mirror of
https://github.com/curl/curl.git
synced 2025-01-24 14:15:18 +08:00
lib/v*: tidy up types and casts
Also add a couple of negative checks. Cherry-picked from #13489 Closes #13622
This commit is contained in:
parent
1d63e331de
commit
0887297100
@ -482,9 +482,9 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
|
||||
CURLcode result = CURLE_OK;
|
||||
size_t size;
|
||||
unsigned char ntlmbuf[NTLM_BUFSIZE];
|
||||
int lmrespoff;
|
||||
unsigned int lmrespoff;
|
||||
unsigned char lmresp[24]; /* fixed-size */
|
||||
int ntrespoff;
|
||||
unsigned int ntrespoff;
|
||||
unsigned int ntresplen = 24;
|
||||
unsigned char ntresp[24]; /* fixed-size */
|
||||
unsigned char *ptr_ntresp = &ntresp[0];
|
||||
@ -585,7 +585,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data,
|
||||
return result;
|
||||
|
||||
Curl_ntlm_core_lm_resp(lmbuffer, &ntlm->nonce[0], lmresp);
|
||||
ntlm->flags &= ~NTLMFLAG_NEGOTIATE_NTLM2_KEY;
|
||||
ntlm->flags &= ~(unsigned int)NTLMFLAG_NEGOTIATE_NTLM2_KEY;
|
||||
|
||||
/* A safer but less compatible alternative is:
|
||||
* Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], lmresp);
|
||||
|
@ -128,9 +128,9 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
|
||||
|
||||
if(!nego->output_token) {
|
||||
/* Query the security package for Negotiate */
|
||||
nego->status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
|
||||
TEXT(SP_NAME_NEGOTIATE),
|
||||
&SecurityPackage);
|
||||
nego->status = (DWORD)s_pSecFn->QuerySecurityPackageInfo((TCHAR *)
|
||||
TEXT(SP_NAME_NEGOTIATE),
|
||||
&SecurityPackage);
|
||||
if(nego->status != SEC_E_OK) {
|
||||
failf(data, "SSPI: couldn't get auth info");
|
||||
return CURLE_AUTH_ERROR;
|
||||
@ -168,7 +168,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
||||
/* Acquire our credentials handle */
|
||||
nego->status =
|
||||
nego->status = (DWORD)
|
||||
s_pSecFn->AcquireCredentialsHandle(NULL,
|
||||
(TCHAR *)TEXT(SP_NAME_NEGOTIATE),
|
||||
SECPKG_CRED_OUTBOUND, NULL,
|
||||
@ -218,7 +218,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
|
||||
SEC_CHANNEL_BINDINGS channelBindings;
|
||||
SecPkgContext_Bindings pkgBindings;
|
||||
pkgBindings.Bindings = &channelBindings;
|
||||
nego->status = s_pSecFn->QueryContextAttributes(
|
||||
nego->status = (DWORD)s_pSecFn->QueryContextAttributes(
|
||||
nego->sslContext,
|
||||
SECPKG_ATTR_ENDPOINT_BINDINGS,
|
||||
&pkgBindings
|
||||
@ -242,7 +242,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
|
||||
resp_buf.cbBuffer = curlx_uztoul(nego->token_max);
|
||||
|
||||
/* Generate our challenge-response message */
|
||||
nego->status = s_pSecFn->InitializeSecurityContext(nego->credentials,
|
||||
nego->status = (DWORD)s_pSecFn->InitializeSecurityContext(nego->credentials,
|
||||
chlg ? nego->context :
|
||||
NULL,
|
||||
nego->spn,
|
||||
@ -259,7 +259,7 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
|
||||
if(GSS_ERROR(nego->status)) {
|
||||
char buffer[STRERROR_LEN];
|
||||
failf(data, "InitializeSecurityContext failed: %s",
|
||||
Curl_sspi_strerror(nego->status, buffer, sizeof(buffer)));
|
||||
Curl_sspi_strerror((int)nego->status, buffer, sizeof(buffer)));
|
||||
|
||||
if(nego->status == (DWORD)SEC_E_INSUFFICIENT_MEMORY)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
@ -269,11 +269,12 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
|
||||
|
||||
if(nego->status == SEC_I_COMPLETE_NEEDED ||
|
||||
nego->status == SEC_I_COMPLETE_AND_CONTINUE) {
|
||||
nego->status = s_pSecFn->CompleteAuthToken(nego->context, &resp_desc);
|
||||
nego->status = (DWORD)s_pSecFn->CompleteAuthToken(nego->context,
|
||||
&resp_desc);
|
||||
if(GSS_ERROR(nego->status)) {
|
||||
char buffer[STRERROR_LEN];
|
||||
failf(data, "CompleteAuthToken failed: %s",
|
||||
Curl_sspi_strerror(nego->status, buffer, sizeof(buffer)));
|
||||
Curl_sspi_strerror((int)nego->status, buffer, sizeof(buffer)));
|
||||
|
||||
if(nego->status == (DWORD)SEC_E_INSUFFICIENT_MEMORY)
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
|
@ -326,8 +326,8 @@ static void pktx_update_time(struct pkt_io_ctx *pktx,
|
||||
struct cf_ngtcp2_ctx *ctx = cf->ctx;
|
||||
|
||||
vquic_ctx_update_time(&ctx->q);
|
||||
pktx->ts = ctx->q.last_op.tv_sec * NGTCP2_SECONDS +
|
||||
ctx->q.last_op.tv_usec * NGTCP2_MICROSECONDS;
|
||||
pktx->ts = (ngtcp2_tstamp)ctx->q.last_op.tv_sec * NGTCP2_SECONDS +
|
||||
(ngtcp2_tstamp)ctx->q.last_op.tv_usec * NGTCP2_MICROSECONDS;
|
||||
}
|
||||
|
||||
static void pktx_init(struct pkt_io_ctx *pktx,
|
||||
@ -417,7 +417,7 @@ static void quic_settings(struct cf_ngtcp2_ctx *ctx,
|
||||
}
|
||||
}
|
||||
|
||||
static int init_ngh3_conn(struct Curl_cfilter *cf);
|
||||
static CURLcode init_ngh3_conn(struct Curl_cfilter *cf);
|
||||
|
||||
static int cb_handshake_completed(ngtcp2_conn *tconn, void *user_data)
|
||||
{
|
||||
@ -506,8 +506,8 @@ static int cb_recv_stream_data(ngtcp2_conn *tconn, uint32_t flags,
|
||||
/* number of bytes inside buflen which consists of framing overhead
|
||||
* including QPACK HEADERS. In other words, it does not consume payload of
|
||||
* DATA frame. */
|
||||
ngtcp2_conn_extend_max_stream_offset(tconn, stream_id, nconsumed);
|
||||
ngtcp2_conn_extend_max_offset(tconn, nconsumed);
|
||||
ngtcp2_conn_extend_max_stream_offset(tconn, stream_id, (uint64_t)nconsumed);
