#endif
ldns_status
-ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
- const ldns_rdf* name, int port, ldns_dane_transport transport)
+ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
+ uint16_t port, ldns_dane_transport transport)
{
char buf[LDNS_MAX_DOMAINLEN];
size_t s;
assert(name != NULL);
assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME);
- s = snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", port);
- buf[0] = s - 1;
+ s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port);
+ buf[0] = (char)(s - 1);
switch(transport) {
case LDNS_DANE_TRANSPORT_TCP:
- s += snprintf(&buf[s], LDNS_MAX_DOMAINLEN, "\004_tcp");
+ s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp");
break;
case LDNS_DANE_TRANSPORT_UDP:
- s += snprintf(&buf[s], LDNS_MAX_DOMAINLEN, "\004_udp");
+ s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp");
break;
case LDNS_DANE_TRANSPORT_SCTP:
- s += snprintf(&buf[s], LDNS_MAX_DOMAINLEN, "\005_sctp");
+ s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp");
break;
default:
ldns_tlsa_matching_type matching_type)
{
unsigned char* buf = NULL;
- int len;
+ size_t len;
X509_PUBKEY* xpubkey;
EVP_PKEY* epubkey;
- uint8_t* digest;
+ unsigned char* digest;
assert(rdf != NULL);
assert(cert != NULL);
switch(selector) {
case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE:
- len = i2d_X509(cert, &buf);
+ len = (size_t)i2d_X509(cert, &buf);
break;
case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO:
+#ifndef S_SPLINT_S
xpubkey = X509_get_X509_PUBKEY(cert);
+#endif
if (! xpubkey) {
return LDNS_STATUS_SSL_ERR;
}
if (! epubkey) {
return LDNS_STATUS_SSL_ERR;
}
- len = i2d_PUBKEY(epubkey, &buf);
+ len = (size_t)i2d_PUBKEY(epubkey, &buf);
break;
default:
case LDNS_TLSA_MATCHING_TYPE_SHA256:
- digest = LDNS_XMALLOC(uint8_t, SHA256_DIGEST_LENGTH);
+ digest = LDNS_XMALLOC(unsigned char, SHA256_DIGEST_LENGTH);
if (digest == NULL) {
LDNS_FREE(buf);
return LDNS_STATUS_MEM_ERR;
}
- (void) ldns_sha256(buf, len, digest);
+ (void) ldns_sha256(buf, (unsigned int)len, digest);
*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, SHA256_DIGEST_LENGTH,
digest);
LDNS_FREE(buf);
case LDNS_TLSA_MATCHING_TYPE_SHA512:
- digest = LDNS_XMALLOC(uint8_t, SHA512_DIGEST_LENGTH);
+ digest = LDNS_XMALLOC(unsigned char, SHA512_DIGEST_LENGTH);
if (digest == NULL) {
LDNS_FREE(buf);
return LDNS_STATUS_MEM_ERR;
}
- (void) ldns_sha512(buf, len, digest);
+ (void) ldns_sha512(buf, (unsigned int)len, digest);
*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, SHA512_DIGEST_LENGTH,
digest);
LDNS_FREE(buf);
s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type);
if (s == LDNS_STATUS_OK) {
- ldns_rr_set_rdf(*tlsa, rdf, 3);
+ (void) ldns_rr_set_rdf(*tlsa, rdf, 3);
return LDNS_STATUS_OK;
}
ldns_rr_free(*tlsa);
size_t n, i;
X509* cert;
- n = sk_X509_num(chain);
+ n = (size_t)sk_X509_num(chain);
for (i = 0; i < n; i++) {
cert = sk_X509_pop(chain);
if (! cert) {
s = LDNS_STATUS_NETWORK_ERR;
goto error;
}
- if (connect(sock, (struct sockaddr*)a, a_len) == -1) {
+ if (connect(sock, (struct sockaddr*)a, (socklen_t)a_len) == -1) {
s = LDNS_STATUS_NETWORK_ERR;
goto error;
}
goto error;
}
SSL_set_connect_state(ssl);
- SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+ (void) SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
if (! SSL_set_fd(ssl, sock)) {
close(sock);
s = LDNS_STATUS_SSL_ERR;
char* name_str;
ldns_rdf* name;
- int port;
+ uint16_t port;
ldns_resolver* res = NULL;
ldns_rdf* tlsa_owner = NULL;
s = ldns_str2rdf_dname(&name, name_str);
LDNS_ERR(s, "could not ldns_str2rdf_dname");
- port = usage_within_range(argv[1], 65535, "port");
+ port = (uint16_t) usage_within_range(argv[1], 65535, "port");
s = ldns_dane_create_tlsa_owner(&tlsa_owner, name, port, transport);
LDNS_ERR(s, "could not create TLSA owner name");
if (! cert) {
ssl_err("could not SSL_get_certificate");
}
+#ifndef S_SPLINT_S
extra_certs = ctx->extra_certs;
+#endif
switch (mode) {
case CREATE: dane_create(tlsas, tlsa_owner, certificate_usage,
projects / thirdparty / ldns.git / commitdiff
