httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: svn commit: r424584 - in /httpd/httpd/branches/2.2.x/modules/ssl: mod_ssl.c ssl_engine_config.c ssl_engine_init.c ssl_engine_pphrase.c ssl_private.h ssl_util.c
Date Sun, 23 Jul 2006 17:54:33 GMT
Ruediger Pluem wrote:
> 
> On 07/23/2006 02:10 PM, Ben Laurie wrote:
>> Joe Orton wrote:
> 
>>
>>> - use APR apr_file_* not ANSI C fopen,
>>
>> I need a FILE *.
> 
> Maybe you could use BIO_new_file / PEM_read_bio_PKCS7 as it is done in similar
> situations in other places of mod_ssl.

Why?

>>> - the server doesn't even start up (without the new stuff configured):
>>>
>>> [Sun Jul 23 10:25:14 2006] [info] Loading certificate & private key of SSL-aware
server
>>> [Sun Jul 23 10:25:14 2006] [error] Can't open \x80\x94|
>>
>> Hmmm. Can't reproduce this (on the trunk).
> 
> This is pure luck. You should init pkcs7 to NULL in modssl_ctx_init as done for the other
> elements of this struct.

Sure. You are allowed to just commit the fix, you know?

>>> - fix the compiler warning (and perhaps hence the above):
>>>
>>> ssl_util.c: In function 'ssl_read_pkcs7':
>>> ssl_util.c:271: warning: 'certs' may be used uninitialized in this function
>>
>> This won't fix the above. certs is actually only uninitialized if death
>> is about to occur.
> 
> Then please do
> 
>     STACK_OF(X509) *certs = NULL;
> 
> instead of
> 
>     STACK_OF(X509) *certs;

I am aware of how to fix it (and, indeed, have done so), I'm just
pointing out that it won't fix the problem.

BTW, it would be nice to be able to run -Wall -Werror, as I normally do,
but it seems there's code in the repo that doesn't survive that test.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Mime
View raw message