[squid-dev] OpenSSL 1.1.0f build issues
Alex Rousskov
rousskov at measurement-factory.com
Mon Aug 28 19:40:11 UTC 2017
On 08/28/2017 08:44 AM, Alex Rousskov wrote:
> On 08/27/2017 08:50 PM, Amos Jeffries wrote:
>
>> I have a patch in my TLS config branch, if it looks okay with you I will
>> make a PR to add it separately.
>> https://github.com/yadij/squid/commit/192c5b931a5b0484246e21fd02310974131d32a6
>
>> + AC_DEFINE_UNQUOTED(const_ASN1_BIT_STRING, [ASN1_BIT_STRING])
>> + AC_DEFINE_UNQUOTED(const_X509_ALGOR, [X509_ALGOR])
>
> I do not think we should lie about the actual constness of those types.
> I suggest using something like extracted_ASN1_BIT_STRING and
> extracted_X509_ALGOR names instead.
>
>
>> - X509_ALGOR *sig_alg;
>> + const_X509_ALGOR *sig_alg;
>
> Please use this opportunity to initialize sig_alg to nullptr before
> passing it to an external function. The other parameter (sig) is already
> initialized.
Also, please note that printX509Signature() in ssl/gadgets.cc is also
broken in a similar way.
IMHO, we should replace all HAVE_LIBCRYPTO_X509_GET0_SIGNATURE checks
with X509_get0_signaturex() or a similar wrapper that takes care both of
the function presence and its argument constness.
Thank you,
Alex.
More information about the squid-dev
mailing list