Unverified Commit 16a3307e authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

openssl: fix the SSL_get_tlsext_status_ocsp_resp call 

.... to not pass in a const in the second argument as that's not how it
is supposed to be used and might cause compiler warnings.

Reported-by: Pavel Pavlov
Fixes #3477
Closes #3478
parent 2fa0d57e

lib/vtls/openssl.c

+4 −3
Original line number Original line Diff line number Diff line
@@ -1692,6 +1692,7 @@ static CURLcode verifystatus(struct connectdata *conn, 
                             struct ssl_connect_data *connssl)

                             struct ssl_connect_data *connssl)

{

{

  int i, ocsp_status;

  int i, ocsp_status;

  unsigned char *status;

  const unsigned char *p;

  const unsigned char *p;

  CURLcode result = CURLE_OK;

  CURLcode result = CURLE_OK;

  struct Curl_easy *data = conn->data;

  struct Curl_easy *data = conn->data;
@@ -1701,14 +1702,14 @@ static CURLcode verifystatus(struct connectdata *conn, 
  X509_STORE     *st = NULL;

  X509_STORE     *st = NULL;

  STACK_OF(X509) *ch = NULL;

  STACK_OF(X509) *ch = NULL;





  long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &p);

  long len = SSL_get_tlsext_status_ocsp_resp(BACKEND->handle, &status);





  if(!p) {

  if(!status) {

    failf(data, "No OCSP response received");

    failf(data, "No OCSP response received");

    result = CURLE_SSL_INVALIDCERTSTATUS;

    result = CURLE_SSL_INVALIDCERTSTATUS;

    goto end;

    goto end;

  }

  }



  p = status;

  rsp = d2i_OCSP_RESPONSE(NULL, &p, len);

  rsp = d2i_OCSP_RESPONSE(NULL, &p, len);

  if(!rsp) {

  if(!rsp) {

    failf(data, "Invalid OCSP response");

    failf(data, "Invalid OCSP response");