Opened 6 years ago

Closed 6 years ago

#7209 closed Bugs (fixed)

Asio SSL overflow in constant

Reported by: ramon.casellas@… Owned by: chris_kohlhoff
Milestone: Boost 1.51.0 Component: asio
Version: Boost 1.51.0 Severity: Regression
Keywords: asio SSL options overflow int Cc:


Dear Chris,

I am getting a warning about overflow in SSL context options.

Environment: Ubuntu Quantal (development) boost trunk (also applies to 1.50 1.51, ...) Configured with: ../src/configure -v --with-pkgversion='Ubuntu/Linaro? 4.7.1-6ubuntu1' --with-bugurl=file:///usr/share/doc/gcc-4.7/README.Bugs --enable-languages=c,c++,go,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.7 --enable-shared --enable-linker-build-id --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.7 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --enable-plugin --enable-objc-gc --disable-werror --with-arch-32=i686 --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 4.7.1 (Ubuntu/Linaro? 4.7.1-6ubuntu1)

In file included from /adnet/boost-1.50.0/include/boost/asio/ssl/context.hpp:26:0,
                 from /adnet/boost-1.50.0/include/boost/asio/ssl.hpp:19,
                 from /adnet/src/cttc-pce-trunk/apps/server/plugins/openflow/connection.cpp:12:
/adnet/boost-1.50.0/include/boost/asio/ssl/context_base.hpp:92:42: warning: overflow in implicit constant conversion [-Woverflow]

In context_base.hpp

Note in /usr/include/openssl/ssl.h:564:23019:

/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
 *             This used to be 0x000FFFFFL before 0.9.7. */
#define SSL_OP_ALL                                      0x80000BFFL

the new value seems to overflow?

could you please consider something in the lines of:

--- /adnet/boost-trunk/boost/asio/ssl/context_base.hpp  2012-01-12 11:33:11.408503342 +0100
+++ /adnet/boost-1.50.0/include/boost/asio/ssl/context_base.hpp 2012-08-08 13:55:48.660086890 +0200
@@ -71,29 +71,29 @@
   /// Bitmask type for SSL options.
-  typedef int options;
+  typedef long options;
   /// Implement various bug workarounds.
-  static const int default_workarounds = implementation_defined;
+  static const long default_workarounds = implementation_defined;
   /// Always create a new key when using tmp_dh parameters.
-  static const int single_dh_use = implementation_defined;
+  static const long single_dh_use = implementation_defined;
   /// Disable SSL v2.
-  static const int no_sslv2 = implementation_defined;
+  static const long no_sslv2 = implementation_defined;
   /// Disable SSL v3.
-  static const int no_sslv3 = implementation_defined;
+  static const long no_sslv3 = implementation_defined;
   /// Disable TLS v1.
-  static const int no_tlsv1 = implementation_defined;
+  static const long no_tlsv1 = implementation_defined;
-  BOOST_STATIC_CONSTANT(int, default_workarounds = SSL_OP_ALL);
-  BOOST_STATIC_CONSTANT(int, no_sslv2 = SSL_OP_NO_SSLv2);
-  BOOST_STATIC_CONSTANT(int, no_sslv3 = SSL_OP_NO_SSLv3);
-  BOOST_STATIC_CONSTANT(int, no_tlsv1 = SSL_OP_NO_TLSv1);
+  BOOST_STATIC_CONSTANT(long, default_workarounds = SSL_OP_ALL);
+  BOOST_STATIC_CONSTANT(long, no_sslv2 = SSL_OP_NO_SSLv2);
+  BOOST_STATIC_CONSTANT(long, no_sslv3 = SSL_OP_NO_SSLv3);
+  BOOST_STATIC_CONSTANT(long, no_tlsv1 = SSL_OP_NO_TLSv1);
   /// File format types.

or, if you do not consider that a bug, silence the warning?

note that SSL_CTX_set_options takes a long, if I am not mistaken

Thanks in advance, Ramon

Change History (1)

comment:1 Changed 6 years ago by chris_kohlhoff

Resolution: fixed
Status: newclosed

(In [82290]) Merge from trunk:

  • Fix some 64-to-32-bit conversion warnings. Fixes #7459
  • Fix typos in comments. Fixes #7761
  • Fix error in example embedded in basic_socket::get_option's documentation. Fixes #7562
  • Use long rather than int for SSL_CTX options, to match OpenSSL. Fixes #7209
  • Use _snwprintf to address a compile error due to the changed swprintf signature in recent versions of MinGW. Fixes #7373
  • Fix deadlock that can occur on Windows when shutting down a pool of io_service threads due to running out of work. Fixes #7552
  • Enable noexcept qualifier for error categories. Fixes #7797
  • Treat errors from accept as non-fatal. Fixes #7488
  • Add a small block recycling optimisation.
  • Version bump.
  • Regenerate documentation.
Note: See TracTickets for help on using tickets.