diff --git a/apps/apps.c b/apps/apps.c
index 188b2373aa0a05a1e78c86991ef7c4cc948e3506..4eb322afbbf36ddfdf3dceb9a149c5754b98ebdb 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2388,7 +2388,8 @@ int args_verify(char ***pargs, int *pargc,
char *arg = **pargs, *argn = (*pargs)[1];
const X509_VERIFY_PARAM *vpm = NULL;
time_t at_time = 0;
- const unsigned char *hostname = NULL, *email = NULL;
+ char *hostname = NULL;
+ char *email = NULL;
char *ipasc = NULL;
if (!strcmp(arg, "-policy"))
{
@@ -2482,14 +2483,14 @@ int args_verify(char ***pargs, int *pargc,
{
if (!argn)
*badarg = 1;
- hostname = (unsigned char *)argn;
+ hostname = argn;
(*pargs)++;
}
else if (strcmp(arg,"-verify_email") == 0)
{
if (!argn)
*badarg = 1;
- email = (unsigned char *)argn;
+ email = argn;
(*pargs)++;
}
else if (strcmp(arg,"-verify_ip") == 0)
@@ -2960,8 +2961,8 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
#endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
- const unsigned char *checkhost,
- const unsigned char *checkemail,
+ const char *checkhost,
+ const char *checkemail,
const char *checkip)
{
if (x == NULL)
diff --git a/apps/apps.h b/apps/apps.h
index b4a9b49ce7f794d8ebc83a1e86264e2812c719ad..bb076996bf7fd1102819d8ca78517ef387852008 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -342,8 +342,8 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
#endif /* ndef OPENSSL_NO_TLSEXT */
void print_cert_checks(BIO *bio, X509 *x,
- const unsigned char *checkhost,
- const unsigned char *checkemail,
+ const char *checkhost,
+ const char *checkemail,
const char *checkip);
void store_setup_crl_download(X509_STORE *st);
diff --git a/apps/x509.c b/apps/x509.c
index 1b612d17d41d01ebbfd921654b12dac664225563..3bb261010f9a6f10d0401603211ab74ac89be474 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -214,7 +214,8 @@ int MAIN(int argc, char **argv)
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0, certflag = 0;
- unsigned char *checkhost = NULL, *checkemail = NULL;
+ char *checkhost = NULL;
+ char *checkemail = NULL;
char *checkip = NULL;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
@@ -474,12 +475,12 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-checkhost") == 0)
{
if (--argc < 1) goto bad;
- checkhost=(unsigned char *)*(++argv);
+ checkhost=*(++argv);
}
else if (strcmp(*argv,"-checkemail") == 0)
{
if (--argc < 1) goto bad;
- checkemail=(unsigned char *)*(++argv);
+ checkemail=*(++argv);
}
else if (strcmp(*argv,"-checkip") == 0)
{
diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
index 8350929d7e44f1a37bdb884fcad6ad80b6cb283f..18611d57932188e9ba2dec9d34a918cd816d5758 100644
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -63,7 +63,7 @@ struct X509_VERIFY_PARAM_ID_st
STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
unsigned int hostflags; /* Flags to control matching features */
char *peername; /* Matching hostname in peer certificate */
- unsigned char *email; /* If not NULL email address to match */
+ char *email; /* If not NULL email address to match */
size_t emaillen;
unsigned char *ip; /* If not NULL IP address to match */
size_t iplen; /* Length of IP address */
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 7e2916ce09cb592db234f0e3ea6e824c77cf2d29..0ec5ca8a0211b05e82df0bac09cdbfabd427cdbd 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -747,11 +747,11 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
{
int i;
int n = sk_OPENSSL_STRING_num(id->hosts);
- unsigned char *name;
+ char *name;
for (i = 0; i < n; ++i)
{
- name = (unsigned char *)sk_OPENSSL_STRING_value(id->hosts, i);
+ name = sk_OPENSSL_STRING_value(id->hosts, i);
if (X509_check_host(x, name, 0, id->hostflags,
&id->peername) > 0)
return 1;
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 47b1055ed215eb8d119745686b4eb9bc47956391..8a6f10dec2b2b9305793e8104fcd5425e5c856d2 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -559,14 +559,14 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
STACK_OF(ASN1_OBJECT) *policies);
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
- const unsigned char *name, size_t namelen);
+ const char *name, size_t namelen);
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
- const unsigned char *name, size_t namelen);
+ const char *name, size_t namelen);
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned int flags);
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
- const unsigned char *email, size_t emaillen);
+ const char *email, size_t emaillen);
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
const unsigned char *ip, size_t iplen);
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 2a0a774c8f054b4fc6952830929e1e7385bc5d00..a809219ba38fbc45c9189c097d2e375fc23ce63e 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -78,7 +78,7 @@ static void str_free(char *s) { OPENSSL_free(s); }
#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)
static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
- const unsigned char *name, size_t namelen)
+ const char *name, size_t namelen)
{
char *copy;
@@ -87,7 +87,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
* XXX: Do we need to push an error onto the error stack?
