On Fri, Mar 20, 2015 at 01:15:17PM +0100, Alessandro Ghedini wrote: > On ven, mar 20, 2015 at 11:21:42 +0100, Daniel Stenberg wrote: > > vtls/openssl.c:1399:36: error: dereferencing pointer to incomplete type > > if(!sk_OCSP_SINGLERESP_value(br->tbsResponseData->responses, i)) > > ^ > > This and the other sk_OCSP_SINGLERESP_* calls can be replaced by the > respective > OCSP_resp_* calls, I can write a patch for that.
See attached patch. Cheers
From f7ae781b37f3620a038eba9d1153f1808d93bb88 Mon Sep 17 00:00:00 2001
From: Alessandro Ghedini <alessan...@ghedini.me>
Date: Fri, 20 Mar 2015 13:24:08 +0100
Subject: [PATCH] openssl: try to avoid accessing OCSP structs when possible
---
lib/vtls/openssl.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index f0c97f0..3f93e22 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1390,17 +1390,15 @@ static CURLcode verifystatus(struct connectdata *conn,
goto end;
}
- for(i = 0; i < sk_OCSP_SINGLERESP_num(br->tbsResponseData->responses); i++) {
+ for(i = 0; i < OCSP_resp_count(br); i++) {
int cert_status, crl_reason;
OCSP_SINGLERESP *single = NULL;
ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
- if(!sk_OCSP_SINGLERESP_value(br->tbsResponseData->responses, i))
+ if(!(single = OCSP_resp_get0(br, i)))
continue;
- single = sk_OCSP_SINGLERESP_value(br->tbsResponseData->responses, i);
-
cert_status = OCSP_single_get0_status(single, &crl_reason, &rev,
&thisupd, &nextupd);
--
2.1.4
signature.asc
Description: Digital signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
