From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Mon, 22 Sep 2025 20:43:23 +0000 (+0200)
Subject: ssl_verify: Change backend_x509_* functions to size_t for lengths
X-Git-Tag: v2.7_beta2~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=38f2cedc60258d0dcb340873faa12e1de594e3c8;p=thirdparty%2Fopenvpn.git

ssl_verify: Change backend_x509_* functions to size_t for lengths

Fix conversion warnings without actual code changes.

Change-Id: If971006b6d3a1a93d87b29627d91dd72faf5ceb2
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1138
Message-Id: <20250922204329.23460-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33152.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h
index ceaef3f8c..1d5653389 100644
--- a/src/openvpn/ssl_verify_backend.h
+++ b/src/openvpn/ssl_verify_backend.h
@@ -123,7 +123,7 @@ struct buffer x509_get_sha256_fingerprint(openvpn_x509_cert_t *cert, struct gc_a
  *
  * @return              \c FAILURE, \c or SUCCESS
  */
-result_t backend_x509_get_username(char *common_name, int cn_len, char *x509_username_field,
+result_t backend_x509_get_username(char *common_name, size_t cn_len, char *x509_username_field,
                                    openvpn_x509_cert_t *peer_cert);
 
 #ifdef ENABLE_X509ALTUSERNAME
diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c
index 61f64afc8..c92eaf17b 100644
--- a/src/openvpn/ssl_verify_mbedtls.c
+++ b/src/openvpn/ssl_verify_mbedtls.c
@@ -128,7 +128,7 @@ verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, uint3
 #endif
 
 result_t
-backend_x509_get_username(char *cn, int cn_len, char *x509_username_field, mbedtls_x509_crt *cert)
+backend_x509_get_username(char *cn, size_t cn_len, char *x509_username_field, mbedtls_x509_crt *cert)
 {
     mbedtls_x509_name *name;
 
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 9cd2418d2..7a7b21ec9 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -120,7 +120,7 @@ x509_username_field_ext_supported(const char *fieldname)
 }
 
 static bool
-extract_x509_extension(X509 *cert, char *fieldname, char *out, int size)
+extract_x509_extension(X509 *cert, char *fieldname, char *out, size_t size)
 {
     bool retval = false;
     char *buf = 0;
@@ -195,7 +195,7 @@ extract_x509_extension(X509 *cert, char *fieldname, char *out, int size)
  * to contain result is grounds for error).
  */
 static result_t
-extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, int size)
+extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, size_t size)
 {
     int lastpos = -1;
     int tmp = -1;
@@ -252,7 +252,7 @@ extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, int s
 }
 
 result_t
-backend_x509_get_username(char *common_name, int cn_len, char *x509_username_field, X509 *peer_cert)
+backend_x509_get_username(char *common_name, size_t cn_len, char *x509_username_field, X509 *peer_cert)
 {
 #ifdef ENABLE_X509ALTUSERNAME
     if (strncmp("ext:", x509_username_field, 4) == 0)