Hello I had a quick look at httpd 2.4.10 (couldn't find on the website how to site how to checkout the trunk)
http://httpd.apache.org/docs/trunk/ Taking this file as an example: httpd-2.4.10/modules/ssl/ssl_engine_init.c 1) Doesn't check make_dh_params() "prime" is a non-NULL valid function pointer. 2) DH *modssl_get_dh_params(unsigned keylen). "keylen" doesn't have a type. better to write "unsigned int keylen" 3) ssl_add_version_components() doesn't check "s" and "p" are valid non-NULL parameters before using them. 4) ssl_add_version_components() "modver" "incver" "libver" should probably be "const char *" 5) ssl_init_Module() all pointer params should be checked to be non-NULL, and an appropriate error apr_status_t returned (something other than APR_SUCCESS) In my view, worth making these changes. You may already be familiar with ISO/IEC TR 24772 which covers these kind of things. Regards, Jonny