*/
if (namelen == 0)
- namelen = name ? strlen((char *)name) : 0;
+ namelen = name ? strlen(name) : 0;
else if (name && memchr(name, '\0', namelen > 1 ? namelen-1 : namelen))
return 0;
if (name && name[namelen-1] == '\0')
@@ -101,7 +101,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
if (name == NULL || namelen == 0)
return 1;
- copy = BUF_strndup((char *)name, namelen);
+ copy = BUF_strndup(name, namelen);
if (copy == NULL)
return 0;
@@ -338,16 +338,16 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
return ret;
}
-static int int_x509_param_set1(unsigned char **pdest, size_t *pdestlen,
- const unsigned char *src, size_t srclen)
+static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+ const char *src, size_t srclen)
{
void *tmp;
if (src)
{
if (srclen == 0)
{
- tmp = BUF_strdup((char *)src);
- srclen = strlen((char *)src);
+ tmp = BUF_strdup(src);
+ srclen = strlen(src);
}
else
tmp = BUF_memdup(src, srclen);
@@ -467,13 +467,13 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
}
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
- const unsigned char *name, size_t namelen)
+ const char *name, size_t namelen)
{
return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen);
}
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
- const unsigned char *name, size_t namelen)
+ const char *name, size_t namelen)
{
return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen);
}
@@ -490,7 +490,7 @@ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
}
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
- const unsigned char *email, size_t emaillen)
+ const char *email, size_t emaillen)
{
return int_x509_param_set1(¶m->id->email, ¶m->id->emaillen,
email, emaillen);
@@ -501,17 +501,19 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
{
if (iplen != 0 && iplen != 4 && iplen != 16)
return 0;
- return int_x509_param_set1(¶m->id->ip, ¶m->id->iplen, ip, iplen);
+ return int_x509_param_set1((char **)¶m->id->ip, ¶m->id->iplen,
+ (char *)ip, iplen);
}
int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
{
unsigned char ipout[16];
- int iplen;
- iplen = a2i_ipadd(ipout, ipasc);
+ size_t iplen;
+
+ iplen = (size_t) a2i_ipadd(ipout, ipasc);
if (iplen == 0)
return 0;
- return X509_VERIFY_PARAM_set1_ip(param, ipout, (size_t)iplen);
+ return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
}
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 981e6020371547d09f6833331bc8b219d6910785..75efd9912aef29f5bd23402507b8441526210231 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -852,8 +852,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
*/
static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
- unsigned int flags,
- const unsigned char *b, size_t blen,
+ unsigned int flags, const char *b, size_t blen,
char **peername)
{
int rv = 0;
@@ -865,7 +864,8 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
if (cmp_type != a->type)
return 0;
if (cmp_type == V_ASN1_IA5STRING)
- rv = equal(a->data, a->length, b, blen, flags);
+ rv = equal(a->data, a->length,
+ (unsigned char *)b, blen, flags);
else if (a->length == (int)blen && !memcmp(a->data, b, blen))
rv = 1;
if (rv > 0 && peername)
@@ -878,7 +878,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
astrlen = ASN1_STRING_to_UTF8(&astr, a);
if (astrlen < 0)
return -1;
- rv = equal(astr, astrlen, b, blen, flags);
+ rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
OPENSSL_free(astr);
if (rv > 0 && peername)
*peername = BUF_strndup((char *)astr, astrlen);
@@ -886,7 +886,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
return rv;
}
-static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
+static int do_x509_check(X509 *x, const char *chk, size_t chklen,
unsigned int flags, int check_type,
char **peername)
{
@@ -927,7 +927,7 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
}
if (chklen == 0)
- chklen = strlen((const char *)chk);
+ chklen = strlen(chk);
gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
if (gens)
@@ -975,8 +975,8 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
return 0;
}
-int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
- unsigned int flags, char **peername)
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+ unsigned int flags, char **peername)
{
if (chk == NULL)
return -2;
@@ -986,7 +986,7 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
* NUL in string length).
