49 lines
1.4 KiB
Diff
49 lines
1.4 KiB
Diff
From 16a3307e813fa82776dc265201ffc7dac1c842a7 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Stenberg <daniel@haxx.se>
|
|
Date: Tue, 15 Jan 2019 23:57:25 +0100
|
|
Subject: [PATCH 451/557] openssl: fix the SSL_get_tlsext_status_ocsp_resp call
|
|
|
|
.... to not pass in a const in the second argument as that's not how it
|
|
is supposed to be used and might cause compiler warnings.
|
|
|
|
Reported-by: Pavel Pavlov
|
|
Fixes #3477
|
|
Closes #3478
|
|
---
|
|
lib/vtls/openssl.c | 7 ++++---
|
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
|
|
index 45e72d6..9d11b89 100644
|
|
--- a/lib/vtls/openssl.c
|
|
+++ b/lib/vtls/openssl.c
|
|
@@ -1692,6 +1692,7 @@ static CURLcode verifystatus(struct connectdata *conn,
|
|
struct ssl_connect_data *connssl)
|
|
{
|
|
int i, ocsp_status;
|
|
+ unsigned char *status;
|
|
const unsigned char *p;
|
|
CURLcode result = CURLE_OK;
|
|
struct Curl_easy *data = conn->data;
|
|
@@ -1701,14 +1702,14 @@ static CURLcode verifystatus(struct connectdata *conn,
|
|
X509_STORE *st = NULL;
|
|
STACK_OF(X509) *ch = NULL;
|
|
|
|
- long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p);
|
|
+ long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status);
|
|
|
|
- if(!p) {
|
|
+ if(!status) {
|
|
failf(data, "No OCSP response received");
|
|
result = CURLE_SSL_INVALIDCERTSTATUS;
|
|
goto end;
|
|
}
|
|
-
|
|
+ p = status;
|
|
rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
|
|
if(!rsp) {
|
|
failf(data, "Invalid OCSP response");
|
|
--
|
|
1.8.3.1
|
|
|