Monolith compile verify.c

Michael Mueller abaci.mjm at gmail.com
Wed Jun 24 19:20:25 UTC 2020 

I'm compiling verify.c as a monolith from 1.1.1g.

Using gcc 4.8.5 I have no problems.

Using gcc 4.3.4 I get a warning which we treat as an error:

gcc -c -Wall -Werror -Wextra -idirafter ../../inc -idirafter
../../../../OPENSSL/include/SUSE-Linux -DMONOLITH -DNO_ASN1_OLD -DLINUX -o
../../obj/verify.o ../../src/verify.c

cc1: warnings being treated as errors

../../src/verify.c:64: error: missing initializer

../../src/verify.c:64: error: (near initialization for
‘verify_options[45].retval’)



I found the source of my problem and created a fix that I could toggle when
testing with different compilers. The fix compiles cleanly with both gcc
compilers mentioned above.

I have not tried it with Visual Studio yet.


const OPTIONS verify_options[] = {

    {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},

    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},

    {"help", OPT_HELP, '-', "Display this summary"},

    {"verbose", OPT_VERBOSE, '-',

        "Print extra information about the operations being performed."},

    {"CApath", OPT_CAPATH, '/', "A directory of trusted certificates"},

    {"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"},

    {"no-CAfile", OPT_NOCAFILE, '-',

     "Do not load the default certificates file"},

    {"no-CApath", OPT_NOCAPATH, '-',

     "Do not load certificates from the default certificates directory"},

    {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"},

    {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"},

    {"CRLfile", OPT_CRLFILE, '<',

        "File containing one or more CRL's (in PEM format) to load"},

    {"crl_download", OPT_CRL_DOWNLOAD, '-',

        "Attempt to download CRL information for this certificate"},

    {"show_chain", OPT_SHOW_CHAIN, '-',

        "Display information about the certificate chain"},

    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},

    OPT_V_OPTIONS,

#ifndef OPENSSL_NO_ENGINE

    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},

#endif

#if 0

    {NULL, -1, 'Q', "unused end of list"} this is the change I’d like to
offer

#else

    {NULL} this is the current code

#endif

};


Questions

1. Is the fix valid?

2.  If fix is valid, what are the chances of getting the change accepted?

Thanks

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200624/6a486d15/attachment.html>

More information about the openssl-users mailing list