|
||||
ngtcp2_conn_extend_max_offset(tconn, (uint64_t)nconsumed);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -798,7 +798,8 @@ static CURLcode check_and_set_expiry(struct Curl_cfilter *cf,
|
||||
if(timeout % NGTCP2_MILLISECONDS) {
|
||||
timeout += NGTCP2_MILLISECONDS;
|
||||
}
|
||||
Curl_expire(data, timeout / NGTCP2_MILLISECONDS, EXPIRE_QUIC);
|
||||
Curl_expire(data, (timediff_t)(timeout / NGTCP2_MILLISECONDS),
|
||||
EXPIRE_QUIC);
|
||||
}
|
||||
}
|
||||
return CURLE_OK;
|
||||
@ -1091,7 +1092,7 @@ static nghttp3_callbacks ngh3_callbacks = {
|
||||
NULL /* recv_settings */
|
||||
};
|
||||
|
||||
static int init_ngh3_conn(struct Curl_cfilter *cf)
|
||||
static CURLcode init_ngh3_conn(struct Curl_cfilter *cf)
|
||||
{
|
||||
struct cf_ngtcp2_ctx *ctx = cf->ctx;
|
||||
CURLcode result;
|
||||
@ -1631,7 +1632,7 @@ static CURLcode recv_pkt(const unsigned char *pkt, size_t pktlen,
|
||||
|
||||
++pktx->pkt_count;
|
||||
ngtcp2_addr_init(&path.local, (struct sockaddr *)&ctx->q.local_addr,
|
||||
ctx->q.local_addrlen);
|
||||
(socklen_t)ctx->q.local_addrlen);
|
||||
ngtcp2_addr_init(&path.remote, (struct sockaddr *)remote_addr,
|
||||
remote_addrlen);
|
||||
pi.ecn = (uint8_t)ecn;
|
||||
@ -2196,7 +2197,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf,
|
||||
(struct sockaddr *)&ctx->q.local_addr,
|
||||
ctx->q.local_addrlen);
|
||||
ngtcp2_addr_init(&ctx->connected_path.remote,
|
||||
&sockaddr->sa_addr, sockaddr->addrlen);
|
||||
&sockaddr->sa_addr, (socklen_t)sockaddr->addrlen);
|
||||
|
||||
rc = ngtcp2_conn_client_new(&ctx->qconn, &ctx->dcid, &ctx->scid,
|
||||
&ctx->connected_path,
|
||||
@ -2343,7 +2344,7 @@ static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf,
|
||||
*pres1 = (max_streams > INT_MAX)? INT_MAX : (int)max_streams;
|
||||
}
|
||||
else /* transport params not arrived yet? take our default. */
|
||||
*pres1 = Curl_multi_max_concurrent_streams(data->multi);
|
||||
*pres1 = (int)Curl_multi_max_concurrent_streams(data->multi);
|
||||
CURL_TRC_CF(data, cf, "query conn[%" CURL_FORMAT_CURL_OFF_T "]: "
|
||||
"MAX_CONCURRENT -> %d (%zu in use)",
|
||||
cf->conn->connection_id, *pres1, CONN_INUSE(cf->conn));
|
||||
|
@ -232,7 +232,7 @@ static CURLcode cf_osslq_stream_open(struct cf_osslq_stream *s,
|
||||
if(!s->ssl) {
|
||||
return CURLE_FAILED_INIT;
|
||||
}
|
||||
s->id = SSL_get_stream_id(s->ssl);
|
||||
s->id = (curl_int64_t)SSL_get_stream_id(s->ssl);
|
||||
SSL_set_app_data(s->ssl, user_data);
|
||||
return CURLE_OK;
|
||||
}
|
||||
@ -355,12 +355,12 @@ static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3,
|
||||
struct Curl_easy *data)
|
||||
{
|
||||
struct cf_osslq_ctx *ctx = cf->ctx;
|
||||
int64_t stream_id = SSL_get_stream_id(stream_ssl);
|
||||
curl_int64_t stream_id = (curl_int64_t)SSL_get_stream_id(stream_ssl);
|
||||
|
||||
if(h3->remote_ctrl_n >= ARRAYSIZE(h3->remote_ctrl)) {
|
||||
/* rejected, we are full */
|
||||
CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] rejecting remote stream",
|
||||
(curl_int64_t)stream_id);
|
||||
stream_id);
|
||||
SSL_free(stream_ssl);
|
||||
return CURLE_FAILED_INIT;
|
||||
}
|
||||
@ -371,12 +371,12 @@ static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3,
|
||||
nstream->ssl = stream_ssl;
|
||||
Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE);
|
||||
CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] accepted remote uni stream",
|
||||
(curl_int64_t)stream_id);
|
||||
stream_id);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
CURL_TRC_CF(data, cf, "[%" CURL_PRId64 "] reject remote non-uni-read"
|
||||
" stream", (curl_int64_t)stream_id);
|
||||
" stream", stream_id);
|
||||
SSL_free(stream_ssl);
|
||||
return CURLE_FAILED_INIT;
|
||||
}
|
||||
|
@ -211,7 +211,7 @@ static CURLcode Curl_wssl_init_ssl(struct curl_tls_ctx *ctx,
|
||||
|
||||
if(alpn)
|
||||
wolfSSL_set_alpn_protos(ctx->wssl.handle, (const unsigned char *)alpn,
|
||||
(int)alpn_len);
|
||||
(unsigned int)alpn_len);
|
||||
|
||||
if(peer->sni) {
|
||||
wolfSSL_UseSNI(ctx->wssl.handle, WOLFSSL_SNI_HOST_NAME,
|
||||
|
@ -740,7 +740,8 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block)
|
||||
break;
|
||||
}
|
||||
|
||||
sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL);
|
||||
sshc->auth_methods =
|
||||
(unsigned int)ssh_userauth_list(sshc->ssh_session, NULL);
|
||||
if(sshc->auth_methods)
|
||||
infof(data, "SSH authentication methods available: %s%s%s%s",
|
||||
sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY ?
|
||||
@ -2611,7 +2612,7 @@ static ssize_t sftp_recv(struct Curl_easy *data, int sockindex,
|
||||
|
||||
nread = sftp_async_read(conn->proto.sshc.sftp_file,
|
||||
mem, (uint32_t)len,
|
||||
conn->proto.sshc.sftp_file_index);
|
||||
(uint32_t)conn->proto.sshc.sftp_file_index);
|
||||
|
||||
myssh_block2waitfor(conn, (nread == SSH_AGAIN)?TRUE:FALSE);
|
||||
|
||||
|
@ -422,20 +422,20 @@ static int sshkeycallback(struct Curl_easy *easy,
|
||||
#define SCP_SEND(a,b,c,d) libssh2_scp_send_ex(a, b, (int)(c), (size_t)d, 0, 0)
|
||||
#else
|
||||
#define SCP_SEND(a,b,c,d) libssh2_scp_send64(a, b, (int)(c), \
|
||||
(libssh2_uint64_t)d, 0, 0)
|
||||
(libssh2_int64_t)d, 0, 0)
|
||||
#endif
|
||||
|
||||
/*
|
||||
* libssh2 1.2.8 fixed the problem with 32bit ints used for sockets on win64.
