Both wincrypt.h and openssl try to define X509_NAME. The wincrypt.h one
is not useful for us, so we currently #undef it if this was set.
However, it's done very late, right before including x509v3.h which
defines the X509_NAME type. Any header included in between may try to
#include x509v3.h so it's better to undefine X509_NAME right after
including wincrypt.h.
If verify_subject() is called with a SpiceOpenSSLVerify struct containing a
non-NULL 'in_subject' member, it would try to use the local 'in_entries'
variable without having initialized it first. This could happen if
verify_subject() was called multiple time with the same SpiceOpenSSLVerify
context, which probably isn't occurring the way we are using it.
However, since verify_subject() is the only method which needs in_subject,
we don't need to have it stored in SpiceOpenSSLVerify, and we can
recreate it as needed locally in that method, which avoids that issue.
If X509_NAME isn't undefined before including x509v3.h, very
weird compilation error occurs. It seems to be caused by duplicate
definitions for this symbols coming from wincrypto.h
Code adapter from RedPeer::ssl_verify_callback() and used by
spice-gtk.
Since v1:
- fixed Makefile.am
- added config.h include
- autoconf alloca added in patch series
- moved int escape inside for loop
- added a failed case when missing assignment
- replaced strlen () by -1
- skip spaces after comma
- c++ guards
I didn't use bool, because openSSL uses int, and it is more future
proof for error reporting.
