From: Remi Gacogne <rgacogne[at]aquaray[dot]fr>
Date: Mon, 19 May 2014 08:29:58 +0000 (+0200)
Subject: MINOR: ssl: SSL_CTX_set_options() and SSL_CTX_set_mode() take a long, not an int
X-Git-Tag: v1.5-dev26~42
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=af5c3da89e408427b9dcfcfa47ae53eb9e797b1f;p=thirdparty%2Fhaproxy.git

MINOR: ssl: SSL_CTX_set_options() and SSL_CTX_set_mode() take a long, not an int

This is a minor fix, but the SSL_CTX_set_options() and
SSL_CTX_set_mode() functions take a long, not an int parameter. As
SSL_OP_ALL is now (since OpenSSL 1.0.0) defined as 0x80000BFFL, I think
it is worth fixing.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index fd0b41fd60..880e7275b0 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -728,7 +728,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
 {
 	int cfgerr = 0;
 	int verify = SSL_VERIFY_NONE;
-	int ssloptions =
+	long ssloptions =
 		SSL_OP_ALL | /* all known workarounds for bugs */
 		SSL_OP_NO_SSLv2 |
 		SSL_OP_NO_COMPRESSION |
@@ -736,7 +736,7 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy
 		SSL_OP_SINGLE_ECDH_USE |
 		SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
 		SSL_OP_CIPHER_SERVER_PREFERENCE;
-	int sslmode =
+	long sslmode =
 		SSL_MODE_ENABLE_PARTIAL_WRITE |
 		SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
 		SSL_MODE_RELEASE_BUFFERS;
@@ -995,11 +995,11 @@ static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
 int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
 {
 	int cfgerr = 0;
-	int options =
+	long options =
 		SSL_OP_ALL | /* all known workarounds for bugs */
 		SSL_OP_NO_SSLv2 |
 		SSL_OP_NO_COMPRESSION;
-	int mode =
+	long mode =
 		SSL_MODE_ENABLE_PARTIAL_WRITE |
 		SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
 		SSL_MODE_RELEASE_BUFFERS;