SIZE;
reallocated_buffer = realloc(BACKEND->encdata_buffer,
reallocated_length);
@@ -933,6 +931,7 @@ schannel_connect_step2(struct connectdata *conn, int sockindex)
}
for(;;) {
+ TCHAR *host_name;
if(doread) {
/* read encrypted handshake data from socket */
result = Curl_read_plain(conn->sock[sockindex],
@@ -2131,14 +2130,9 @@ static CURLcode Curl_schannel_random(struct Curl_easy *data UNUSED_PARAM,
static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
const char *pinnedpubkey)
{
- SECURITY_STATUS sspi_status;
struct Curl_easy *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
CERT_CONTEXT *pCertContextServer = NULL;
- const char *x509_der;
- DWORD x509_der_len;
- curl_X509certificate x509_parsed;
- curl_asn1Element *pubkey;
/* Result is returned to caller */
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
@@ -2148,6 +2142,12 @@ static CURLcode pkp_pin_peer_pubkey(struct connectdata *conn, int sockindex,
return CURLE_OK;
do {
+ SECURITY_STATUS sspi_status;
+ const char *x509_der;
+ DWORD x509_der_len;
+ curl_X509certificate x509_parsed;
+ curl_asn1Element *pubkey;
+
sspi_status =
s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,
SECPKG_ATTR_REMOTE_CERT_CONTEXT,
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 25391443f..a7452dcd5 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -498,9 +498,9 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
void Curl_ssl_close_all(struct Curl_easy *data)
{
- size_t i;
/* kill the session ID cache if not shared */
if(data->state.session && !SSLSESSION_SHARED(data)) {
+ size_t i;
for(i = 0; i < data->set.general_ssl.max_ssl_sessions; i++)
/* the single-killer function handles empty table slots */
Curl_ssl_kill_session(&data->state.session[i]);
@@ -644,11 +644,11 @@ bool Curl_ssl_data_pending(const struct connectdata *conn,
void Curl_ssl_free_certinfo(struct Curl_easy *data)
{
- int i;
struct curl_certinfo *ci = &data->info.certs;
if(ci->num_of_certs) {
/* free all individual lists used */
+ int i;
for(i = 0; i<ci->num_of_certs; i++) {
curl_slist_free_all(ci->certinfo[i]);
ci->certinfo[i] = NULL;
@@ -808,14 +808,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
{
FILE *fp;
unsigned char *buf = NULL, *pem_ptr = NULL;
- long filesize;
- size_t size, pem_len;
- CURLcode pem_read;
CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH;
- CURLcode encode;
- size_t encodedlen, pinkeylen;
- char *encoded, *pinkeycopy, *begin_pos, *end_pos;
- unsigned char *sha256sumdigest = NULL;
/* if a path wasn't specified, don't pin */
if(!pinnedpubkey)
@@ -825,6 +818,11 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
/* only do this if pinnedpubkey starts with "sha256//", length 8 */
if(strncmp(pinnedpubkey, "sha256//", 8) == 0) {
+ CURLcode encode;
+ size_t encodedlen, pinkeylen;
+ char *encoded, *pinkeycopy, *begin_pos, *end_pos;
+ unsigned char *sha256sumdigest;
+
if(!Curl_ssl->sha256sum) {
/* without sha256 support, this cannot match */
return result;
@@ -895,6 +893,10 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data,
return result;
do {
+ long filesize;
+ size_t size, pem_len;
+ CURLcode pem_read;
+
/* Determine the file's size */
if(fseek(fp, 0, SEEK_END))
break;
@@ -1271,7 +1273,6 @@ static int multissl_init(const struct Curl_ssl *backend)
{
const char *env;
char *env_tmp;
- int i;
if(Curl_ssl != &Curl_ssl_multi)
return 1;
@@ -1290,6 +1291,7 @@ static int multissl_init(const struct Curl_ssl *backend)
env = CURL_DEFAULT_SSL_BACKEND;
#endif
if(env) {
+ int i;
for(i = 0; available_backends[i]; i++) {
if(strcasecompare(env, available_backends[i]->info.name)) {
Curl_ssl = available_backends[i];
diff --git a/lib/x509asn1.c b/lib/x509asn1.c
index 35a036fbe..0c1256ba8 100644
--- a/lib/x509asn1.c
+++ b/lib/x509asn1.c
@@ -266,8 +266,6 @@ utf8asn1str(char **to, int type, const char *from, const char *end)
size_t inlength = end - from;
int size = 1;
size_t outlength;
- int charsize;
- unsigned int wc;
char *buf;
*to = NULL;
@@ -305,6 +303,9 @@ utf8asn1str(char **to, int type, const char *from, const char *end)
}
else {
for(outlength = 0; from < end;) {
+ int charsize;
+ unsigned int wc;
+
wc = 0;
switch(size) {
case 4:
@@ -877,9 +878,6 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
curl_asn1Element elem;
curl_asn1Element pk;
const char *p;
- const char *q;
- unsigned long len;
- unsigned int i;
/* Generate all information records for the public key. */
@@ -888,6 +886,9 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
return;
if(strcasecompare(algo, "rsaEncryption")) {
+ const char *q;
+ unsigned long len;
+
p = getASN1Element(&elem, pk.beg, pk.end);
if(!p)
return;
@@ -896,9 +897,11 @@ static void do_pubkey(struct Curl_easy *data, int certnum,
for(q = elem.beg; !*q && q < elem.end; q++)
;
len = (unsigned long)((elem.end - q) * 8);
- if(len)
+ if(len) {
+ unsigned int i;
for(i = *(unsigned char *) q; !(i & 0x80); i <<= 1)
len--;
+ }
if(len > 32)
elem.beg = q; /* Strip leading zero bytes. */
if(!certnum)