Skip to content

Commit

Permalink
tls: avoid some clang warnings
Browse files Browse the repository at this point in the history
  • Loading branch information
cspiel1 committed Nov 16, 2022
1 parent b2a8f82 commit 3ab50cc
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 3 deletions.
12 changes: 10 additions & 2 deletions src/tls/openssl/tls.c
Original file line number Diff line number Diff line change
Expand Up @@ -1953,6 +1953,9 @@ int bio_sni_from_client_hello(BIO *bio, struct pl *sni)

/* Server Name length */
err = pl_bin_u16(&sniext, &sn_len);
if (err)
return err;

if (sn_len >= TLSEXT_MAXLEN_host_name)
return EINVAL;

Expand Down Expand Up @@ -2112,6 +2115,7 @@ struct tls_cert *tls_cert_for_sni(const struct tls *tls, const struct pl *sni)
{
struct tls_cert *tls_cert = NULL;
struct le *le;
int sz;
char *cn;

if (!tls || !list_head(&tls->certs))
Expand All @@ -2120,7 +2124,11 @@ struct tls_cert *tls_cert_for_sni(const struct tls *tls, const struct pl *sni)
if (!pl_isset(sni))
return list_head(&tls->certs)->data;

cn = mem_zalloc(sni->l + 1, NULL);
if (sni->l >= TLSEXT_MAXLEN_host_name)
return NULL;

sz = (int) sni->l + 1;
cn = mem_zalloc(sz, NULL);
LIST_FOREACH(&tls->certs, le) {
X509 *x509;
X509_NAME *nm;
Expand All @@ -2135,7 +2143,7 @@ struct tls_cert *tls_cert_for_sni(const struct tls *tls, const struct pl *sni)
}

nm = X509_get_subject_name(x509);
X509_NAME_get_text_by_NID(nm, NID_commonName, cn, sni->l + 1);
X509_NAME_get_text_by_NID(nm, NID_commonName, cn, sz);
if (!pl_strcmp(sni, cn))
break;

Expand Down
2 changes: 1 addition & 1 deletion src/tls/openssl/tls_tcp.c
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ static bool estab_handler(int *err, bool active, void *arg)
static int tls_use_cert(struct tls_conn *tc, struct tls_cert *uc)
{
int err;
int r;
long r;

#if !defined(LIBRESSL_VERSION_NUMBER)
SSL_certs_clear(tc->ssl);
Expand Down

0 comments on commit 3ab50cc

Please sign in to comment.