|
||||
* libssh2 1.2.8 fixed the problem with 32-bit ints used for sockets on win64.
|
||||
*/
|
||||
#ifdef HAVE_LIBSSH2_SESSION_HANDSHAKE
|
||||
#define session_startup(x,y) libssh2_session_handshake(x, y)
|
||||
#else
|
||||
#define session_startup(x,y) libssh2_session_startup(x, (int)y)
|
||||
#endif
|
||||
static int convert_ssh2_keytype(int sshkeytype)
|
||||
static enum curl_khtype convert_ssh2_keytype(int sshkeytype)
|
||||
{
|
||||
int keytype = CURLKHTYPE_UNKNOWN;
|
||||
enum curl_khtype keytype = CURLKHTYPE_UNKNOWN;
|
||||
switch(sshkeytype) {
|
||||
case LIBSSH2_HOSTKEY_TYPE_RSA:
|
||||
keytype = CURLKHTYPE_RSA;
|
||||
@ -780,10 +780,10 @@ static CURLcode ssh_check_fingerprint(struct Curl_easy *data)
|
||||
const char *remotekey = libssh2_session_hostkey(sshc->ssh_session,
|
||||
&keylen, &sshkeytype);
|
||||
if(remotekey) {
|
||||
int keytype = convert_ssh2_keytype(sshkeytype);
|
||||
enum curl_khtype keytype = convert_ssh2_keytype(sshkeytype);
|
||||
Curl_set_in_callback(data, true);
|
||||
rc = data->set.ssh_hostkeyfunc(data->set.ssh_hostkeyfunc_userp,
|
||||
keytype, remotekey, keylen);
|
||||
(int)keytype, remotekey, keylen);
|
||||
Curl_set_in_callback(data, false);
|
||||
if(rc!= CURLKHMATCH_OK) {
|
||||
state(data, SSH_SESSION_FREE);
|
||||
@ -1860,7 +1860,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
|
||||
case SSH_SFTP_QUOTE_MKDIR:
|
||||
rc = libssh2_sftp_mkdir_ex(sshc->sftp_session, sshc->quote_path1,
|
||||
curlx_uztoui(strlen(sshc->quote_path1)),
|
||||
data->set.new_directory_perms);
|
||||
(long)data->set.new_directory_perms);
|
||||
if(rc == LIBSSH2_ERROR_EAGAIN) {
|
||||
break;
|
||||
}
|
||||
@ -2026,7 +2026,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
|
||||
break;
|
||||
}
|
||||
if(rc == 0) {
|
||||
data->info.filetime = attrs.mtime;
|
||||
data->info.filetime = (time_t)attrs.mtime;
|
||||
}
|
||||
|
||||
state(data, SSH_SFTP_TRANS_INIT);
|
||||
@ -2090,7 +2090,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
|
||||
sshc->sftp_handle =
|
||||
libssh2_sftp_open_ex(sshc->sftp_session, sshp->path,
|
||||
curlx_uztoui(strlen(sshp->path)),
|
||||
flags, data->set.new_file_perms,
|
||||
flags, (long)data->set.new_file_perms,
|
||||
LIBSSH2_SFTP_OPENFILE);
|
||||
|
||||
if(!sshc->sftp_handle) {
|
||||
@ -2254,7 +2254,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
|
||||
/* 'mode' - parameter is preliminary - default to 0644 */
|
||||
rc = libssh2_sftp_mkdir_ex(sshc->sftp_session, sshp->path,
|
||||
curlx_uztoui(strlen(sshp->path)),
|
||||
data->set.new_directory_perms);
|
||||
(long)data->set.new_directory_perms);
|
||||
if(rc == LIBSSH2_ERROR_EAGAIN) {
|
||||
break;
|
||||
}
|
||||
@ -2402,7 +2402,8 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
|
||||
rc =
|
||||
libssh2_sftp_symlink_ex(sshc->sftp_session,
|
||||
Curl_dyn_ptr(&sshp->readdir_link),
|
||||
(int)Curl_dyn_len(&sshp->readdir_link),
|
||||
(unsigned int)
|
||||
Curl_dyn_len(&sshp->readdir_link),
|
||||
sshp->readdir_filename,
|
||||
PATH_MAX, LIBSSH2_SFTP_READLINK);
|
||||
if(rc == LIBSSH2_ERROR_EAGAIN) {
|
||||
@ -2463,7 +2464,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block)
|
||||
sshc->sftp_handle =
|
||||
libssh2_sftp_open_ex(sshc->sftp_session, sshp->path,
|
||||
curlx_uztoui(strlen(sshp->path)),
|
||||
LIBSSH2_FXF_READ, data->set.new_file_perms,
|
||||
LIBSSH2_FXF_READ, (long)data->set.new_file_perms,
|
||||
LIBSSH2_SFTP_OPENFILE);
|
||||
if(!sshc->sftp_handle) {
|
||||
if(libssh2_session_last_errno(sshc->ssh_session) ==
|
||||
@ -3290,7 +3291,7 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done)
|
||||
#if LIBSSH2_VERSION_NUM >= 0x010B00
|
||||
if(data->set.server_response_timeout > 0) {
|
||||
libssh2_session_set_read_timeout(sshc->ssh_session,
|
||||
data->set.server_response_timeout / 1000);
|
||||
(long)(data->set.server_response_timeout / 1000));
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -163,7 +163,7 @@ struct ssh_conn {
|
||||
unsigned kbd_state; /* 0 or 1 */
|
||||
ssh_key privkey;
|
||||
ssh_key pubkey;
|
||||
int auth_methods;
|
||||
unsigned int auth_methods;
|
||||
ssh_session ssh_session;
|
||||
ssh_scp scp_session;
|
||||
sftp_session sftp_session;
|
||||
|
@ -327,7 +327,7 @@ static unsigned x509_end_chain(const br_x509_class **ctx)
|
||||
struct x509_context *x509 = (struct x509_context *)ctx;
|
||||
|
||||
if(!x509->verifypeer) {
|
||||
return br_x509_decoder_last_error(&x509->decoder);
|
||||
return (unsigned)br_x509_decoder_last_error(&x509->decoder);
|
||||
}
|
||||
|
||||
return x509->minimal.vtable->end_chain(&x509->minimal.vtable);
|
||||
|
@ -315,7 +315,7 @@ static CURLcode handshake(struct Curl_cfilter *cf,
|
||||
const char *strerr = NULL;
|
||||
|
||||
if(rc == GNUTLS_E_WARNING_ALERT_RECEIVED) {
|
||||
int alert = gnutls_alert_get(session);
|
||||
gnutls_alert_description_t alert = gnutls_alert_get(session);
|
||||
strerr = gnutls_alert_get_name(alert);
|
||||
}
|
||||
|
||||
@ -332,7 +332,7 @@ static CURLcode handshake(struct Curl_cfilter *cf,
|
||||
const char *strerr = NULL;
|
||||
|
||||
if(rc == GNUTLS_E_FATAL_ALERT_RECEIVED) {
|
||||
int alert = gnutls_alert_get(session);
|
||||
