From 718d6c5880fe3507b1d224789b29bc2410fc9da5 Mon Sep 17 00:00:00 2001 From: Ian Lance Taylor Date: Fri, 16 Mar 2018 10:44:06 -0700 Subject: [PATCH] crypto/x509: don't require C99 mode in Darwin cgo code Fixes #24425 Change-Id: I2aacbced8cd14da67fe9a4cbd62b434c18b5fce2 Reviewed-on: https://go-review.googlesource.com/101215 Run-TryBot: Ian Lance Taylor TryBot-Result: Gobot Gobot Reviewed-by: Brad Fitzpatrick Reviewed-by: Filippo Valsorda --- src/crypto/x509/root_cgo_darwin.go | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go index 80cd2501c4..5c310bff09 100644 --- a/src/crypto/x509/root_cgo_darwin.go +++ b/src/crypto/x509/root_cgo_darwin.go @@ -78,6 +78,8 @@ int useOldCode() { // Note: The CFDataRef returned in pemRoots and untrustedPemRoots must // be released (using CFRelease) after we've consumed its content. int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { + int i; + if (useOldCode()) { return FetchPEMRoots_MountainLion(pemRoots); } @@ -101,7 +103,8 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { CFMutableDataRef combinedData = CFDataCreateMutable(kCFAllocatorDefault, 0); CFMutableDataRef combinedUntrustedData = CFDataCreateMutable(kCFAllocatorDefault, 0); - for (int i = 0; i < numDomains; i++) { + for (i = 0; i < numDomains; i++) { + int j; CFArrayRef certs = NULL; OSStatus err = SecTrustSettingsCopyCertificates(domains[i], &certs); if (err != noErr) { @@ -109,7 +112,7 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { } CFIndex numCerts = CFArrayGetCount(certs); - for (int j = 0; j < numCerts; j++) { + for (j = 0; j < numCerts; j++) { CFDataRef data = NULL; CFErrorRef errRef = NULL; CFArrayRef trustSettings = NULL; @@ -124,6 +127,9 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { if (i == 0) { trustAsRoot = 1; } else { + int k; + CFIndex m; + // Certs found in the system domain are always trusted. If the user // configures "Never Trust" on such a cert, it will also be found in the // admin or user domain, causing it to be added to untrustedPemRoots. The @@ -133,7 +139,7 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { // SecTrustServer.c, "user trust settings overrule admin trust settings", // so take the last trust settings array we find. // Skip the system domain since it is always trusted. - for (int k = i; k < numDomains; k++) { + for (k = i; k < numDomains; k++) { CFArrayRef domainTrustSettings = NULL; err = SecTrustSettingsCopyTrustSettings(cert, domains[k], &domainTrustSettings); if (err == errSecSuccess && domainTrustSettings != NULL) { @@ -147,9 +153,9 @@ int FetchPEMRoots(CFDataRef *pemRoots, CFDataRef *untrustedPemRoots) { // "this certificate must be verified to a known trusted certificate"; aka not a root. continue; } - for (CFIndex k = 0; k < CFArrayGetCount(trustSettings); k++) { + for (m = 0; m < CFArrayGetCount(trustSettings); m++) { CFNumberRef cfNum; - CFDictionaryRef tSetting = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, k); + CFDictionaryRef tSetting = (CFDictionaryRef)CFArrayGetValueAtIndex(trustSettings, m); if (CFDictionaryGetValueIfPresent(tSetting, policy, (const void**)&cfNum)){ SInt32 result = 0; CFNumberGetValue(cfNum, kCFNumberSInt32Type, &result); -- 2.50.0