[Vm-dev] [OpenSmalltalk/opensmalltalk-vm] [SqueakSSL] Overlay OpenSSL for linux/unix (#205)
Fabio Niephaus
notifications at github.com
Tue Jan 30 21:32:47 UTC 2018
fniephaus commented on this pull request.
> @@ -432,19 +438,20 @@ sqInt sqConnectSSL(sqInt handle, char* srcBuf, sqInt srcLen, char *dstBuf, sqInt
if (ssl->serverName) {
const size_t serverNameLength = strnlen(ssl->serverName, MAX_HOSTNAME_LENGTH);
-#ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
- if(ssl->loglevel) printf("sqConnectSSL: X509_check_host.");
- /* Try IP first, expect INVALID_IP_STRING to continue with hostname */
- matched = (enum sqMatchResult) X509_check_ip_asc(cert, ssl->serverName, 0);
- if (matched == INVALID_IP_STRING) {
- matched = (enum sqMatchResult) X509_check_host(cert, ssl->serverName, serverNameLength, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS, NULL);
- }
-#else
- matched = sqVerifyIP(ssl, cert, ssl->serverName, serverNameLength);
- if (matched == INVALID_IP_STRING) {
- matched = sqVerifyDNS(ssl, cert, ssl->serverName, serverNameLength);
+ //#ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
Is this comment/ifdef still needed?
> +#define sqo_SKM_sk_value(type, st,i) \
+ ((type *)sqo_sk_value(CHECKED_STACK_OF(type, st), i))
+#define sqo_SKM_sk_free(type, st) \
+ sqo_sk_free(CHECKED_STACK_OF(type, st))
+#define sqo_SKM_sk_pop_free(type, st, free_func) \
+ sqo_sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func))
+#define sqo_sk_GENERAL_NAME_num(st) \
+ sqo_SKM_sk_num(GENERAL_NAME, (st))
+#define sqo_sk_GENERAL_NAME_value(st, i) \
+ sqo_SKM_sk_value(GENERAL_NAME, (st), (i))
+#define sqo_sk_GENERAL_NAME_free(st) \
+ sqo_SKM_sk_free(GENERAL_NAME, (st))
+#define sqo_sk_GENERAL_NAME_pop_free(st, free_func) \
+ sqo_SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
+
+#if !defined(X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS)
Could you add a comment when this is not defined? Otherwise, prefix it as well?
-> `sqo_X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS`
> @@ -275,14 +275,20 @@ sqInt sqCreateSSL(void) {
sqInt handle = 0;
sqSSL *ssl = NULL;
- SSL_library_init();
- SSL_load_error_strings();
+ if (!wasInitialized) {
+ if (!loadLibrary()) {
+ return 0;
+ }
+ sqo_SSL_library_init();
Fix indentation
> @@ -275,14 +275,20 @@ sqInt sqCreateSSL(void) {
sqInt handle = 0;
sqSSL *ssl = NULL;
- SSL_library_init();
- SSL_load_error_strings();
+ if (!wasInitialized) {
+ if (!loadLibrary()) {
+ return 0;
+ }
+ sqo_SSL_library_init();
+ sqo_SSL_load_error_strings();
Same
> if ((sAN->type == matchType) &&
sqVerifySAN(ssl, sAN, serverName, serverNameLength, matchType)) {
matchFound = MATCH_FOUND;
break;
}
}
- sk_GENERAL_NAME_pop_free(sANs, GENERAL_NAME_free);
+ sqo_sk_GENERAL_NAME_pop_free(sANs, (void(*)(void*))sqo_sk_free);
I don't understand what's going on here, but please double check if `(void(*)(void*))sqo_sk_free` is the correct substitution for `GENERAL_NAME_free` here.
> +#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ _C(sqo_sk_new_null = (_STACK *(*)(void)) _sqo_find("sk_new_null"));
+ _C(sqo_sk_push = (int (*)(_STACK *st, void *data)) _sqo_find("sk_push"));
+ _C(sqo_sk_free = (void (*)(_STACK *st)) _sqo_find("sk_free"));
+ _C(sqo_sk_value = (void *(*)(const _STACK *st, int i)) _sqo_find("sk_value"));
+ _C(sqo_sk_num = (int (*)(const _STACK *st)) _sqo_find("sk_num"));
+ _C(sqo_sk_pop_free = (void (*)(_STACK *st, void (*func) (void *))) _sqo_find("sk_pop_free"));
+#else
+ _C(sqo_sk_new_null = (STACK *(*)(void)) _sqo_find("sk_new_null"));
+ _C(sqo_sk_push = (int (*)(STACK *st, char *data)) _sqo_find("sk_push"));
+ _C(sqo_sk_free = (void (*)(STACK *st)) _sqo_find("sk_free"));
+ _C(sqo_sk_value = (char *(*)(STACK *st, int i)) _sqo_find("sk_value"));
+ _C(sqo_sk_num = (int (*)(STACK *st)) _sqo_find("sk_num"));
+ _C(sqo_sk_pop_free = (void (*)(STACK *st, void (*func) (void *))) _sqo_find("sk_pop_free"));
+#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L
+ return true;
Can't this be in the previous `#if OPENSSL_VERSION_NUMBER >= 0x10000000L` in line 282?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/OpenSmalltalk/opensmalltalk-vm/pull/205#pullrequestreview-92725566
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20180130/bcf05423/attachment-0001.html>
More information about the Vm-dev
mailing list