@@ -, +, @@ --- src/http.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/src/http.c +++ a/src/http.c @@ -214,6 +214,7 @@ static const char *op_parse_file_url(const char *_src){ # include # include # include +# include # include "winerrno.h" typedef SOCKET op_sock; @@ -338,6 +339,7 @@ int SSL_CTX_set_default_verify_paths_win32(SSL_CTX *_ssl_ctx); # include # include # include +# include typedef int op_sock; @@ -1520,6 +1522,7 @@ static long op_bio_retry_ctrl(BIO *_b,int _cmd,long _num,void *_ptr){ # if OPENSSL_VERSION_NUMBER<0x10100000L # define BIO_set_data(_b,_ptr) ((_b)->ptr=(_ptr)) # define BIO_set_init(_b,_init) ((_b)->init=(_init)) +# define ASN1_STRING_get0_data ASN1_STRING_data # endif static int op_bio_retry_new(BIO *_b){ @@ -1620,7 +1623,7 @@ static int op_http_hostname_match(const char *_host,size_t _host_len, size_t pattern_label_len; size_t pattern_prefix_len; size_t pattern_suffix_len; - pattern=(const char *)ASN1_STRING_data(_pattern); + pattern=(const char *)ASN1_STRING_get0_data(_pattern); pattern_len=strlen(pattern); /*Check the pattern for embedded NULs.*/ if(OP_UNLIKELY(pattern_len!=(size_t)ASN1_STRING_length(_pattern)))return 0; @@ -1790,7 +1793,7 @@ static int op_http_verify_hostname(OpusHTTPStream *_stream,SSL *_ssl_conn){ } } else if(name->type==GEN_IPADD){ - unsigned char *cert_ip; + unsigned const char *cert_ip; /*If we do have an IP address, compare it directly. RFC 6125: "When the reference identity is an IP address, the identity MUST be converted to the 'network byte order' octet string @@ -1803,7 +1806,7 @@ static int op_http_verify_hostname(OpusHTTPStream *_stream,SSL *_ssl_conn){ type iPAddress. A match occurs if the reference identity octet string and the value octet strings are identical."*/ - cert_ip=ASN1_STRING_data(name->d.iPAddress); + cert_ip=ASN1_STRING_get0_data(name->d.iPAddress); if(ip_len==ASN1_STRING_length(name->d.iPAddress) &&memcmp(ip,cert_ip,ip_len)==0){ ret=1; --