@fniephaus commented on this pull request.
In platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:
> @@ -432,19 +438,20 @@ sqInt sqConnectSSL(sqInt handle, char* srcBuf, sqInt srcLen, char *dstBuf, sqInt if (ssl->serverName) { const size_t serverNameLength = strnlen(ssl->serverName, MAX_HOSTNAME_LENGTH); -#ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS - if(ssl->loglevel) printf("sqConnectSSL: X509_check_host."); - /* Try IP first, expect INVALID_IP_STRING to continue with hostname */ - matched = (enum sqMatchResult) X509_check_ip_asc(cert, ssl->serverName, 0); - if (matched == INVALID_IP_STRING) { - matched = (enum sqMatchResult) X509_check_host(cert, ssl->serverName, serverNameLength, X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS, NULL); - } -#else - matched = sqVerifyIP(ssl, cert, ssl->serverName, serverNameLength); - if (matched == INVALID_IP_STRING) { - matched = sqVerifyDNS(ssl, cert, ssl->serverName, serverNameLength); + //#ifdef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
Is this comment/ifdef still needed?
In platforms/unix/plugins/SqueakSSL/openssl_overlay.h:
> +#define sqo_SKM_sk_value(type, st,i) \ + ((type *)sqo_sk_value(CHECKED_STACK_OF(type, st), i)) +#define sqo_SKM_sk_free(type, st) \ + sqo_sk_free(CHECKED_STACK_OF(type, st)) +#define sqo_SKM_sk_pop_free(type, st, free_func) \ + sqo_sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) +#define sqo_sk_GENERAL_NAME_num(st) \ + sqo_SKM_sk_num(GENERAL_NAME, (st)) +#define sqo_sk_GENERAL_NAME_value(st, i) \ + sqo_SKM_sk_value(GENERAL_NAME, (st), (i)) +#define sqo_sk_GENERAL_NAME_free(st) \ + sqo_SKM_sk_free(GENERAL_NAME, (st)) +#define sqo_sk_GENERAL_NAME_pop_free(st, free_func) \ + sqo_SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) + +#if !defined(X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS)
Could you add a comment when this is not defined? Otherwise, prefix it as well?
-> sqo_X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
In platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:
> @@ -275,14 +275,20 @@ sqInt sqCreateSSL(void) { sqInt handle = 0; sqSSL *ssl = NULL; - SSL_library_init(); - SSL_load_error_strings(); + if (!wasInitialized) { + if (!loadLibrary()) { + return 0; + } + sqo_SSL_library_init();
Fix indentation
In platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:
> @@ -275,14 +275,20 @@ sqInt sqCreateSSL(void) { sqInt handle = 0; sqSSL *ssl = NULL; - SSL_library_init(); - SSL_load_error_strings(); + if (!wasInitialized) { + if (!loadLibrary()) { + return 0; + } + sqo_SSL_library_init(); + sqo_SSL_load_error_strings();
Same
In platforms/unix/plugins/SqueakSSL/sqUnixOpenSSL.c:
> if ((sAN->type == matchType) && sqVerifySAN(ssl, sAN, serverName, serverNameLength, matchType)) { matchFound = MATCH_FOUND; break; } } - sk_GENERAL_NAME_pop_free(sANs, GENERAL_NAME_free); + sqo_sk_GENERAL_NAME_pop_free(sANs, (void(*)(void*))sqo_sk_free);
I don't understand what's going on here, but please double check if (void(*)(void*))sqo_sk_free
is the correct substitution for GENERAL_NAME_free
here.
In platforms/unix/plugins/SqueakSSL/openssl_overlay.h:
> +#if OPENSSL_VERSION_NUMBER >= 0x10000000L + _C(sqo_sk_new_null = (_STACK *(*)(void)) _sqo_find("sk_new_null")); + _C(sqo_sk_push = (int (*)(_STACK *st, void *data)) _sqo_find("sk_push")); + _C(sqo_sk_free = (void (*)(_STACK *st)) _sqo_find("sk_free")); + _C(sqo_sk_value = (void *(*)(const _STACK *st, int i)) _sqo_find("sk_value")); + _C(sqo_sk_num = (int (*)(const _STACK *st)) _sqo_find("sk_num")); + _C(sqo_sk_pop_free = (void (*)(_STACK *st, void (*func) (void *))) _sqo_find("sk_pop_free")); +#else + _C(sqo_sk_new_null = (STACK *(*)(void)) _sqo_find("sk_new_null")); + _C(sqo_sk_push = (int (*)(STACK *st, char *data)) _sqo_find("sk_push")); + _C(sqo_sk_free = (void (*)(STACK *st)) _sqo_find("sk_free")); + _C(sqo_sk_value = (char *(*)(STACK *st, int i)) _sqo_find("sk_value")); + _C(sqo_sk_num = (int (*)(STACK *st)) _sqo_find("sk_num")); + _C(sqo_sk_pop_free = (void (*)(STACK *st, void (*func) (void *))) _sqo_find("sk_pop_free")); +#endif // OPENSSL_VERSION_NUMBER >= 0x10000000L + return true;
Can't this be in the previous #if OPENSSL_VERSION_NUMBER >= 0x10000000L
in line 282?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.