On Thu, Feb 16, 2017 at 10:52 PM, William A Rowe Jr <[email protected]> wrote:
> I'm not clear that this was a good usage of the current API...
>
> In file included from httpd-2.x/modules/ssl/ssl_private.h:90:0,
> from httpd-2.x/modules/ssl/ssl_engine_init.c:29:
> httpd-2.x/modules/ssl/ssl_engine_init.c: In function ‘ssl_init_server_certs’:
> include/openssl/ssl.h:1287:51: warning: statement with no effect
> [-Wunused-value]
> # define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0)
> ^
> httpd-2.x/modules/ssl/ssl_engine_init.c:1328:9: note: in expansion of
> macro ‘SSL_CTX_set_ecdh_auto’
> SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
> ^~~~~~~~~~~~~~~~~~~~~
Looks like OpenSSL missed a cast to void in its macro implementation.
I think goal was to still evaluate "onoff", but in this case
"((void)((onoff) != 0))" or the usual "do (void)((onoff) != 0); while
(0)" would have been more clean/compatible...
> This looks like a no-op now in OpenSSL 1.1.0.
>
> /*
> * ...otherwise, enable auto curve selection (OpenSSL 1.0.2 and later)
> * or configure NIST P-256 (required to enable ECDHE for earlier versions)
> */
> else {
> #if defined(SSL_CTX_set_ecdh_auto)
> SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
> #else
> eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
> SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
> #endif
I guess we'll have to work around this with our own (void) casting.
