The development trunk of OpenSSL has tightened up the type safety of the STACK construct

author Sander Temme <sctemme@apache.org>

Fri, 27 Feb 2009 05:16:18 +0000 (05:16 +0000)

committer Sander Temme <sctemme@apache.org>

Fri, 27 Feb 2009 05:16:18 +0000 (05:16 +0000)
author Sander Temme <sctemme@apache.org>
Fri, 27 Feb 2009 05:16:18 +0000 (05:16 +0000)
committer Sander Temme <sctemme@apache.org>
Fri, 27 Feb 2009 05:16:18 +0000 (05:16 +0000)
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c

index 7c58e365f1c0478a114502bcd03de894cca0474c..d2c60915d817b31e3fd0163081d3c5623c261a7d 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -576,7 +576,7 @@ static void ssl_init_ctx_verify(server_rec *s,
              ssl_die();
          }
  
-        SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list);
+        SSL_CTX_set_client_CA_list(ctx, (STACK_OF(X509_NAME) *)ca_list);
      }
  
      /*
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c

index 229fc27d3ff71e001685e196a64256d9c1f1a546..ab5fb0db4e3097e30854ede16c25c3c8726d4e3a 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -250,7 +250,7 @@ int ssl_hook_Access(request_rec *r)
      X509_STORE *cert_store = NULL;
      X509_STORE_CTX cert_store_ctx;
      STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
-    SSL_CIPHER *cipher = NULL;
+    const SSL_CIPHER *cipher = NULL;
      int depth, verify_old, verify, n;
  
      if (ssl) {
@@ -657,7 +657,7 @@ int ssl_hook_Access(request_rec *r)
                   * sk_X509_shift-ed the peer cert out of the chain.
                   * we put it back here for the purpose of quick_renegotiation.
                   */
-                cert_stack = sk_new_null();
+                cert_stack = sk_X509_new_null();
                  sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
              }
  
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c

index 27fac9fdd59992e8faf317e75599cb609e99531a..8d6414722713cbe62865ab8a61680d7480bd5be3 100644 (file)
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -632,7 +632,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
      ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
  
      if (ssl && strEQ(var, "")) {
-        SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
+        const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
          result = (cipher != NULL ? (char *)SSL_CIPHER_get_name(cipher) : NULL);
      }
      else if (strcEQ(var, "_EXPORT"))
@@ -653,7 +653,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
  
  static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize)
  {
-    SSL_CIPHER *cipher;
+    const SSL_CIPHER *cipher;
  
      *usekeysize = 0;
      *algkeysize = 0;
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c

index 1b5df13b33d6dcd24870826fb376d65d46cb281f..a06b65047a103e42b2cb2813fd24dbb89ea08fb1 100644 (file)
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -294,7 +294,7 @@ BOOL SSL_X509_isSGC(X509 *cert)
  #ifdef HAVE_SSL_X509V3_EXT_d2i
      X509_EXTENSION *ext;
      int ext_nid;
-    STACK *sk;
+    EXTENDED_KEY_USAGE *sk;
      BOOL is_sgc;
      int idx;
      int i;
@@ -303,9 +303,9 @@ BOOL SSL_X509_isSGC(X509 *cert)
      idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
      if (idx >= 0) {
          ext = X509_get_ext(cert, idx);
-        if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) {
-            for (i = 0; i < sk_num(sk); i++) {
-                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i));
+        if ((sk = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i(ext)) != NULL) {
+            for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
+                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_ASN1_OBJECT_value(sk, i));
                  if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
                      is_sgc = TRUE;
                      break;
@@ -467,7 +467,7 @@ int SSL_CTX_use_certificate_chain(
      X509 *x509;
      unsigned long err;
      int n;
-    STACK *extra_certs;
+    STACK_OF(X509) *extra_certs;
  
      if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
          return -1;
diff --git a/support/ab.c b/support/ab.c

index 4a35903228fbcb083b4f23caa86da4690c589e8e..94e8772479b318690c2e171eb107432177a94a76 100644 (file)
--- a/support/ab.c
+++ b/support/ab.c
@@ -480,7 +480,7 @@ static void ssl_rand_seed(void)
  
  static int ssl_print_connection_info(BIO *bio, SSL *ssl)
  {
-    SSL_CIPHER *c;
+    const SSL_CIPHER *c;
      int alg_bits,bits;
  
      c = SSL_get_current_cipher(ssl);
@@ -566,7 +566,7 @@ static void ssl_proceed_handshake(struct connection *c)
              if (verbosity >= 2)
                  ssl_print_info(c);
              if (ssl_info == NULL) {
-                SSL_CIPHER *ci;
+                const SSL_CIPHER *ci;
                  X509 *cert;
                  int sk_bits, pk_bits, swork;
  
@@ -1979,7 +1979,7 @@ int main(int argc, const char * const argv[])
      const char *optarg;
      char c;
  #ifdef USE_SSL
-    SSL_METHOD *meth = SSLv23_client_method();
+    const SSL_METHOD *meth = SSLv23_client_method();
  #endif
  
      /* table defaults  */
author	Sander Temme <sctemme@apache.org>
	Fri, 27 Feb 2009 05:16:18 +0000 (05:16 +0000)
committer	Sander Temme <sctemme@apache.org>
	Fri, 27 Feb 2009 05:16:18 +0000 (05:16 +0000)
modules/ssl/ssl_engine_init.c		patch \| blob \| history
modules/ssl/ssl_engine_kernel.c		patch \| blob \| history
modules/ssl/ssl_engine_vars.c		patch \| blob \| history
modules/ssl/ssl_util_ssl.c		patch \| blob \| history
support/ab.c		patch \| blob \| history