On 08/28/2017 08:44 AM, Alex Rousskov wrote: > On 08/27/2017 08:50 PM, Amos Jeffries wrote: > >> I have a patch in my TLS config branch, if it looks okay with you I will >> make a PR to add it separately. >> https://github.com/yadij/squid/commit/192c5b931a5b0484246e21fd02310974131d32a6 > >> + AC_DEFINE_UNQUOTED(const_ASN1_BIT_STRING, [ASN1_BIT_STRING]) >> + AC_DEFINE_UNQUOTED(const_X509_ALGOR, [X509_ALGOR]) > > I do not think we should lie about the actual constness of those types. > I suggest using something like extracted_ASN1_BIT_STRING and > extracted_X509_ALGOR names instead. > > >> - X509_ALGOR *sig_alg; >> + const_X509_ALGOR *sig_alg; > > Please use this opportunity to initialize sig_alg to nullptr before > passing it to an external function. The other parameter (sig) is already > initialized.
Also, please note that printX509Signature() in ssl/gadgets.cc is also broken in a similar way. IMHO, we should replace all HAVE_LIBCRYPTO_X509_GET0_SIGNATURE checks with X509_get0_signaturex() or a similar wrapper that takes care both of the function presence and its argument constness. Thank you, Alex. _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
