Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 39436 invoked from network); 23 Jul 2006 17:54:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 23 Jul 2006 17:54:56 -0000 Received: (qmail 5200 invoked by uid 500); 23 Jul 2006 17:54:50 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 4666 invoked by uid 500); 23 Jul 2006 17:54:49 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 4655 invoked by uid 99); 23 Jul 2006 17:54:49 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 23 Jul 2006 10:54:49 -0700 X-ASF-Spam-Status: No, hits=1.4 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: 217.155.92.109 is neither permitted nor denied by domain of ben@algroup.co.uk) Received: from [217.155.92.109] (HELO mail.links.org) (217.155.92.109) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 23 Jul 2006 10:54:48 -0700 Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id A9F7233C1A for ; Sun, 23 Jul 2006 18:54:26 +0100 (BST) Message-ID: <44C3B7D9.7050201@algroup.co.uk> Date: Sun, 23 Jul 2006 18:54:33 +0100 From: Ben Laurie User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060516 Thunderbird/1.5.0.4 Mnenhy/0.7.4.0 MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: svn commit: r424584 - in /httpd/httpd/branches/2.2.x/modules/ssl: mod_ssl.c ssl_engine_config.c ssl_engine_init.c ssl_engine_pphrase.c ssl_private.h ssl_util.c References: <20060722142745.A05B51A981A@eris.apache.org> <20060723093125.GA19423@redhat.com> <44C36728.7050903@algroup.co.uk> <44C374E4.7020002@apache.org> In-Reply-To: <44C374E4.7020002@apache.org> X-Enigmail-Version: 0.93.0.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Ruediger Pluem wrote: > > On 07/23/2006 02:10 PM, Ben Laurie wrote: >> Joe Orton wrote: > >> >>> - use APR apr_file_* not ANSI C fopen, >> >> I need a FILE *. > > Maybe you could use BIO_new_file / PEM_read_bio_PKCS7 as it is done in similar > situations in other places of mod_ssl. Why? >>> - the server doesn't even start up (without the new stuff configured): >>> >>> [Sun Jul 23 10:25:14 2006] [info] Loading certificate & private key of SSL-aware server >>> [Sun Jul 23 10:25:14 2006] [error] Can't open \x80\x94| >> >> Hmmm. Can't reproduce this (on the trunk). > > This is pure luck. You should init pkcs7 to NULL in modssl_ctx_init as done for the other > elements of this struct. Sure. You are allowed to just commit the fix, you know? >>> - fix the compiler warning (and perhaps hence the above): >>> >>> ssl_util.c: In function 'ssl_read_pkcs7': >>> ssl_util.c:271: warning: 'certs' may be used uninitialized in this function >> >> This won't fix the above. certs is actually only uninitialized if death >> is about to occur. > > Then please do > > STACK_OF(X509) *certs = NULL; > > instead of > > STACK_OF(X509) *certs; I am aware of how to fix it (and, indeed, have done so), I'm just pointing out that it won't fix the problem. BTW, it would be nice to be able to run -Wall -Werror, as I normally do, but it seems there's code in the repo that doesn't survive that test. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff