ssl_verify: Change backend_x509_* functions to size_t for lengths

author Frank Lichtenheld <frank@lichtenheld.com>

Mon, 22 Sep 2025 20:43:23 +0000 (22:43 +0200)

committer Gert Doering <gert@greenie.muc.de>

Tue, 23 Sep 2025 09:17:27 +0000 (11:17 +0200)
author Frank Lichtenheld <frank@lichtenheld.com>
Mon, 22 Sep 2025 20:43:23 +0000 (22:43 +0200)
committer Gert Doering <gert@greenie.muc.de>
Tue, 23 Sep 2025 09:17:27 +0000 (11:17 +0200)
diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h

index ceaef3f8cd6d8b991f87300cb0a94de9246a8779..1d5653389e9eaa26765fc347dc08a573419fa797 100644 (file)
--- a/src/openvpn/ssl_verify_backend.h
+++ b/src/openvpn/ssl_verify_backend.h
@@ -123,7 +123,7 @@ struct buffer x509_get_sha256_fingerprint(openvpn_x509_cert_t *cert, struct gc_a
   *
   * @return              \c FAILURE, \c or SUCCESS
   */
-result_t backend_x509_get_username(char *common_name, int cn_len, char *x509_username_field,
+result_t backend_x509_get_username(char *common_name, size_t cn_len, char *x509_username_field,
                                     openvpn_x509_cert_t *peer_cert);
  
  #ifdef ENABLE_X509ALTUSERNAME
diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c

index 61f64afc845780966f203e6af3c481191d263e24..c92eaf17b0de0effc8ce5c0313a8cd9fd6de214a 100644 (file)
--- a/src/openvpn/ssl_verify_mbedtls.c
+++ b/src/openvpn/ssl_verify_mbedtls.c
@@ -128,7 +128,7 @@ verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint3
  #endif
  
  result_t
-backend_x509_get_username(char *cn, int cn_len, char *x509_username_field, mbedtls_x509_crt *cert)
+backend_x509_get_username(char *cn, size_t cn_len, char *x509_username_field, mbedtls_x509_crt *cert)
  {
      mbedtls_x509_name *name;
  
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c

index 9cd2418d20c53a63b6cc690297ad788725da11d4..7a7b21ec970becc68a194c337dfacf269609db0a 100644 (file)
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -120,7 +120,7 @@ x509_username_field_ext_supported(const char *fieldname)
  }
  
  static bool
-extract_x509_extension(X509 *cert, char *fieldname, char *out, int size)
+extract_x509_extension(X509 *cert, char *fieldname, char *out, size_t size)
  {
      bool retval = false;
      char *buf = 0;
@@ -195,7 +195,7 @@ extract_x509_extension(X509 *cert, char *fieldname, char *out, int size)
   * to contain result is grounds for error).
   */
  static result_t
-extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, int size)
+extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, size_t size)
  {
      int lastpos = -1;
      int tmp = -1;
@@ -252,7 +252,7 @@ extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, int s
  }
  
  result_t
-backend_x509_get_username(char *common_name, int cn_len, char *x509_username_field, X509 *peer_cert)
+backend_x509_get_username(char *common_name, size_t cn_len, char *x509_username_field, X509 *peer_cert)
  {
  #ifdef ENABLE_X509ALTUSERNAME
      if (strncmp("ext:", x509_username_field, 4) == 0)
author	Frank Lichtenheld <frank@lichtenheld.com>
	Mon, 22 Sep 2025 20:43:23 +0000 (22:43 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 23 Sep 2025 09:17:27 +0000 (11:17 +0200)
src/openvpn/ssl_verify_backend.h		patch \| blob \| blame \| history
src/openvpn/ssl_verify_mbedtls.c		patch \| blob \| blame \| history
src/openvpn/ssl_verify_openssl.c		patch \| blob \| blame \| history