Commit 718d6c58 authored by Ian Lance Taylor's avatar Ian Lance Taylor

crypto/x509: don't require C99 mode in Darwin cgo code

Fixes #24425

Change-Id: I2aacbced8cd14da67fe9a4cbd62b434c18b5fce2
Reviewed-on: https://go-review.googlesource.com/101215
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: default avatarFilippo Valsorda <filippo@golang.org>
parent 2767c4e2
...@@ -78,6 +78,8 @@ int useOldCode() { ...@@ -78,6 +78,8 @@ int useOldCode() {
// Note: The CFDataRef returned in pemRoots and untrustedPemRoots must // Note: The CFDataRef returned in pemRoots and untrustedPemRoots must
// be released (using CFRelease) after we've consumed its content. // be released (using CFRelease) after we've consumed its content.
int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
int i;
if (useOldCode()) { if (useOldCode()) {
return FetchPEMRoots_MountainLion(pemRoots); return FetchPEMRoots_MountainLion(pemRoots);
} }
...@@ -101,7 +103,8 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { ...@@ -101,7 +103,8 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0); CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
CFMutableDataRef combinedUntrustedData = CFDataCreateMutable(kCFAllocatorDefault, 0); CFMutableDataRef combinedUntrustedData = CFDataCreateMutable(kCFAllocatorDefault, 0);
for (int i = 0; i < numDomains; i++) { for (i = 0; i < numDomains; i++) {
int j;
CFArrayRef certs = NULL; CFArrayRef certs = NULL;
OSStatus err = SecTrustSettingsCopyCertificates(domains[i], &certs); OSStatus err = SecTrustSettingsCopyCertificates(domains[i], &certs);
if (err != noErr) { if (err != noErr) {
...@@ -109,7 +112,7 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { ...@@ -109,7 +112,7 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
} }
CFIndex numCerts = CFArrayGetCount(certs); CFIndex numCerts = CFArrayGetCount(certs);
for (int j = 0; j < numCerts; j++) { for (j = 0; j < numCerts; j++) {
CFDataRef data = NULL; CFDataRef data = NULL;
CFErrorRef errRef = NULL; CFErrorRef errRef = NULL;
CFArrayRef trustSettings = NULL; CFArrayRef trustSettings = NULL;
...@@ -124,6 +127,9 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { ...@@ -124,6 +127,9 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
if (i == 0) { if (i == 0) {
trustAsRoot = 1; trustAsRoot = 1;
} else { } else {
int k;
CFIndex m;
// Certs found in the system domain are always trusted. If the user // Certs found in the system domain are always trusted. If the user
// configures "Never Trust" on such a cert, it will also be found in the // configures "Never Trust" on such a cert, it will also be found in the
// admin or user domain, causing it to be added to untrustedPemRoots. The // admin or user domain, causing it to be added to untrustedPemRoots. The
...@@ -133,7 +139,7 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { ...@@ -133,7 +139,7 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
// SecTrustServer.c, "user trust settings overrule admin trust settings", // SecTrustServer.c, "user trust settings overrule admin trust settings",
// so take the last trust settings array we find. // so take the last trust settings array we find.
// Skip the system domain since it is always trusted. // Skip the system domain since it is always trusted.
for (int k = i; k < numDomains; k++) { for (k = i; k < numDomains; k++) {
CFArrayRef domainTrustSettings = NULL; CFArrayRef domainTrustSettings = NULL;
err = SecTrustSettingsCopyTrustSettings(cert, domains[k], &domainTrustSettings); err = SecTrustSettingsCopyTrustSettings(cert, domains[k], &domainTrustSettings);
if (err == errSecSuccess && domainTrustSettings != NULL) { if (err == errSecSuccess && domainTrustSettings != NULL) {
...@@ -147,9 +153,9 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { ...@@ -147,9 +153,9 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) {
// "this certificate must be verified to a known trusted certificate"; aka not a root. // "this certificate must be verified to a known trusted certificate"; aka not a root.
continue; continue;
} }
for (CFIndex k = 0; k < CFArrayGetCount(trustSettings); k++) { for (m = 0; m < CFArrayGetCount(trustSettings); m++) {
CFNumberRef cfNum; CFNumberRef cfNum;
CFDictionaryRef tSetting = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, k); CFDictionaryRef tSetting = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, m);
if (CFDictionaryGetValueIfPresent(tSetting, policy, (const void**)&cfNum)){ if (CFDictionaryGetValueIfPresent(tSetting, policy, (const void**)&cfNum)){
SInt32 result = 0; SInt32 result = 0;
CFNumberGetValue(cfNum, kCFNumberSInt32Type, &result); CFNumberGetValue(cfNum, kCFNumberSInt32Type, &result);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment