cron2 has uploaded a new patch set (#5) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/1445?usp=email )
The following approvals got outdated and were removed: Code-Review+1 by mandree, Code-Review+2 by cron2 Change subject: ssl_verify_openssl: Avoid conversion warning in x509_verify_cert_ku ...................................................................... ssl_verify_openssl: Avoid conversion warning in x509_verify_cert_ku Just use the correct types. v2: - Change type of expected_len argument to size_t Change-Id: Ia6c3f0395bd6cd67064fe77420d9df2b66763049 Signed-off-by: Frank Lichtenheld <[email protected]> Acked-by: Gert Doering <[email protected]> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1445 Message-Id: <[email protected]> URL: https://www.mail-archive.com/[email protected]/msg35322.html Signed-off-by: Gert Doering <[email protected]> --- M src/openvpn/ssl_verify_backend.h M src/openvpn/ssl_verify_mbedtls.c M src/openvpn/ssl_verify_openssl.c 3 files changed, 5 insertions(+), 14 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/45/1445/5 diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h index 0a2de03..9272cae 100644 --- a/src/openvpn/ssl_verify_backend.h +++ b/src/openvpn/ssl_verify_backend.h @@ -240,7 +240,7 @@ * if key usage is not enabled, or the values do not match. */ result_t x509_verify_cert_ku(openvpn_x509_cert_t *x509, const unsigned *const expected_ku, - int expected_len); + size_t expected_len); /* * Verify X.509 extended key usage extension field. diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c index 80396f8..9d89a1d 100644 --- a/src/openvpn/ssl_verify_mbedtls.c +++ b/src/openvpn/ssl_verify_mbedtls.c @@ -486,7 +486,7 @@ } result_t -x509_verify_cert_ku(mbedtls_x509_crt *cert, const unsigned *const expected_ku, int expected_len) +x509_verify_cert_ku(mbedtls_x509_crt *cert, const unsigned int *const expected_ku, size_t expected_len) { msg(D_HANDSHAKE, "Validating certificate key usage"); diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index 4f6573d..60d5756 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -670,13 +670,8 @@ return FAILURE; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - result_t -x509_verify_cert_ku(X509 *x509, const unsigned *const expected_ku, int expected_len) +x509_verify_cert_ku(X509 *x509, const unsigned int *const expected_ku, size_t expected_len) { ASN1_BIT_STRING *ku = X509_get_ext_d2i(x509, NID_key_usage, NULL, NULL); @@ -693,8 +688,8 @@ return SUCCESS; } - unsigned nku = 0; - for (size_t i = 0; i < 8; i++) + unsigned int nku = 0; + for (int i = 0; i < 8; i++) { if (ASN1_BIT_STRING_get_bit(ku, i)) { @@ -734,10 +729,6 @@ return fFound; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif - result_t x509_verify_cert_eku(X509 *x509, const char *const expected_oid) { -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1445?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ia6c3f0395bd6cd67064fe77420d9df2b66763049 Gerrit-Change-Number: 1445 Gerrit-PatchSet: 5 Gerrit-Owner: flichtenheld <[email protected]> Gerrit-Reviewer: cron2 <[email protected]> Gerrit-Reviewer: mandree <[email protected]> Gerrit-Reviewer: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
