Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1507?usp=email
to review the following change.
Change subject: ssl_verify_openssl: Clean up extract_x509_extension
......................................................................
ssl_verify_openssl: Clean up extract_x509_extension
* Avoid sign-compare warning when comparing string
lengths
* Use the nicer alias rfc822Name instead of the general ia5
from the GENERAL_NAME union.
* Use the official ASN1_STRING_length API instead of accessing
the struct directly.
* C11 changes
Change-Id: I23cc00aee47aef007ab2e7d50b52c6de299505db
Signed-off-by: Frank Lichtenheld <[email protected]>
---
M src/openvpn/ssl_verify_openssl.c
1 file changed, 5 insertions(+), 16 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/07/1507/1
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 58f665c..90a8a51 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -118,16 +118,10 @@
return nid == NID_subject_alt_name || nid == NID_issuer_alt_name;
}
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wsign-compare"
-#endif
-
static bool
extract_x509_extension(X509 *cert, char *fieldname, char *out, size_t size)
{
bool retval = false;
- char *buf = 0;
if (!x509_username_field_ext_supported(fieldname))
{
@@ -139,17 +133,15 @@
GENERAL_NAMES *extensions = X509_get_ext_d2i(cert, nid, NULL, NULL);
if (extensions)
{
- int numalts;
- int i;
/* get amount of alternatives,
* RFC2459 claims there MUST be at least
* one, but we don't depend on it...
*/
- numalts = sk_GENERAL_NAME_num(extensions);
+ int numalts = sk_GENERAL_NAME_num(extensions);
/* loop through all alternatives */
- for (i = 0; i < numalts; i++)
+ for (int i = 0; i < numalts; i++)
{
/* get a handle to alternative name number i */
const GENERAL_NAME *name = sk_GENERAL_NAME_value(extensions, i);
@@ -157,11 +149,12 @@
switch (name->type)
{
case GEN_EMAIL:
- if (ASN1_STRING_to_UTF8((unsigned char **)&buf,
name->d.ia5) < 0)
+ char *buf = NULL;
+ if (ASN1_STRING_to_UTF8((unsigned char **)&buf,
name->d.rfc822Name) < 0)
{
continue;
}
- if (strlen(buf) != name->d.ia5->length)
+ if ((ssize_t)strlen(buf) !=
ASN1_STRING_length(name->d.rfc822Name))
{
msg(D_TLS_ERRORS, "ASN1 ERROR: string contained
terminating zero");
OPENSSL_free(buf);
@@ -185,10 +178,6 @@
return retval;
}
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
/*
* Extract a field from an X509 subject name.
*
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1507?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I23cc00aee47aef007ab2e7d50b52c6de299505db
Gerrit-Change-Number: 1507
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
