diff --git a/Configure b/Configure index cfd1980d80..fb20e85c57 100755 --- a/Configure +++ b/Configure @@ -101,13 +101,13 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare # These are used in addition to $gcc_devteam_warn when the compiler is clang. # TODO(openssl-team): fix problems and investigate if (at least) the -# following warnings can also be enabled: -Wconditional-uninitialized, +# following warnings can also be enabled: # -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers, # -Wmissing-variable-declarations, # -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, # -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token # -Wextended-offsetof -my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments"; my $strict_warnings = 0; diff --git a/apps/s_client.c b/apps/s_client.c index f4132c8f15..5971f8aac6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -656,7 +656,7 @@ int s_client_main(int argc, char **argv) int prexit = 0; int enable_timeouts = 0, sdebug = 0, peerlen = sizeof peer; int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0; - int ret = 1, in_init = 1, i, nbio_test = 0, s, k, width, state = 0; + int ret = 1, in_init = 1, i, nbio_test = 0, s = -1, k, width, state = 0; int sbuf_len, sbuf_off, socket_type = SOCK_STREAM, cmdletters = 1; int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0; int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; diff --git a/apps/verify.c b/apps/verify.c index 7fcd32a404..8abc70859a 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -272,37 +272,35 @@ static int check(X509_STORE *ctx, char *file, if (crls) X509_STORE_CTX_set0_crls(csc, crls); i = X509_verify_cert(csc); - if (i > 0 && show_chain) { - chain = X509_STORE_CTX_get1_chain(csc); - num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); + if (i > 0) { + printf("OK\n"); + ret = 1; + if (show_chain) { + chain = X509_STORE_CTX_get1_chain(csc); + num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); + printf("Chain:\n"); + for (i = 0; i < sk_X509_num(chain); i++) { + X509 *cert = sk_X509_value(chain, i); + printf("depth=%d: ", i); + X509_NAME_print_ex_fp(stdout, + X509_get_subject_name(cert), + 0, XN_FLAG_ONELINE); + if (i < num_untrusted) + printf(" (untrusted)"); + printf("\n"); + } + sk_X509_pop_free(chain, X509_free); + } } X509_STORE_CTX_free(csc); ret = 0; end: - if (i > 0) { - printf("OK\n"); - ret = 1; - } else - ERR_print_errors(bio_err); - if (chain) { - printf("Chain:\n"); - for (i = 0; i < sk_X509_num(chain); i++) { - X509 *cert = sk_X509_value(chain, i); - printf("depth=%d: ", i); - X509_NAME_print_ex_fp(stdout, - X509_get_subject_name(cert), - 0, XN_FLAG_ONELINE); - if (i < num_untrusted) { - printf(" (untrusted)"); - } - printf("\n"); - } - sk_X509_pop_free(chain, X509_free); - } + if (i <= 0) + ERR_print_errors(bio_err); X509_free(x); - return (ret); + return ret; } static int cb(int ok, X509_STORE_CTX *ctx)