Comments.

diff --git a/apps/s_client.c b/apps/s_client.c
index ff97f0be7f0310328ed32612029c9356ff46c3b5..b06104130e5372a4996010e33cdfbba3f6a8078d 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -142,7 +142,7 @@ static void sc_usage(void)
 #ifdef FIONBIO
        BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
-#ifdef APPS_CRLF
+#ifdef APPS_CRLF /* won't be #ifdef'd in next release */
        BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
 #endif
        BIO_printf(bio_err," -quiet        - no s_client output\n");

diff --git a/apps/s_server.c b/apps/s_server.c
index a78a4bcd7b02dbb5191a4e69ac3cc7c4dcf3a89d..9a81418cda847412ccb0817f08f6387640d149fa 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -169,8 +169,8 @@ static char *s_dcert_file=NULL,*s_dkey_file=NULL;
 static int s_nbio=0;
 #endif
 static int s_nbio_test=0;
-#ifdef APPS_CRLF
-       int s_crlf=0;
+#ifdef APPS_CRLF /* won't be #ifdef'd in next release */
+int s_crlf=0;
 #endif
 static SSL_CTX *ctx=NULL;
 static int www=0;

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 498cd9fabaca20dfe5a16358af4bafd7e8df980b..fbe4f667fa13d04c37cdcd71b175223210822b5b 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -413,7 +413,7 @@ struct ssl_ctx_st
 
        /* if defined, these override the X509_verify_cert() calls */
 /**/   int (*app_verify_callback)();
-/**/   char *app_verify_arg; /* never used */
+/**/   char *app_verify_arg; /* never used; should be void * */
 
        /* default values to use in SSL structures */
 /**/   struct cert_st /* CERT */ *cert;

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index b33658f017b1e21862c33e08abb6a3162dfbf5f2..6d2511f76c27c1e0f60d1720ba6887a46be968e3 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -426,7 +426,7 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
                (char *)s);
 
        if (s->ctx->app_verify_callback != NULL)
-               i=s->ctx->app_verify_callback(&ctx);
+               i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
        else
                {
 #ifndef NO_X509_VERIFY

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d99c7d943ccc0097c8cca1e647bf2931241f23d4..e192fc4cac3a2f29d503f30d23bc7a8d1f264f8e 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1142,6 +1142,11 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
 
 void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,int (*cb)(),char *arg)
        {
+       /* now
+        *     int (*cb)(X509_STORE_CTX *),
+        * but should be
+        *     int (*cb)(X509_STORE_CTX *, void *arg)
+        */
        ctx->app_verify_callback=cb;
        ctx->app_verify_arg=arg; /* never used */
        }