X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/4c04137d73637107669e02b21f890387aaa2ef34..3c4f5ec5cb933fa4f414ad5b11f7321c5e16fed6:/src/src/dane-openssl.c

diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index aa4760b94..e48b0cb79 100644
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -2,7 +2,7 @@
  *  Author: Viktor Dukhovni
  *  License: THIS CODE IS IN THE PUBLIC DOMAIN.
  *
- * Copyright (c) The Exim Maintainers 2014 - 2016
+ * Copyright (c) The Exim Maintainers 2014 - 2017
  */
 #include <stdio.h>
 #include <string.h>
@@ -25,7 +25,7 @@
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 # define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
 #endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 # define EXIM_HAVE_ASN1_MACROS
 # define EXIM_OPAQUE_X509
 #else
@@ -84,6 +84,7 @@ typedef int CRYPTO_ONCE;
 #ifndef OPENSSL_NO_ERR
 #define	DANESSL_F_PLACEHOLDER		0		/* FIRST! Value TBD */
 static ERR_STRING_DATA dane_str_functs[] = {
+    /*	error				string */
     {DANESSL_F_PLACEHOLDER,		"DANE library"},	/* FIRST!!! */
     {DANESSL_F_ADD_SKID,		"add_skid"},
     {DANESSL_F_ADD_TLSA,		"DANESSL_add_tlsa"},
@@ -101,6 +102,7 @@ static ERR_STRING_DATA dane_str_functs[] = {
     {0,					NULL}
 };
 static ERR_STRING_DATA dane_str_reasons[] = {
+    /*	error				string */
     {DANESSL_R_BAD_CERT,	"Bad TLSA record certificate"},
     {DANESSL_R_BAD_CERT_PKEY,	"Bad TLSA record certificate public key"},
     {DANESSL_R_BAD_DATA_LENGTH,	"Bad TLSA record digest length"},
@@ -251,12 +253,12 @@ for (matched = 0; !matched && slist; slist = slist->next)
     {
     case DANESSL_SELECTOR_CERT:
       len = i2d_X509(cert, NULL);
-      buf2 = buf = (unsigned char *) OPENSSL_malloc(len);
+      buf2 = buf = US  OPENSSL_malloc(len);
       if(buf) i2d_X509(cert, &buf2);
       break;
     case DANESSL_SELECTOR_SPKI:
       len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
-      buf2 = buf = (unsigned char *) OPENSSL_malloc(len);
+      buf2 = buf = US  OPENSSL_malloc(len);
       if(buf) i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf2);
       break;
     }
@@ -667,7 +669,7 @@ for (n = sk_X509_num(in); n > 0; --n, ++depth)
     {
     if (grow_chain(dane, UNTRUSTED, ca))
       {
-      if (!X509_check_issued(ca, ca) == X509_V_OK)
+      if (X509_check_issued(ca, ca) != X509_V_OK)
 	{
 	/* Restart with issuer as subject */
 	cert = ca;
@@ -822,7 +824,7 @@ if (gn->type != GEN_DNS)
   return 0;
 if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING)
   return 0;
-return check_name((const char *) ASN1_STRING_get0_data(gn->d.ia5),
+return check_name(CCS  ASN1_STRING_get0_data(gn->d.ia5),
 		  ASN1_STRING_length(gn->d.ia5));
 }
 
@@ -846,12 +848,12 @@ if (!(entry_str = X509_NAME_ENTRY_get_data(entry)))
 
 if ((len = ASN1_STRING_to_UTF8(&namebuf, entry_str)) < 0)
   return 0;
-if (len <= 0 || check_name((char *) namebuf, len) == 0)
+if (len <= 0 || check_name(CS  namebuf, len) == 0)
   {
   OPENSSL_free(namebuf);
   return 0;
   }
-return (char *) namebuf;
+return CS  namebuf;
 }
 
 static int
@@ -1658,7 +1660,7 @@ dane_idx = SSL_get_ex_new_index(0, 0, 0, 0, 0);
 }
 
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 static void
 run_once(volatile int * once, void (*init)(void))
 {