When linking openssl the HPUX ANSI C compiler says:
ucomp :
Warning at line 336 : Uninitialized variable "keyidlen" in function
"pkcs12_main" (5004)
Warning at line 2009 : Uninitialized variable "j" in function
"certify_spkac" (5004)
The HPUX compiler automatically reorders and inlines things at link time, so
the line numbers it reported don't mean much.
The "keyidlen" warning looks legit. In pkcs12.c there's a loop at line
324 that conditionally sets ucert if the right cert is found, and there's
a comment saying it might not be found. Then at line 364 keyidlen is
conditionally set (via X509_digest()) only if ucert is valid. Otherwise
keyidlen stays unititialized. Then at line 401 keyidlen is used. So it
appears that there's a way to end up at line 401 without having initialized
keyidlen.
As for the "j" warning in ca.c function certify_spkac(), I don't see any way
that j could be used before it's initialized. It might be that the compiler
has merged j with another variable and it's the other variable that has the
problem, but I don't see any of the other int's with the problem either.
Tracking this stuff really hurts my head, so maybe someone else can see it.
Otherwise just file it in the back of your mind as a clue for future
debugging.
BTW, does gcc show any legit warnings with -Wuninitialized?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