gnutls_alert_description_t alert = gnutls_alert_get(session);
|
||||
strerr = gnutls_alert_get_name(alert);
|
||||
}
|
||||
|
||||
@ -1046,7 +1046,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
|
||||
CURLcode result = CURLE_OK;
|
||||
#ifndef CURL_DISABLE_VERBOSE_STRINGS
|
||||
const char *ptr;
|
||||
unsigned int algo;
|
||||
int algo;
|
||||
unsigned int bits;
|
||||
gnutls_protocol_t version = gnutls_protocol_get_version(session);
|
||||
#endif
|
||||
@ -1094,7 +1094,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
|
||||
if(data->set.ssl.certinfo && chainp) {
|
||||
unsigned int i;
|
||||
|
||||
result = Curl_ssl_init_certinfo(data, cert_list_size);
|
||||
result = Curl_ssl_init_certinfo(data, (int)cert_list_size);
|
||||
if(result)
|
||||
return result;
|
||||
|
||||
@ -1102,7 +1102,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
|
||||
const char *beg = (const char *) chainp[i].data;
|
||||
const char *end = beg + chainp[i].size;
|
||||
|
||||
result = Curl_extract_certinfo(data, i, beg, end);
|
||||
result = Curl_extract_certinfo(data, (int)i, beg, end);
|
||||
if(result)
|
||||
return result;
|
||||
}
|
||||
@ -1259,7 +1259,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
|
||||
gnutls_x509_crt_init(&x509_issuer);
|
||||
issuerp = load_file(config->issuercert);
|
||||
gnutls_x509_crt_import(x509_issuer, &issuerp, GNUTLS_X509_FMT_PEM);
|
||||
rc = gnutls_x509_crt_check_issuer(x509_cert, x509_issuer);
|
||||
rc = (int)gnutls_x509_crt_check_issuer(x509_cert, x509_issuer);
|
||||
gnutls_x509_crt_deinit(x509_issuer);
|
||||
unload_file(issuerp);
|
||||
if(rc <= 0) {
|
||||
@ -1288,7 +1288,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
|
||||
in RFC2818 (HTTPS), which takes into account wildcards, and the subject
|
||||
alternative name PKIX extension. Returns non zero on success, and zero on
|
||||
failure. */
|
||||
rc = gnutls_x509_crt_check_hostname(x509_cert, peer->hostname);
|
||||
rc = (int)gnutls_x509_crt_check_hostname(x509_cert, peer->hostname);
|
||||
#if GNUTLS_VERSION_NUMBER < 0x030306
|
||||
/* Before 3.3.6, gnutls_x509_crt_check_hostname() didn't check IP
|
||||
addresses. */
|
||||
@ -1423,7 +1423,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
|
||||
/* public key algorithm's parameters */
|
||||
algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits);
|
||||
infof(data, " certificate public key: %s",
|
||||
gnutls_pk_algorithm_get_name(algo));
|
||||
gnutls_pk_algorithm_get_name((gnutls_pk_algorithm_t)algo));
|
||||
|
||||
/* version of the X.509 certificate. */
|
||||
infof(data, " certificate version: #%d",
|
||||
@ -1517,7 +1517,7 @@ gtls_connect_common(struct Curl_cfilter *cf,
|
||||
bool *done)
|
||||
{
|
||||
struct ssl_connect_data *connssl = cf->ctx;
|
||||
int rc;
|
||||
CURLcode rc;
|
||||
CURLcode result = CURLE_OK;
|
||||
|
||||
/* Initiate the connection, if not already done */
|
||||
|
@ -788,10 +788,11 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
|
||||
NULL /* rev_timeout() */);
|
||||
|
||||
if(conn_config->cipher_list) {
|
||||
ret = mbed_set_selected_ciphers(data, backend, conn_config->cipher_list);
|
||||
if(ret) {
|
||||
CURLcode result = mbed_set_selected_ciphers(data, backend,
|
||||
conn_config->cipher_list);
|
||||
if(result != CURLE_OK) {
|
||||
failf(data, "mbedTLS: failed to set cipher suites");
|
||||
return ret;
|
||||
return result;
|
||||
}
|
||||
}
|
||||
else {
|
||||
@ -883,11 +884,11 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
|
||||
|
||||
/* give application a chance to interfere with mbedTLS set up. */
|
||||
if(data->set.ssl.fsslctx) {
|
||||
ret = (*data->set.ssl.fsslctx)(data, &backend->config,
|
||||
data->set.ssl.fsslctxp);
|
||||
if(ret) {
|
||||
CURLcode result = (*data->set.ssl.fsslctx)(data, &backend->config,
|
||||
data->set.ssl.fsslctxp);
|
||||
if(result != CURLE_OK) {
|
||||
failf(data, "error signaled by ssl ctx callback");
|
||||
return ret;
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -254,6 +254,13 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
|
||||
typedef size_t numcert_t;
|
||||
#else
|
||||
typedef int numcert_t;
|
||||
#endif
|
||||
#define ossl_valsize_t numcert_t
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
||||
/* up2date versions of OpenSSL maintain reasonably secure defaults without
|
||||
* breaking compatibility, so it is better not to override the defaults in curl
|
||||
@ -373,7 +380,7 @@ static void X509V3_ext(struct Curl_easy *data,
|
||||
|
||||
for(i = 0; i < (int)sk_X509_EXTENSION_num(exts); i++) {
|
||||
ASN1_OBJECT *obj;
|
||||
X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
|
||||
X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, (ossl_valsize_t)i);
|
||||
BUF_MEM *biomem;
|
||||
char namebuf[128];
|
||||
BIO *bio_out = BIO_new(BIO_s_mem());
|
||||
@ -395,12 +402,6 @@ static void X509V3_ext(struct Curl_easy *data,
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
|
||||
typedef size_t numcert_t;
|
||||
#else
|
||||
typedef int numcert_t;
|
||||
#endif
|
||||
|
||||
CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl)
|
||||
{
|
||||
CURLcode result;
|
||||
