[Vm-dev] [OpenSmalltalk/opensmalltalk-vm] [SqueakSSL] Overlay OpenSSL for linux/unix (#205)

Fabio Niephaus notifications at github.com
Tue Jan 30 21:32:47 UTC 2018 

fniephaus commented on this pull request.



> @@ -432,19 +438,20 @@ sqInt sqConnectSSL(sqInt handle, char* srcBuf, sqInt srcLen, char *dstBuf, sqInt
 
 		if (ssl->serverName) {
 			const size_t serverNameLength = strnlen(ssl->serverName, MAX_HOSTNAME_LENGTH);
-#ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
-			if(ssl->loglevel) printf("sqConnectSSL: X509_check_host.");
-			/* Try IP first, expect INVALID_IP_STRING to continue with hostname */
-			matched = (enum sqMatchResult) X509_check_ip_asc(cert, ssl->serverName, 0);
-			if (matched == INVALID_IP_STRING) {
-				matched = (enum sqMatchResult) X509_check_host(cert, ssl->serverName, serverNameLength, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS, NULL);
-			}
-#else
-			matched = sqVerifyIP(ssl, cert, ssl->serverName, serverNameLength);
-			if (matched == INVALID_IP_STRING) {
-				matched = sqVerifyDNS(ssl, cert, ssl->serverName, serverNameLength);
+                        //#ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS

Is this comment/ifdef still needed?

> +#define sqo_SKM_sk_value(type, st,i)                    \
+  ((type *)sqo_sk_value(CHECKED_STACK_OF(type, st), i))
+#define sqo_SKM_sk_free(type, st)               \
+  sqo_sk_free(CHECKED_STACK_OF(type, st))
+#define sqo_SKM_sk_pop_free(type, st, free_func)                        \
+  sqo_sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func))
+#define sqo_sk_GENERAL_NAME_num(st)             \
+  sqo_SKM_sk_num(GENERAL_NAME, (st))
+#define sqo_sk_GENERAL_NAME_value(st, i)        \
+  sqo_SKM_sk_value(GENERAL_NAME, (st), (i))
+#define sqo_sk_GENERAL_NAME_free(st)            \
+  sqo_SKM_sk_free(GENERAL_NAME, (st))
+#define sqo_sk_GENERAL_NAME_pop_free(st, free_func)     \
+  sqo_SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
+
+#if !defined(X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS)

Could you add a comment when this is not defined? Otherwise, prefix it as well?
-> `sqo_X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS`

> @@ -275,14 +275,20 @@ sqInt sqCreateSSL(void) {
 	sqInt handle = 0;
 	sqSSL *ssl = NULL;
 
-	SSL_library_init();
-	SSL_load_error_strings();
+	if (!wasInitialized) {
+ 		if (!loadLibrary()) {
+			return 0;
+		}
+                sqo_SSL_library_init();

Fix indentation

> @@ -275,14 +275,20 @@ sqInt sqCreateSSL(void) {
 	sqInt handle = 0;
 	sqSSL *ssl = NULL;
 
-	SSL_library_init();
-	SSL_load_error_strings();
+	if (!wasInitialized) {
+ 		if (!loadLibrary()) {
+			return 0;
+		}
+                sqo_SSL_library_init();
+                sqo_SSL_load_error_strings();

Same

>  			if ((sAN->type == matchType) &&
 			    sqVerifySAN(ssl, sAN, serverName, serverNameLength, matchType)) {
 				matchFound = MATCH_FOUND;
 				break;
 			}
 		}
-		sk_GENERAL_NAME_pop_free(sANs, GENERAL_NAME_free);
+		sqo_sk_GENERAL_NAME_pop_free(sANs, (void(*)(void*))sqo_sk_free);

I don't understand what's going on here, but please double check if `(void(*)(void*))sqo_sk_free` is the correct substitution for `GENERAL_NAME_free` here.

> +#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+  _C(sqo_sk_new_null = (_STACK *(*)(void)) _sqo_find("sk_new_null"));
+  _C(sqo_sk_push = (int (*)(_STACK *st, void *data)) _sqo_find("sk_push"));
+  _C(sqo_sk_free = (void (*)(_STACK *st)) _sqo_find("sk_free"));
+  _C(sqo_sk_value = (void *(*)(const _STACK *st, int i)) _sqo_find("sk_value"));
+  _C(sqo_sk_num = (int (*)(const _STACK *st)) _sqo_find("sk_num"));
+  _C(sqo_sk_pop_free = (void (*)(_STACK *st, void (*func) (void *))) _sqo_find("sk_pop_free"));
+#else
+  _C(sqo_sk_new_null = (STACK *(*)(void)) _sqo_find("sk_new_null"));
+  _C(sqo_sk_push = (int (*)(STACK *st, char *data)) _sqo_find("sk_push"));
+  _C(sqo_sk_free = (void (*)(STACK *st)) _sqo_find("sk_free"));
+  _C(sqo_sk_value = (char *(*)(STACK *st, int i)) _sqo_find("sk_value"));
+  _C(sqo_sk_num = (int (*)(STACK *st)) _sqo_find("sk_num"));
+  _C(sqo_sk_pop_free = (void (*)(STACK *st, void (*func) (void *))) _sqo_find("sk_pop_free"));
+#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L
+  return true;

Can't this be in the previous `#if OPENSSL_VERSION_NUMBER >= 0x10000000L` in line 282?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/OpenSmalltalk/opensmalltalk-vm/pull/205#pullrequestreview-92725566
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20180130/bcf05423/attachment-0001.html>

More information about the Vm-dev mailing list