diff --git a/CHANGES b/CHANGES index e138781..e81b742 100644 --- a/CHANGES +++ b/CHANGES @@ -14,6 +14,11 @@ Corrections: configure now checks for the variant. Thanks to Robert Zybeck for reporting this issue. + The variable for the no-sni option was not initialized and could thus + break OpenSSL certificate verification. E.g., test OPENSSL_SNI on some + platform succeeded with -g but failed with -O compiler option. + Thanks to valgrind for quickly finding the cause. + Porting: Again porting Socat to AIX (7.1) - Fixed configure and compile issues: Adapted include requirements for IPv6 @@ -30,7 +35,7 @@ Testing: does not allow fractions of seconds, grep does not understand '\<'; OpenIndiana/SunOS netstat format; many more functional and cosmetic code corrections. - + ####################### V 1.7.4.2: Corrections: diff --git a/xio-openssl.c b/xio-openssl.c index 027b0d5..58e7884 100644 --- a/xio-openssl.c +++ b/xio-openssl.c @@ -226,7 +226,7 @@ static int bool opt_ver = true; /* verify peer certificate */ char *opt_cert = NULL; /* file name of client certificate */ const char *opt_commonname = NULL; /* for checking peer certificate */ - bool opt_no_sni; + bool opt_no_sni = false; const char *opt_snihost = NULL; /* for SNI host */ int result;