Debug: fix coding in dnssec reporting. Bug 2205

[exim.git] / src / src / dane-openssl.c

diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index 62778d18f5924c053aa2a1d1ac59e267a00a5945..e48b0cb79cb39e178a5d535a6c2606b173c419a1 100644 (file)
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -2,7 +2,7 @@
  *  Author: Viktor Dukhovni
  *  License: THIS CODE IS IN THE PUBLIC DOMAIN.
  *
- * Copyright (c) The Exim Maintainers 2014 - 2016
+ * Copyright (c) The Exim Maintainers 2014 - 2017
  */
 #include <stdio.h>
 #include <string.h>
@@ -25,7 +25,7 @@
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 # define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
 #endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 # define EXIM_HAVE_ASN1_MACROS
 # define EXIM_OPAQUE_X509
 #else
@@ -84,6 +84,7 @@ typedef int CRYPTO_ONCE;
 #ifndef OPENSSL_NO_ERR
 #define        DANESSL_F_PLACEHOLDER           0               /* FIRST! Value TBD */
 static ERR_STRING_DATA dane_str_functs[] = {
+    /* error                           string */
     {DANESSL_F_PLACEHOLDER,            "DANE library"},        /* FIRST!!! */
     {DANESSL_F_ADD_SKID,               "add_skid"},
     {DANESSL_F_ADD_TLSA,               "DANESSL_add_tlsa"},
@@ -101,6 +102,7 @@ static ERR_STRING_DATA dane_str_functs[] = {
     {0,                                        NULL}
 };
 static ERR_STRING_DATA dane_str_reasons[] = {
+    /* error                           string */
     {DANESSL_R_BAD_CERT,       "Bad TLSA record certificate"},
     {DANESSL_R_BAD_CERT_PKEY,  "Bad TLSA record certificate public key"},
     {DANESSL_R_BAD_DATA_LENGTH,        "Bad TLSA record digest length"},
@@ -251,12 +253,12 @@ for (matched = 0; !matched && slist; slist = slist->next)
     {
     case DANESSL_SELECTOR_CERT:
       len = i2d_X509(cert, NULL);
-      buf2 = buf = (unsigned char *) OPENSSL_malloc(len);
+      buf2 = buf = US  OPENSSL_malloc(len);
       if(buf) i2d_X509(cert, &buf2);
       break;
     case DANESSL_SELECTOR_SPKI:
       len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
-      buf2 = buf = (unsigned char *) OPENSSL_malloc(len);
+      buf2 = buf = US  OPENSSL_malloc(len);
       if(buf) i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf2);
       break;
     }
@@ -529,7 +531,7 @@ if (dane->depth < 0)
 
 /*
  * If the TA certificate is self-issued, or need not be, use it directly.
- * Otherwise, synthesize requisuite ancestors.
+ * Otherwise, synthesize requisite ancestors.
  */
 if (  !wrap_to_root
    || X509_check_issued(tacert, tacert) == X509_V_OK)
@@ -667,7 +669,7 @@ for (n = sk_X509_num(in); n > 0; --n, ++depth)
     {
     if (grow_chain(dane, UNTRUSTED, ca))
       {
-      if (!X509_check_issued(ca, ca) == X509_V_OK)
+      if (X509_check_issued(ca, ca) != X509_V_OK)
        {
        /* Restart with issuer as subject */
        cert = ca;
@@ -822,7 +824,7 @@ if (gn->type != GEN_DNS)
   return 0;
 if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING)
   return 0;
-return check_name((const char *) ASN1_STRING_get0_data(gn->d.ia5),
+return check_name(CCS  ASN1_STRING_get0_data(gn->d.ia5),
                  ASN1_STRING_length(gn->d.ia5));
 }
 
@@ -846,12 +848,12 @@ if (!(entry_str = X509_NAME_ENTRY_get_data(entry)))
 
 if ((len = ASN1_STRING_to_UTF8(&namebuf, entry_str)) < 0)
   return 0;
-if (len <= 0 || check_name((char *) namebuf, len) == 0)
+if (len <= 0 || check_name(CS  namebuf, len) == 0)
   {
   OPENSSL_free(namebuf);
   return 0;
   }
-return (char *) namebuf;
+return CS  namebuf;
 }
 
 static int
@@ -1658,7 +1660,7 @@ dane_idx = SSL_get_ex_new_index(0, 0, 0, 0, 0);
 }
 
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 static void
 run_once(volatile int * once, void (*init)(void))
 {