@ -430,7 +431,7 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl)
|
||||
|
||||
for(i = 0; i < (int)numcerts; i++) {
|
||||
ASN1_INTEGER *num;
|
||||
X509 *x = sk_X509_value(sk, i);
|
||||
X509 *x = sk_X509_value(sk, (ossl_valsize_t)i);
|
||||
EVP_PKEY *pubkey = NULL;
|
||||
int j;
|
||||
char *ptr;
|
||||
@ -719,7 +720,10 @@ static int ossl_bio_cf_out_write(BIO *bio, const char *buf, int blen)
|
||||
CURLcode result = CURLE_SEND_ERROR;
|
||||
|
||||
DEBUGASSERT(data);
|
||||
nwritten = Curl_conn_cf_send(cf->next, data, buf, blen, &result);
|
||||
if(blen < 0)
|
||||
return 0;
|
||||
|
||||
nwritten = Curl_conn_cf_send(cf->next, data, buf, (size_t)blen, &result);
|
||||
CURL_TRC_CF(data, cf, "ossl_bio_cf_out_write(len=%d) -> %d, err=%d",
|
||||
blen, (int)nwritten, result);
|
||||
BIO_clear_retry_flags(bio);
|
||||
@ -744,8 +748,10 @@ static int ossl_bio_cf_in_read(BIO *bio, char *buf, int blen)
|
||||
/* OpenSSL catches this case, so should we. */
|
||||
if(!buf)
|
||||
return 0;
|
||||
if(blen < 0)
|
||||
return 0;
|
||||
|
||||
nread = Curl_conn_cf_recv(cf->next, data, buf, blen, &result);
|
||||
nread = Curl_conn_cf_recv(cf->next, data, buf, (size_t)blen, &result);
|
||||
CURL_TRC_CF(data, cf, "ossl_bio_cf_in_read(len=%d) -> %d, err=%d",
|
||||
blen, (int)nread, result);
|
||||
BIO_clear_retry_flags(bio);
|
||||
@ -955,7 +961,7 @@ static int passwd_callback(char *buf, int num, int encrypting,
|
||||
{
|
||||
DEBUGASSERT(0 == encrypting);
|
||||
|
||||
if(!encrypting) {
|
||||
if(!encrypting && num >= 0) {
|
||||
int klen = curlx_uztosi(strlen((char *)global_passwd));
|
||||
if(num > klen) {
|
||||
memcpy(buf, global_passwd, klen + 1);
|
||||
@ -1006,13 +1012,12 @@ static CURLcode ossl_seed(struct Curl_easy *data)
|
||||
for(i = 0, i_max = len / sizeof(struct curltime); i < i_max; ++i) {
|
||||
struct curltime tv = Curl_now();
|
||||
Curl_wait_ms(1);
|
||||
tv.tv_sec *= i + 1;
|
||||
tv.tv_usec *= (unsigned int)i + 2;
|
||||
tv.tv_sec ^= ((Curl_now().tv_sec + Curl_now().tv_usec) *
|
||||
(i + 3)) << 8;
|
||||
tv.tv_usec ^= (unsigned int) ((Curl_now().tv_sec +
|
||||
Curl_now().tv_usec) *
|
||||
(i + 4)) << 16;
|
||||
tv.tv_sec *= (time_t)i + 1;
|
||||
tv.tv_usec *= (int)i + 2;
|
||||
tv.tv_sec ^= ((Curl_now().tv_sec + (time_t)Curl_now().tv_usec) *
|
||||
(time_t)(i + 3)) << 8;
|
||||
tv.tv_usec ^= (int) ((Curl_now().tv_sec + (time_t)Curl_now().tv_usec) *
|
||||
(time_t)(i + 4)) << 16;
|
||||
memcpy(&randb[i * sizeof(struct curltime)], &tv,
|
||||
sizeof(struct curltime));
|
||||
}
|
||||
@ -1879,7 +1884,7 @@ static void ossl_close(struct Curl_cfilter *cf, struct Curl_easy *data)
|
||||
if(cf->next && cf->next->connected && !connssl->peer_closed) {
|
||||
char buf[1024];
|
||||
int nread, err;
|
||||
long sslerr;
|
||||
unsigned long sslerr;
|
||||
|
||||
/* Maybe the server has already sent a close notify alert.
|
||||
Read it to avoid an RST on the TCP connection. */
|
||||
@ -2375,7 +2380,7 @@ static CURLcode verifystatus(struct Curl_cfilter *cf,
|
||||
|
||||
DEBUGASSERT(octx);
|
||||
|
||||
len = SSL_get_tlsext_status_ocsp_resp(octx->ssl, &status);
|
||||
len = (long)SSL_get_tlsext_status_ocsp_resp(octx->ssl, &status);
|
||||
|
||||
if(!status) {
|
||||
failf(data, "No OCSP response received");
|
||||
@ -2456,7 +2461,7 @@ static CURLcode verifystatus(struct Curl_cfilter *cf,
|
||||
}
|
||||
|
||||
for(i = 0; i < (int)sk_X509_num(ch); i++) {
|
||||
X509 *issuer = sk_X509_value(ch, i);
|
||||
X509 *issuer = sk_X509_value(ch, (ossl_valsize_t)i);
|
||||
if(X509_check_issued(issuer, cert) == X509_V_OK) {
|
||||
id = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
|
||||
break;
|
||||
@ -2801,7 +2806,7 @@ ossl_set_ssl_version_min_max(struct Curl_cfilter *cf, SSL_CTX *ctx)
|
||||
}
|
||||
|
||||
/* ... then, TLS max version */
|
||||
curl_ssl_version_max = conn_config->version_max;
|
||||
curl_ssl_version_max = (long)conn_config->version_max;
|
||||
|
||||
/* convert curl max SSL version option to OpenSSL constant */
|
||||
switch(curl_ssl_version_max) {
|
||||
@ -2842,6 +2847,9 @@ ossl_set_ssl_version_min_max(struct Curl_cfilter *cf, SSL_CTX *ctx)
|
||||
typedef uint32_t ctx_option_t;
|
||||
#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
|
||||
typedef uint64_t ctx_option_t;
|
||||
#elif OPENSSL_VERSION_NUMBER >= 0x10100000L && \
|
||||
!defined(LIBRESSL_VERSION_NUMBER)
|
||||
typedef unsigned long ctx_option_t;
|
||||
#else
|
||||
typedef long ctx_option_t;
|
||||
#endif
|
||||
@ -3009,7 +3017,7 @@ static CURLcode load_cacert_from_memory(X509_STORE *store,
|
||||
|
||||
/* add each entry from PEM file to x509_store */
|
||||
for(i = 0; i < (int)sk_X509_INFO_num(inf); ++i) {
|
||||
itmp = sk_X509_INFO_value(inf, i);
|
||||
itmp = sk_X509_INFO_value(inf, (ossl_valsize_t)i);
|
||||
if(itmp->x509) {
|
||||
if(X509_STORE_add_cert(store, itmp->x509)) {
|
||||
++count;
|
||||
@ -3156,7 +3164,7 @@ static CURLcode import_windows_cert_store(struct Curl_easy *data,
|
||||
else
|
||||
continue;
|
||||
|
||||
x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded);
|
||||
x509 = d2i_X509(NULL, &encoded_cert, (long)pContext->cbCertEncoded);
|
||||
if(!x509)
|
||||
continue;
|
||||
|