*/
if (chklen == 0)
- chklen = strlen((char *)chk);
+ chklen = strlen(chk);
else if (memchr(chk, '\0', chklen > 1 ? chklen-1 : chklen))
return -2;
if (chklen > 1 && chk[chklen-1] == '\0')
@@ -994,8 +994,8 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
}
-int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
- unsigned int flags)
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+ unsigned int flags)
{
if (chk == NULL)
return -2;
@@ -1018,19 +1018,20 @@ int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
{
if (chk == NULL)
return -2;
- return do_x509_check(x, chk, chklen, flags, GEN_IPADD, NULL);
+ return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
}
int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
{
unsigned char ipout[16];
- int iplen;
+ size_t iplen;
+
if (ipasc == NULL)
return -2;
- iplen = a2i_ipadd(ipout, ipasc);
+ iplen = (size_t) a2i_ipadd(ipout, ipasc);
if (iplen == 0)
return -2;
- return do_x509_check(x, ipout, (size_t)iplen, flags, GEN_IPADD, NULL);
+ return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
}
/* Convert IP addresses both IPv4 and IPv6 into an
diff --git a/crypto/x509v3/v3nametest.c b/crypto/x509v3/v3nametest.c
index fc84b27c4117825147d9e3a9fc676fa2551cb1e1..dd5f9f8c42b2824631745a0146f5aaf2cad41fe1 100644
--- a/crypto/x509v3/v3nametest.c
+++ b/crypto/x509v3/v3nametest.c
@@ -275,8 +275,7 @@ static void run_cert(X509 *crt, const char *nameincert,
int match, ret;
memcpy(name, *pname, namelen);
- ret = X509_check_host(crt, (const unsigned char *)name,
- namelen, 0, NULL);
+ ret = X509_check_host(crt, name, namelen, 0, NULL);
match = -1;
if (ret < 0)
{
@@ -294,9 +293,8 @@ static void run_cert(X509 *crt, const char *nameincert,
match = 1;
check_message(fn, "host", nameincert, match, *pname);
- ret = X509_check_host(crt, (const unsigned char *)name,
- namelen, X509_CHECK_FLAG_NO_WILDCARDS,
- NULL);
+ ret = X509_check_host(crt, name, namelen,
+ X509_CHECK_FLAG_NO_WILDCARDS, NULL);
match = -1;
if (ret < 0)
{
@@ -315,8 +313,7 @@ static void run_cert(X509 *crt, const char *nameincert,
check_message(fn, "host-no-wildcards",
nameincert, match, *pname);
- ret = X509_check_email(crt, (const unsigned char *)name,
- namelen, 0);
+ ret = X509_check_email(crt, name, namelen, 0);
match = -1;
if (fn->email)
{
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 971bc3084e9b976ec217435af701c12b147125d6..4e5daa842cacf3661501463d7a75b134226e78ac 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -719,9 +719,9 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
*/
#define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
-int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
unsigned int flags, char **peername);
-int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
unsigned int flags);
int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
unsigned int flags);
diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index f22dd80a9c7882195ef96102226ed8a5ea09d236..347d48dfec0ab75af04789f6f31c2508a81995db 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -27,18 +27,17 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
- const unsigned char *name, size_t namelen);
+ const char *name, size_t namelen);
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
- const unsigned char *name, size_t namelen);
+ const char *name, size_t namelen);
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
unsigned int flags);
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
- const unsigned char *email, size_t emaillen);
+ const char *email, size_t emaillen);
int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
const unsigned char *ip, size_t iplen);
- int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
- const char *ipasc);
+ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);
=head1 DESCRIPTION
diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod
index 87ea54303af521a41f87a00fb2bb497cd2581714..56ea38de2f4edc499b901cbac36b51243cda0e8e 100644
--- a/doc/crypto/X509_check_host.pod
+++ b/doc/crypto/X509_check_host.pod
@@ -8,12 +8,12 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert
#include <openssl/x509.h>
- int X509_check_host(X509 *, const unsigned char *name,
- size_t namelen, unsigned int flags, char **peername);
- int X509_check_email(X509 *, const unsigned char *address,
- size_t addresslen, unsigned int flags);
- int X509_check_ip(X509 *, const unsigned char *address,
- size_t addresslen, unsigned int flags);
+ int X509_check_host(X509 *, const char *name, size_t namelen,
+ unsigned int flags, char **peername);
+ int X509_check_email(X509 *, const char *address, size_t addresslen,
+ unsigned int flags);
+ int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen,
+ unsigned int flags);
int X509_check_ip_asc(X509 *, const char *address, unsigned int flags);
=head1 DESCRIPTION