From 03a39a919cdb3d1199f7f35c664533977a9eb091 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Sat, 23 Sep 2017 14:01:10 +0300 Subject: [PATCH] tls: some more casting to float Signed-off-by: Isaac Boukris --- src/main/tls/ctx.c | 14 +++++++------- src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/main/tls/ctx.c b/src/main/tls/ctx.c index 4c7cd8b..18b9c4a 100644 --- a/src/main/tls/ctx.c +++ b/src/main/tls/ctx.c @@ -359,7 +359,7 @@ post_ca: ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_SSLv3; - if (conf->tls_min_version < 1.0) { + if (conf->tls_min_version < (float) 1.0) { ERROR("SSLv2 and SSLv3 are permanently disabled due to critical security issues"); return NULL; } @@ -369,22 +369,22 @@ post_ca: * Though they can be *globally* disabled if necessary.x */ # ifdef SSL_OP_NO_TLSv1 - if (conf->tls_min_version > 1.0) ctx_options |= SSL_OP_NO_TLSv1; - if ((conf->tls_max_version != 0.0) && (conf->tls_max_version < 1.0)) { + if (conf->tls_min_version > (float) 1.0) ctx_options |= SSL_OP_NO_TLSv1; + if ((conf->tls_max_version != (float) 0.0) && (conf->tls_max_version < (float) 1.0)) { ctx_options |= SSL_OP_NO_TLSv1; } ctx_tls_versions |= SSL_OP_NO_TLSv1; # endif # ifdef SSL_OP_NO_TLSv1_1 - if (conf->tls_min_version > 1.1) ctx_options |= SSL_OP_NO_TLSv1_1; - if ((conf->tls_max_version != 0.0) && (conf->tls_max_version < 1.1)) { + if (conf->tls_min_version > (float) 1.1) ctx_options |= SSL_OP_NO_TLSv1_1; + if ((conf->tls_max_version != (float) 0.0) && (conf->tls_max_version < (float) 1.1)) { ctx_options |= SSL_OP_NO_TLSv1_1; } ctx_tls_versions |= SSL_OP_NO_TLSv1_1; # endif # ifdef SSL_OP_NO_TLSv1_2 - if (conf->tls_min_version > 1.2) ctx_options |= SSL_OP_NO_TLSv1_2; - if ((conf->tls_max_version != 0.0) && (conf->tls_max_version < 1.2)) { + if (conf->tls_min_version > (float) 1.2) ctx_options |= SSL_OP_NO_TLSv1_2; + if ((conf->tls_max_version != (float) 0.0) && (conf->tls_max_version < (float) 1.2)) { ctx_options |= SSL_OP_NO_TLSv1_2; } ctx_tls_versions |= SSL_OP_NO_TLSv1_2; diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c index 51730d9..fa1b2b1 100644 --- a/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c +++ b/src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c @@ -107,7 +107,7 @@ static int mod_instantiate(void *instance, CONF_SECTION *cs) } // FIXME TLSv1.2 uses a different PRF and SSL_export_keying_material("key expansion") is forbidden - if ((inst->tls_conf->tls_max_version > 1.1) || (inst->tls_conf->tls_max_version == 0.0)) { + if ((inst->tls_conf->tls_max_version > (float) 1.1) || (inst->tls_conf->tls_max_version == (float) 0.0)) { cf_log_err_by_name(cs, "tls_max_version", "require tls_max_version <= 1.1"); return -1; } -- 2.7.5