-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL_get_tlsext_status_ocsp_resp expects pointer to non-const pointer #3477
Labels
Comments
How about this? diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 45e72d6a3..9d11b89e5 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1690,27 +1690,28 @@ static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
!defined(OPENSSL_NO_OCSP)
static CURLcode verifystatus(struct connectdata *conn,
struct ssl_connect_data *connssl)
{
int i, ocsp_status;
+ unsigned char *status;
const unsigned char *p;
CURLcode result = CURLE_OK;
struct Curl_easy *data = conn->data;
OCSP_RESPONSE *rsp = NULL;
OCSP_BASICRESP *br = NULL;
X509_STORE *st = NULL;
STACK_OF(X509) *ch = NULL;
- long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p);
+ long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status);
- if(!p) {
+ if(!status) {
failf(data, "No OCSP response received");
result = CURLE_SSL_INVALIDCERTSTATUS;
goto end;
}
-
+ p = status;
rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
if(!rsp) {
failf(data, "Invalid OCSP response");
result = CURLE_SSL_INVALIDCERTSTATUS;
goto end; |
bagder
added a commit
that referenced
this issue
Jan 15, 2019
.... to not pass in a const in the second argument as that's not how it is supposed to be used and might cause compiler warnings. Reported-by: Pavel Pavlov Fixes #3477
yes, this will work |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
vtsls/openssl.c:
However, SSL_get_tlsext_status_ocsp_resp is declared as
long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp);
SSL_get_tlsext_status_ocsp_resp
is preprocessed into a call tolong SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
where parg is the lastp
argument. Effectively, const gets lost ifconst unsigned char**
gets converted tovoid*
. In ms compiler that results in a compilation error.If I change declaration to
unsigned char *p;
then it fails to compile on linux a few lines below:curl/lib/vtls/openssl.c
Line 1695 in 2fa0d57
The text was updated successfully, but these errors were encountered: