@@ -118,16 +118,10 @@
return nid == NID_subject_alt_name || nid == NID_issuer_alt_name;
}
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wsign-compare"
-#endif
-
static bool
extract_x509_extension(X509 *cert, char *fieldname, char *out, size_t size)
{
bool retval = false;
- char *buf = 0;
if (!x509_username_field_ext_supported(fieldname))
{
@@ -139,29 +133,28 @@
GENERAL_NAMES *extensions = X509_get_ext_d2i(cert, nid, NULL, NULL);
if (extensions)
{
- int numalts;
- int i;
/* get amount of alternatives,
* RFC2459 claims there MUST be at least
* one, but we don't depend on it...
*/
- numalts = sk_GENERAL_NAME_num(extensions);
+ int numalts = sk_GENERAL_NAME_num(extensions);
/* loop through all alternatives */
- for (i = 0; i < numalts; i++)
+ for (int i = 0; i < numalts; i++)
{
/* get a handle to alternative name number i */
const GENERAL_NAME *name = sk_GENERAL_NAME_value(extensions, i);
+ char *buf = NULL;
switch (name->type)
{
case GEN_EMAIL:
- if (ASN1_STRING_to_UTF8((unsigned char **)&buf, name->d.ia5) < 0)
+ if (ASN1_STRING_to_UTF8((unsigned char **)&buf, name->d.rfc822Name) < 0)
{
continue;
}
- if (strlen(buf) != name->d.ia5->length)
+ if ((ssize_t)strlen(buf) != ASN1_STRING_length(name->d.rfc822Name))
{
msg(D_TLS_ERRORS, "ASN1 ERROR: string contained terminating zero");
OPENSSL_free(buf);
@@ -175,7 +168,7 @@
break;
default:
- msg(D_TLS_DEBUG, "%s: ignoring general name field type %i", __func__,
+ msg(D_TLS_DEBUG, "%s: ignoring general name field type %d", __func__,
name->type);
break;
}
@@ -185,10 +178,6 @@
return retval;
}
-#if defined(__GNUC__) || defined(__clang__)
-#pragma GCC diagnostic pop
-#endif
-
/*
* Extract a field from an X509 subject name.
*