||||
@ -3665,14 +3673,14 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx,
|
||||
|
||||
#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
||||
/* mitigate CVE-2010-4180 */
|
||||
ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
|
||||
ctx_options &= ~(ctx_option_t)SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
|
||||
#endif
|
||||
|
||||
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
|
||||
/* unless the user explicitly asks to allow the protocol vulnerability we
|
||||
use the work-around */
|
||||
if(!ssl_config->enable_beast)
|
||||
ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
|
||||
ctx_options &= ~(ctx_option_t)SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
|
||||
#endif
|
||||
|
||||
switch(ssl_version_min) {
|
||||
@ -5122,7 +5130,7 @@ static size_t ossl_version(char *buffer, size_t size)
|
||||
#ifdef LIBRESSL_VERSION_NUMBER
|
||||
#ifdef HAVE_OPENSSL_VERSION
|
||||
char *p;
|
||||
int count;
|
||||
size_t count;
|
||||
const char *ver = OpenSSL_version(OPENSSL_VERSION);
|
||||
const char expected[] = OSSL_PACKAGE " "; /* ie "LibreSSL " */
|
||||
if(strncasecompare(ver, expected, sizeof(expected) - 1)) {
|
||||
@ -5211,7 +5219,7 @@ static CURLcode ossl_random(struct Curl_easy *data,
|
||||
return CURLE_FAILED_INIT;
|
||||
}
|
||||
/* RAND_bytes() returns 1 on success, 0 otherwise. */
|
||||
rc = RAND_bytes(entropy, curlx_uztosi(length));
|
||||
rc = RAND_bytes(entropy, (ossl_valsize_t)curlx_uztosi(length));
|
||||
return (rc == 1 ? CURLE_OK : CURLE_FAILED_INIT);
|
||||
}
|
||||
|
||||
|
@ -101,7 +101,7 @@ read_cb(void *userdata, uint8_t *buf, uintptr_t len, uintptr_t *out_n)
|
||||
}
|
||||
else if(nread == 0)
|
||||
connssl->peer_closed = TRUE;
|
||||
*out_n = (int)nread;
|
||||
*out_n = (uintptr_t)nread;
|
||||
CURL_TRC_CF(io_ctx->data, io_ctx->cf, "cf->next recv(len=%zu) -> %zd, %d",
|
||||
len, nread, result);
|
||||
return ret;
|
||||
@ -122,7 +122,7 @@ write_cb(void *userdata, const uint8_t *buf, uintptr_t len, uintptr_t *out_n)
|
||||
else
|
||||
ret = EINVAL;
|
||||
}
|
||||
*out_n = (int)nwritten;
|
||||
*out_n = (uintptr_t)nwritten;
|
||||
CURL_TRC_CF(io_ctx->data, io_ctx->cf, "cf->next send(len=%zu) -> %zd, %d",
|
||||
len, nwritten, result);
|
||||
return ret;
|
||||
@ -438,7 +438,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
|
||||
const char *hostname = connssl->peer.hostname;
|
||||
char errorbuf[256];
|
||||
size_t errorlen;
|
||||
int result;
|
||||
rustls_result result;
|
||||
|
||||
DEBUGASSERT(backend);
|
||||
rconn = backend->conn;
|
||||
|
@ -171,7 +171,7 @@ schannel_set_ssl_version_min_max(DWORD *enabled_protocols,
|
||||
{
|
||||
struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
|
||||
long ssl_version = conn_config->version;
|
||||
long ssl_version_max = conn_config->version_max;
|
||||
long ssl_version_max = (long)conn_config->version_max;
|
||||
long i = ssl_version;
|
||||
|
||||
switch(ssl_version_max) {
|
||||
@ -364,7 +364,7 @@ set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
|
||||
if(!alg)
|
||||
alg = get_alg_id_by_name(startCur);
|
||||
if(alg)
|
||||
algIds[algCount++] = alg;
|
||||
algIds[algCount++] = (ALG_ID)alg;
|
||||
else if(!strncmp(startCur, "USE_STRONG_CRYPTO",
|
||||
sizeof("USE_STRONG_CRYPTO") - 1) ||
|
||||
!strncmp(startCur, "SCH_USE_STRONG_CRYPTO",
|
||||
@ -377,7 +377,7 @@ set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers,
|
||||
startCur++;
|
||||
}
|
||||
schannel_cred->palgSupportedAlgs = algIds;
|
||||
schannel_cred->cSupportedAlgs = algCount;
|
||||
schannel_cred->cSupportedAlgs = (DWORD)algCount;
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
@ -513,7 +513,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf,
|
||||
}
|
||||
|
||||
if(!ssl_config->auto_client_cert) {
|
||||
flags &= ~SCH_CRED_USE_DEFAULT_CREDS;
|
||||
flags &= ~(DWORD)SCH_CRED_USE_DEFAULT_CREDS;
|
||||
flags |= SCH_CRED_NO_DEFAULT_CREDS;
|
||||
infof(data, "schannel: disabled automatic use of client certificate");
|
||||
}
|
||||
@ -950,7 +950,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf,
|
||||
tls_parameters.pDisabledCrypto = crypto_settings;
|
||||
|
||||
/* The number of blocked suites */
|
||||
tls_parameters.cDisabledCrypto = crypto_settings_idx;
|
||||
tls_parameters.cDisabledCrypto = (DWORD)crypto_settings_idx;
|
||||
credentials.pTlsParameters = &tls_parameters;
|
||||
credentials.cTlsParameters = 1;
|
||||
|
||||
@ -2595,9 +2595,7 @@ static void schannel_cleanup(void)
|
||||
|
||||
static size_t schannel_version(char *buffer, size_t size)
|
||||
{
|
||||
size = msnprintf(buffer, size, "Schannel");
|
||||
|
||||
return size;
|
||||
return msnprintf(buffer, size, "Schannel");
|
||||
}
|
||||
|
||||
static CURLcode schannel_random(struct Curl_easy *data UNUSED_PARAM,
|
||||
|
@ -448,7 +448,7 @@ static DWORD cert_get_name_string(struct Curl_easy *data,
|
||||
/* pwszDNSName is in ia5 string format and hence doesn't contain any
|
||||
* non-ascii characters. */
|
||||
while(*dns_w != '\0') {
|
||||
*current_pos++ = (char)(*dns_w++);
|
||||
*current_pos++ = (TCHAR)(*dns_w++);
|
||||
}
|
||||
*current_pos++ = '\0';
|
||||
