From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 29 Apr 2025 09:20:46 +0000 (+0200)
Subject: libssl: Properly handle the different return types of `sk_GENERAL_NAME_num`
X-Git-Tag: dnsdist-2.0.0-alpha2~40^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e7b5b253c795104655e97ff0804bbf1488a9e6d;p=thirdparty%2Fpdns.git

libssl: Properly handle the different return types of `sk_GENERAL_NAME_num`
---

diff --git a/pdns/libssl.cc b/pdns/libssl.cc
index d123823b20..9bc00818fb 100644
--- a/pdns/libssl.cc
+++ b/pdns/libssl.cc
@@ -545,12 +545,19 @@ struct StackOfNamesDeleter
   }
 };
 
+#if defined(OPENSSL_IS_BORINGSSL)
+/* return type of OpenSSL's sk_XXX_num() */
+using SSLStackIndex size_t;
+#else
+using SSLStackIndex = int;
+#endif
+
 static std::unordered_set<std::string> get_names_from_certificate(const X509* certificate)
 {
   std::unordered_set<std::string> result;
   auto names = std::unique_ptr<STACK_OF(GENERAL_NAME), StackOfNamesDeleter>(static_cast<STACK_OF(GENERAL_NAME)*>(X509_get_ext_d2i(certificate, NID_subject_alt_name, nullptr, nullptr)));
   if (names) {
-    for (int idx = 0; idx < sk_GENERAL_NAME_num(names.get()); idx++) {
+    for (SSLStackIndex idx = 0; idx < sk_GENERAL_NAME_num(names.get()); idx++) {
       const auto* name = sk_GENERAL_NAME_value(names.get(), idx);
       if (name->type != GEN_DNS) {
         /* ignore GEN_IPADD / name->d.iPAddress (raw IP address bytes), it cannot be used in SNI anyway */