moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 14:35:03 -05:00
Code Issues Releases Wiki Activity

openssl: fix the SSL_get_tlsext_status_ocsp_resp call

Browse Source 
.... to not pass in a const in the second argument as that's not how it
is supposed to be used and might cause compiler warnings.

Reported-by: Pavel Pavlov
Fixes #3477
Closes #3478
This commit is contained in:
Daniel Stenberg 2019-01-15 23:57:25 +01:00
parent 2fa0d57e2e
commit 16a3307e81
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/vtls/openssl.c
View File

@ -1692,6 +1692,7 @@ static CURLcode verifystatus(struct connectdata *conn,
struct ssl_connect_data *connssl)
{
int i, ocsp_status;
unsigned char *status;
const unsigned char *p;
CURLcode result = CURLE_OK;
struct Curl_easy *data = conn->data;
@ -1701,14 +1702,14 @@ static CURLcode verifystatus(struct connectdata *conn,
X509_STORE *st = NULL;
STACK_OF(X509) *ch = NULL;
long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p);
long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status);
if(!p) {
if(!status) {
failf(data, "No OCSP response received");
result = CURLE_SSL_INVALIDCERTSTATUS;
goto end;
}
p = status;
rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
if(!rsp) {
failf(data, "Invalid OCSP response");