From 3e8a9bfd17b4c3b7b9f822739b6afc9ed6b92208 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 20 Aug 2019 11:30:25 +0200 Subject: openssl: build warning free with boringssl Closes #4244 --- .travis.yml | 2 +- lib/vtls/openssl.c | 32 +++++++++++++++++++++++++++----- 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 0a03e3bba..827b86f7d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -521,7 +521,7 @@ script: - | set -eo pipefail if [ "$T" = "novalgrind" ]; then - ./configure $C + ./configure --enable-werror $C make && make examples make TFLAGS=-n test-nonflaky fi diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index c2d195656..20eae6c9e 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -391,7 +391,11 @@ static const char *SSL_ERROR_to_str(int err) */ static char *ossl_strerror(unsigned long error, char *buf, size_t size) { +#ifdef OPENSSL_IS_BORINGSSL + ERR_error_string_n((uint32_t)error, buf, size); +#else ERR_error_string_n(error, buf, size); +#endif return buf; } @@ -1529,8 +1533,13 @@ static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert) altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL); if(altnames) { +#ifdef OPENSSL_IS_BORINGSSL + size_t numalts; + size_t i; +#else int numalts; int i; +#endif bool dnsmatched = FALSE; bool ipmatched = FALSE; @@ -2147,8 +2156,14 @@ get_ssl_version_txt(SSL *ssl) } #endif +#ifdef OPENSSL_IS_BORINGSSL +typedef uint32_t ctx_option_t; +#else +typedef long ctx_option_t; +#endif + static CURLcode -set_ssl_version_min_max(long *ctx_options, struct connectdata *conn, +set_ssl_version_min_max(ctx_option_t *ctx_options, struct connectdata *conn, int sockindex) { #if (OPENSSL_VERSION_NUMBER < 0x1000100FL) || !defined(TLS1_3_VERSION) @@ -2287,7 +2302,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) X509_LOOKUP *lookup = NULL; curl_socket_t sockfd = conn->sock[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - long ctx_options = 0; + ctx_option_t ctx_options = 0; + #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME bool sni; const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : @@ -3031,6 +3047,12 @@ static int X509V3_ext(struct Curl_easy *data, return 0; /* all is fine */ } +#ifdef OPENSSL_IS_BORINGSSL +typedef size_t numcert_t; +#else +typedef int numcert_t; +#endif + static CURLcode get_cert_chain(struct connectdata *conn, struct ssl_connect_data *connssl) @@ -3039,7 +3061,7 @@ static CURLcode get_cert_chain(struct connectdata *conn, STACK_OF(X509) *sk; int i; struct Curl_easy *data = conn->data; - int numcerts; + numcert_t numcerts; BIO *mem; sk = SSL_get_peer_cert_chain(BACKEND->handle); @@ -3049,14 +3071,14 @@ static CURLcode get_cert_chain(struct connectdata *conn, numcerts = sk_X509_num(sk); - result = Curl_ssl_init_certinfo(data, numcerts); + result = Curl_ssl_init_certinfo(data, (int)numcerts); if(result) { return result; } mem = BIO_new(BIO_s_mem()); - for(i = 0; i < numcerts; i++) { + for(i = 0; i < (int)numcerts; i++) { ASN1_INTEGER *num; X509 *x = sk_X509_value(sk, i); EVP_PKEY *pubkey = NULL; -- cgit v1.2.3