<p><b>@fniephaus</b> commented on this pull request.</p>

<hr>

<p>In <a href="https://github.com/OpenSmalltalk/opensmalltalk-vm/pull/205#discussion_r164881959">platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c</a>:</p>
<pre style='color:#555'>> @@ -432,19 +438,20 @@ sqInt sqConnectSSL(sqInt handle, char* srcBuf, sqInt srcLen, char *dstBuf, sqInt
 
                if (ssl->serverName) {
                        const size_t serverNameLength = strnlen(ssl->serverName, MAX_HOSTNAME_LENGTH);
-#ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
-                       if(ssl->loglevel) printf("sqConnectSSL: X509_check_host.");
-                       /* Try IP first, expect INVALID_IP_STRING to continue with hostname */
-                       matched = (enum sqMatchResult) X509_check_ip_asc(cert, ssl->serverName, 0);
-                       if (matched == INVALID_IP_STRING) {
-                               matched = (enum sqMatchResult) X509_check_host(cert, ssl->serverName, serverNameLength, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS, NULL);
-                       }
-#else
-                       matched = sqVerifyIP(ssl, cert, ssl->serverName, serverNameLength);
-                       if (matched == INVALID_IP_STRING) {
-                               matched = sqVerifyDNS(ssl, cert, ssl->serverName, serverNameLength);
+                        //#ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
</pre>
<p>Is this comment/ifdef still needed?</p>

<hr>

<p>In <a href="https://github.com/OpenSmalltalk/opensmalltalk-vm/pull/205#discussion_r164882729">platforms/unix/plugins/SqueakSSL/openssl_overlay.h</a>:</p>
<pre style='color:#555'>> +#define sqo_SKM_sk_value(type, st,i)                    \
+  ((type *)sqo_sk_value(CHECKED_STACK_OF(type, st), i))
+#define sqo_SKM_sk_free(type, st)               \
+  sqo_sk_free(CHECKED_STACK_OF(type, st))
+#define sqo_SKM_sk_pop_free(type, st, free_func)                        \
+  sqo_sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func))
+#define sqo_sk_GENERAL_NAME_num(st)             \
+  sqo_SKM_sk_num(GENERAL_NAME, (st))
+#define sqo_sk_GENERAL_NAME_value(st, i)        \
+  sqo_SKM_sk_value(GENERAL_NAME, (st), (i))
+#define sqo_sk_GENERAL_NAME_free(st)            \
+  sqo_SKM_sk_free(GENERAL_NAME, (st))
+#define sqo_sk_GENERAL_NAME_pop_free(st, free_func)     \
+  sqo_SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
+
+#if !defined(X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS)
</pre>
<p>Could you add a comment when this is not defined? Otherwise, prefix it as well?<br>
-> <code>sqo_X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS</code></p>

<hr>

<p>In <a href="https://github.com/OpenSmalltalk/opensmalltalk-vm/pull/205#discussion_r164883030">platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c</a>:</p>
<pre style='color:#555'>> @@ -275,14 +275,20 @@ sqInt sqCreateSSL(void) {
        sqInt handle = 0;
        sqSSL *ssl = NULL;
 
-       SSL_library_init();
-       SSL_load_error_strings();
+       if (!wasInitialized) {
+               if (!loadLibrary()) {
+                       return 0;
+               }
+                sqo_SSL_library_init();
</pre>
<p>Fix indentation</p>

<hr>

<p>In <a href="https://github.com/OpenSmalltalk/opensmalltalk-vm/pull/205#discussion_r164883060">platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c</a>:</p>
<pre style='color:#555'>> @@ -275,14 +275,20 @@ sqInt sqCreateSSL(void) {
        sqInt handle = 0;
        sqSSL *ssl = NULL;
 
-       SSL_library_init();
-       SSL_load_error_strings();
+       if (!wasInitialized) {
+               if (!loadLibrary()) {
+                       return 0;
+               }
+                sqo_SSL_library_init();
+                sqo_SSL_load_error_strings();
</pre>
<p>Same</p>

<hr>

<p>In <a href="https://github.com/OpenSmalltalk/opensmalltalk-vm/pull/205#discussion_r164884385">platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c</a>:</p>
<pre style='color:#555'>>                      if ((sAN->type == matchType) &&
                            sqVerifySAN(ssl, sAN, serverName, serverNameLength, matchType)) {
                                matchFound = MATCH_FOUND;
                                break;
                        }
                }
-               sk_GENERAL_NAME_pop_free(sANs, GENERAL_NAME_free);
+               sqo_sk_GENERAL_NAME_pop_free(sANs, (void(*)(void*))sqo_sk_free);
</pre>
<p>I don't understand what's going on here, but please double check if <code>(void(*)(void*))sqo_sk_free</code> is the correct substitution for <code>GENERAL_NAME_free</code> here.</p>

<hr>

<p>In <a href="https://github.com/OpenSmalltalk/opensmalltalk-vm/pull/205#discussion_r164884738">platforms/unix/plugins/SqueakSSL/openssl_overlay.h</a>:</p>
<pre style='color:#555'>> +#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+  _C(sqo_sk_new_null = (_STACK *(*)(void)) _sqo_find("sk_new_null"));
+  _C(sqo_sk_push = (int (*)(_STACK *st, void *data)) _sqo_find("sk_push"));
+  _C(sqo_sk_free = (void (*)(_STACK *st)) _sqo_find("sk_free"));
+  _C(sqo_sk_value = (void *(*)(const _STACK *st, int i)) _sqo_find("sk_value"));
+  _C(sqo_sk_num = (int (*)(const _STACK *st)) _sqo_find("sk_num"));
+  _C(sqo_sk_pop_free = (void (*)(_STACK *st, void (*func) (void *))) _sqo_find("sk_pop_free"));
+#else
+  _C(sqo_sk_new_null = (STACK *(*)(void)) _sqo_find("sk_new_null"));
+  _C(sqo_sk_push = (int (*)(STACK *st, char *data)) _sqo_find("sk_push"));
+  _C(sqo_sk_free = (void (*)(STACK *st)) _sqo_find("sk_free"));
+  _C(sqo_sk_value = (char *(*)(STACK *st, int i)) _sqo_find("sk_value"));
+  _C(sqo_sk_num = (int (*)(STACK *st)) _sqo_find("sk_num"));
+  _C(sqo_sk_pop_free = (void (*)(STACK *st, void (*func) (void *))) _sqo_find("sk_pop_free"));
+#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L
+  return true;
</pre>
<p>Can't this be in the previous <code>#if OPENSSL_VERSION_NUMBER >= 0x10000000L</code> in line 282?</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/OpenSmalltalk/opensmalltalk-vm/pull/205#pullrequestreview-92725566">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AhLyW2n9N11QpWfSwC9-xk_nXTxpq8UUks5tP4p_gaJpZM4Ry3U6">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AhLyW7InCagCcsWemzr6qo5pIij9JemXks5tP4p_gaJpZM4Ry3U6.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/OpenSmalltalk/opensmalltalk-vm/pull/205#pullrequestreview-92725566"></link>
  <meta itemprop="name" content="View Pull Request"></meta>
</div>
<meta itemprop="description" content="View this Pull Request on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/OpenSmalltalk/opensmalltalk-vm","title":"OpenSmalltalk/opensmalltalk-vm","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/OpenSmalltalk/opensmalltalk-vm"}},"updates":{"snippets":[{"icon":"PERSON","message":"@fniephaus commented on #205"}],"action":{"name":"View Pull Request","url":"https://github.com/OpenSmalltalk/opensmalltalk-vm/pull/205#pullrequestreview-92725566"}}}</script>