actual_length += (DWORD)current_length;
|
||||
|
@ -420,7 +420,7 @@ static CURLcode CopyCertSubject(struct Curl_easy *data,
|
||||
size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1;
|
||||
cbuf = calloc(1, cbuf_size);
|
||||
if(cbuf) {
|
||||
if(!CFStringGetCString(c, cbuf, cbuf_size,
|
||||
if(!CFStringGetCString(c, cbuf, (CFIndex)cbuf_size,
|
||||
kCFStringEncodingUTF8)) {
|
||||
failf(data, "SSL: invalid CA certificate subject");
|
||||
result = CURLE_PEER_FAILED_VERIFICATION;
|
||||
@ -599,7 +599,8 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath,
|
||||
|
||||
if(blob) {
|
||||
pkcs_data = CFDataCreate(kCFAllocatorDefault,
|
||||
(const unsigned char *)blob->data, blob->len);
|
||||
(const unsigned char *)blob->data,
|
||||
(CFIndex)blob->len);
|
||||
status = (pkcs_data != NULL) ? errSecSuccess : errSecAllocate;
|
||||
resource_imported = (pkcs_data != NULL);
|
||||
}
|
||||
@ -607,7 +608,7 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath,
|
||||
pkcs_url =
|
||||
CFURLCreateFromFileSystemRepresentation(NULL,
|
||||
(const UInt8 *)cPath,
|
||||
strlen(cPath), false);
|
||||
(CFIndex)strlen(cPath), false);
|
||||
resource_imported =
|
||||
CFURLCreateDataAndPropertiesFromResource(NULL,
|
||||
pkcs_url, &pkcs_data,
|
||||
@ -1085,6 +1086,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
|
||||
const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob;
|
||||
char *ciphers;
|
||||
OSStatus err = noErr;
|
||||
CURLcode result;
|
||||
#if CURL_BUILD_MAC
|
||||
int darwinver_maj = 0, darwinver_min = 0;
|
||||
|
||||
@ -1150,12 +1152,10 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
|
||||
case CURL_SSLVERSION_TLSv1_1:
|
||||
case CURL_SSLVERSION_TLSv1_2:
|
||||
case CURL_SSLVERSION_TLSv1_3:
|
||||
{
|
||||
CURLcode result = set_ssl_version_min_max(cf, data);
|
||||
if(result != CURLE_OK)
|
||||
return result;
|
||||
break;
|
||||
}
|
||||
result = set_ssl_version_min_max(cf, data);
|
||||
if(result != CURLE_OK)
|
||||
return result;
|
||||
break;
|
||||
case CURL_SSLVERSION_SSLv3:
|
||||
case CURL_SSLVERSION_SSLv2:
|
||||
failf(data, "SSL versions not supported");
|
||||
@ -1187,12 +1187,10 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
|
||||
case CURL_SSLVERSION_TLSv1_1:
|
||||
case CURL_SSLVERSION_TLSv1_2:
|
||||
case CURL_SSLVERSION_TLSv1_3:
|
||||
{
|
||||
CURLcode result = set_ssl_version_min_max(cf, data);
|
||||
if(result != CURLE_OK)
|
||||
return result;
|
||||
break;
|
||||
}
|
||||
result = set_ssl_version_min_max(cf, data);
|
||||
if(result != CURLE_OK)
|
||||
return result;
|
||||
break;
|
||||
case CURL_SSLVERSION_SSLv3:
|
||||
case CURL_SSLVERSION_SSLv2:
|
||||
failf(data, "SSL versions not supported");
|
||||
@ -1306,7 +1304,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
|
||||
err = SecIdentityCopyCertificate(cert_and_key, &cert);
|
||||
if(err == noErr) {
|
||||
char *certp;
|
||||
CURLcode result = CopyCertSubject(data, cert, &certp);
|
||||
result = CopyCertSubject(data, cert, &certp);
|
||||
if(!result) {
|
||||
infof(data, "Client certificate: %s", certp);
|
||||
free(certp);
|
||||
@ -1451,14 +1449,14 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
|
||||
|
||||
ciphers = conn_config->cipher_list;
|
||||
if(ciphers) {
|
||||
err = sectransp_set_selected_ciphers(data, backend->ssl_ctx, ciphers);
|
||||
result = sectransp_set_selected_ciphers(data, backend->ssl_ctx, ciphers);
|
||||
}
|
||||
else {
|
||||
err = sectransp_set_default_ciphers(data, backend->ssl_ctx);
|
||||
result = sectransp_set_default_ciphers(data, backend->ssl_ctx);
|
||||
}
|
||||
if(err != noErr) {
|
||||
if(result != CURLE_OK) {
|
||||
failf(data, "SSL: Unable to set ciphers for SSL/TLS handshake. "
|
||||
"Error code: %d", err);
|
||||
"Error code: %d", (int)result);
|
||||
return CURLE_SSL_CIPHER;
|
||||
}
|
||||
|
||||
@ -1494,7 +1492,6 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
|
||||
/* If there isn't one, then let's make one up! This has to be done prior
|
||||
to starting the handshake. */
|
||||
else {
|
||||
CURLcode result;
|
||||
ssl_sessionid =
|
||||
aprintf("%s:%d:%d:%s:%d",
|
||||
ssl_cafile ? ssl_cafile : "(blob memory)",
|
||||
@ -1541,7 +1538,7 @@ static long pem_to_der(const char *in, unsigned char **out, size_t *outlen)
|
||||
char *sep_start, *sep_end, *cert_start, *cert_end;
|
||||
size_t i, j, err;
|
||||
size_t len;
|
||||
unsigned char *b64;
|
||||
char *b64;
|
||||
|
||||
/* Jump through the separators at the beginning of the certificate. */
|
||||
sep_start = strstr(in, "-----");
|
||||
@ -1622,16 +1619,16 @@ static int read_cert(const char *file, unsigned char **out, size_t *outlen)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int append_cert_to_array(struct Curl_easy *data,
|
||||
const unsigned char *buf, size_t buflen,
|
||||
CFMutableArrayRef array)
|
||||
static CURLcode append_cert_to_array(struct Curl_easy *data,
|
||||
const unsigned char *buf, size_t buflen,
|
||||
CFMutableArrayRef array)
|
||||
{
|
||||
char *certp;
|
||||
CURLcode result;
|
||||
SecCertificateRef cacert;
|
||||
CFDataRef certdata;
|
||||
|
||||
certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
|
||||
certdata = CFDataCreate(kCFAllocatorDefault, buf, (CFIndex)buflen);
|
||||
if(!certdata) {
|
||||
failf(data, "SSL: failed to allocate array for CA certificate");
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
@ -1668,7 +1665,8 @@ static CURLcode verify_cert_buf(struct Curl_cfilter *cf,
|
||||
const unsigned char *certbuf, size_t buflen,
|
||||
SSLContextRef ctx)
|
||||
{
|
||||
int n = 0, rc;
|
||||
int n = 0;
|
||||
CURLcode rc;
|
||||
long res;
|
||||
unsigned char *der;
|
||||
size_t derlen, offset = 0;
|
||||
@ -1871,17 +1869,17 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,
|
||||
#elif SECTRANSP_PINNEDPUBKEY_V2
|
||||
|
||||
{
|
||||
OSStatus success;
|
||||
success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL,
|
||||
&publicKeyBits);
|
||||
CFRelease(keyRef);
|
||||
if(success != errSecSuccess || !publicKeyBits)
|
||||
break;
|
||||
OSStatus success;
|
||||
success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL,
|
||||
&publicKeyBits);
|
||||
CFRelease(keyRef);
|
||||
if(success != errSecSuccess || !publicKeyBits)
|
||||
break;
|
||||
}
|
||||
|
||||
#endif /* SECTRANSP_PINNEDPUBKEY_V2 */
|
||||
|
||||
pubkeylen = CFDataGetLength(publicKeyBits);
|
||||
pubkeylen = (size_t)CFDataGetLength(publicKeyBits);
|
||||
pubkey = (unsigned char *)CFDataGetBytePtr(publicKeyBits);
|
||||
|
||||
switch(pubkeylen) {
|
||||
|
@ -1975,10 +1975,10 @@ CURLcode Curl_cf_ssl_proxy_insert_after(struct Curl_cfilter *cf_at,
|
||||
|
||||
#endif /* !CURL_DISABLE_PROXY */
|
||||
|
||||
bool Curl_ssl_supports(struct Curl_easy *data, int option)
|
||||
bool Curl_ssl_supports(struct Curl_easy *data, unsigned int ssl_option)
|
||||
{
|
||||
(void)data;
|
||||
return (Curl_ssl->supports & option)? TRUE : FALSE;
|
||||
return (Curl_ssl->supports & ssl_option)? TRUE : FALSE;
|
||||
}
|
||||
|
||||
static struct Curl_cfilter *get_ssl_filter(struct Curl_cfilter *cf)
|
||||
|
@ -203,7 +203,7 @@ CURLcode Curl_cf_ssl_proxy_insert_after(struct Curl_cfilter *cf_at,
|
||||
* Option is one of the defined SSLSUPP_* values.
|
||||
* `data` maybe NULL for the features of the default implementation.
|
||||
*/
|
||||
bool Curl_ssl_supports(struct Curl_easy *data, int ssl_option);
|
||||
bool Curl_ssl_supports(struct Curl_easy *data, unsigned int ssl_option);
|
||||
|
||||
/**
|
||||
* Get the internal ssl instance (like OpenSSL's SSL*) from the filter
|
||||
|
@ -382,7 +382,7 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf,
|
||||
/* load certificate blob */
|
||||
if(ca_info_blob) {
|
||||
if(wolfSSL_CTX_load_verify_buffer(wssl->ctx, ca_info_blob->data,
|
||||
ca_info_blob->len,
|
||||
(long)ca_info_blob->len,
|
||||
SSL_FILETYPE_PEM) != SSL_SUCCESS) {
|
||||
if(imported_native_ca) {
|
||||
infof(data, "error importing CA certificate blob, continuing anyway");
|
||||
@ -857,7 +857,8 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data)
|
||||
|
||||
result = Curl_alpn_to_proto_str(&proto, connssl->alpn);
|
||||
if(result ||
|
||||
wolfSSL_UseALPN(backend->handle, (char *)proto.data, proto.len,
|
||||
wolfSSL_UseALPN(backend->handle,
|
||||
(char *)proto.data, (unsigned int)proto.len,
|
||||
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) {
|
||||
failf(data, "SSL: failed setting ALPN protocols");
|
||||
return CURLE_SSL_CONNECT_ERROR;
|
||||
@ -1157,7 +1158,7 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data)
|
||||
}
|
||||
else {
|
||||
failf(data, "SSL_connect failed with error %d: %s", detail,
|
||||
wolfSSL_ERR_error_string(detail, error_buffer));
|
||||
wolfSSL_ERR_error_string((unsigned long)detail, error_buffer));
|
||||
return CURLE_SSL_CONNECT_ERROR;
|
||||
}
|
||||
}
|
||||
@ -1329,7 +1330,7 @@ static ssize_t wolfssl_send(struct Curl_cfilter *cf,
|
||||
}
|
||||
CURL_TRC_CF(data, cf, "wolfssl_send(len=%zu) -> %d, %d", len, rc, err);
|
||||
failf(data, "SSL write: %s, errno %d",
|
||||
wolfSSL_ERR_error_string(err, error_buffer),
|
||||
wolfSSL_ERR_error_string((unsigned long)err, error_buffer),
|
||||
SOCKERRNO);
|
||||
*curlcode = CURLE_SEND_ERROR;
|
||||
return -1;
|
||||
@ -1406,7 +1407,8 @@ static ssize_t wolfssl_recv(struct Curl_cfilter *cf,
|
||||
return -1;
|
||||
}
|
||||
failf(data, "SSL read: %s, errno %d",
|
||||
wolfSSL_ERR_error_string(err, error_buffer), SOCKERRNO);
|
||||
wolfSSL_ERR_error_string((unsigned long)err, error_buffer),
|
||||
SOCKERRNO);
|
||||
*curlcode = CURLE_RECV_ERROR;
|
||||
return -1;
|
||||
}
|
||||
|
@ -376,7 +376,7 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
|
||||
else {
|
||||
while(!result && (from < end)) {
|
||||
char buf[4]; /* decode buffer */
|
||||
int charsize = 1;
|
||||
size_t charsize = 1;
|
||||
unsigned int wc = 0;
|
||||
|
||||
switch(size) {
|
||||
@ -963,7 +963,8 @@ static int do_pubkey(struct Curl_easy *data, int certnum,
|
||||
if(ssl_push_certinfo(data, certnum, "ECC Public Key", q))
|
||||
return 1;
|
||||
}
|
||||
return do_pubkey_field(data, certnum, "ecPublicKey", pubkey);
|
||||
return do_pubkey_field(data, certnum, "ecPublicKey", pubkey) == CURLE_OK
|
||||
? 0 : 1;
|
||||
}
|
||||
|
||||
/* Get the public key (single element). */
|
||||
|
Loading…
Reference in New Issue
Block a user