f853ec317f
...following up on 314f15bff08b76bf96acf99141776ef64d2f1355 "Extend
loplugin:external to warn about enums".
Cases where free functions were moved into an unnamed namespace along with a
class, to not break ADL, are in:
filter/source/svg/svgexport.cxx
sc/source/filter/excel/xelink.cxx
sc/source/filter/excel/xilink.cxx
svx/source/sdr/contact/viewobjectcontactofunocontrol.cxx
All other free functions mentioning moved classes appear to be harmless and not
give rise to (silent, even) ADL breakage. (One remaining TODO in
compilerplugins/clang/external.cxx is that derived classes are not covered by
computeAffectedTypes, even though they could also be affected by ADL-breakage---
but don't seem to be in any acutal case across the code base.)
For friend declarations using elaborate type specifiers, like
class C1 {};
class C2 { friend class C1; };
* If C2 (but not C1) is moved into an unnamed namespace, the friend declaration
must be changed to not use an elaborate type specifier (i.e., "friend C1;"; see
C++17 [namespace.memdef]/3: "If the name in a friend declaration is neither
qualified nor a template-id and the declaration is a function or an
elaborated-type-specifier, the lookup to determine whether the entity has been
previously declared shall not consider any scopes outside the innermost
enclosing namespace.")
* If C1 (but not C2) is moved into an unnamed namespace, the friend declaration
must be changed too, see <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71882>
"elaborated-type-specifier friend not looked up in unnamed namespace".
Apart from that, to keep changes simple and mostly mechanical (which should help
avoid regressions), out-of-line definitions of class members have been left in
the enclosing (named) namespace. But explicit specializations of class
templates had to be moved into the unnamed namespace to appease
<https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92598> "explicit specialization of
template from unnamed namespace using unqualified-id in enclosing namespace".
Also, accompanying declarations (of e.g. typedefs or static variables) that
could arguably be moved into the unnamed namespace too have been left alone.
And in some cases, mention of affected types in blacklists in other loplugins
needed to be adapted.
And sc/qa/unit/mark_test.cxx uses a hack of including other .cxx, one of which
is sc/source/core/data/segmenttree.cxx where e.g. ScFlatUInt16SegmentsImpl is
not moved into an unnamed namespace (because it is declared in
sc/inc/segmenttree.hxx), but its base ScFlatSegmentsImpl is. GCC warns about
such combinations with enabled-by-default -Wsubobject-linkage, but "The compiler
doesn’t give this warning for types defined in the main .C file, as those are
unlikely to have multiple definitions."
(<https://gcc.gnu.org/onlinedocs/gcc-9.2.0/gcc/Warning-Options.html>) The
warned-about classes also don't have multiple definitions in the given test, so
disable the warning when including the .cxx.
Change-Id: Ib694094c0d8168be68f8fe90dfd0acbb66a3f1e4
Reviewed-on: https://gerrit.libreoffice.org/83239
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
153 lines
5.1 KiB
C++
153 lines
5.1 KiB
C++
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/*
|
|
* This file is part of the LibreOffice project.
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
* This file incorporates work covered by the following license notice:
|
|
*
|
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
* contributor license agreements. See the NOTICE file distributed
|
|
* with this work for additional information regarding copyright
|
|
* ownership. The ASF licenses this file to you under the Apache
|
|
* License, Version 2.0 (the "License"); you may not use this file
|
|
* except in compliance with the License. You may obtain a copy of
|
|
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
|
|
*/
|
|
|
|
|
|
#include <secerr.h>
|
|
#include "secerror.hxx"
|
|
#include <nss.h>
|
|
#include <certt.h>
|
|
#include <sal/log.hxx>
|
|
|
|
namespace {
|
|
|
|
struct ErrDesc {
|
|
PRErrorCode const errNum;
|
|
const char * errString;
|
|
};
|
|
|
|
}
|
|
|
|
const ErrDesc allDesc[] = {
|
|
|
|
#include "certerrors.h"
|
|
|
|
};
|
|
|
|
|
|
/* Returns a UTF-8 encoded constant error string for "errNum".
|
|
* Returns NULL of errNum is unknown.
|
|
*/
|
|
const char *
|
|
getCertError(PRErrorCode errNum)
|
|
{
|
|
for (const ErrDesc& i : allDesc)
|
|
{
|
|
if (i.errNum == errNum)
|
|
return i.errString;
|
|
}
|
|
|
|
return "";
|
|
}
|
|
|
|
void
|
|
printChainFailure(CERTVerifyLog *log)
|
|
{
|
|
unsigned int depth = static_cast<unsigned int>(-1);
|
|
CERTVerifyLogNode *node = nullptr;
|
|
|
|
if (log->count > 0)
|
|
{
|
|
SAL_INFO("xmlsecurity.xmlsec", "Bad certification path:");
|
|
unsigned long errorFlags = 0;
|
|
for (node = log->head; node; node = node->next)
|
|
{
|
|
if (depth != node->depth)
|
|
{
|
|
depth = node->depth;
|
|
SAL_INFO("xmlsecurity.xmlsec", "Certificate: " << depth <<
|
|
node->cert->subjectName << ": " <<
|
|
(depth ? "[Certificate Authority]": ""));
|
|
}
|
|
SAL_INFO("xmlsecurity.xmlsec", " ERROR " << node->error << ": " <<
|
|
getCertError(node->error));
|
|
const char * specificError = nullptr;
|
|
const char * issuer = nullptr;
|
|
switch (node->error)
|
|
{
|
|
case SEC_ERROR_INADEQUATE_KEY_USAGE:
|
|
errorFlags = reinterpret_cast<unsigned long>(node->arg);
|
|
switch (errorFlags)
|
|
{
|
|
case KU_DIGITAL_SIGNATURE:
|
|
specificError = "Certificate cannot sign.";
|
|
break;
|
|
case KU_KEY_ENCIPHERMENT:
|
|
specificError = "Certificate cannot encrypt.";
|
|
break;
|
|
case KU_KEY_CERT_SIGN:
|
|
specificError = "Certificate cannot sign other certs.";
|
|
break;
|
|
default:
|
|
specificError = "[unknown usage].";
|
|
break;
|
|
}
|
|
break;
|
|
case SEC_ERROR_INADEQUATE_CERT_TYPE:
|
|
errorFlags = reinterpret_cast<unsigned long>(node->arg);
|
|
switch (errorFlags)
|
|
{
|
|
case NS_CERT_TYPE_SSL_CLIENT:
|
|
case NS_CERT_TYPE_SSL_SERVER:
|
|
specificError = "Certificate cannot be used for SSL.";
|
|
break;
|
|
case NS_CERT_TYPE_SSL_CA:
|
|
specificError = "Certificate cannot be used as an SSL CA.";
|
|
break;
|
|
case NS_CERT_TYPE_EMAIL:
|
|
specificError = "Certificate cannot be used for SMIME.";
|
|
break;
|
|
case NS_CERT_TYPE_EMAIL_CA:
|
|
specificError = "Certificate cannot be used as an SMIME CA.";
|
|
break;
|
|
case NS_CERT_TYPE_OBJECT_SIGNING:
|
|
specificError = "Certificate cannot be used for object signing.";
|
|
break;
|
|
case NS_CERT_TYPE_OBJECT_SIGNING_CA:
|
|
specificError = "Certificate cannot be used as an object signing CA.";
|
|
break;
|
|
default:
|
|
specificError = "[unknown usage].";
|
|
break;
|
|
}
|
|
break;
|
|
case SEC_ERROR_UNKNOWN_ISSUER:
|
|
specificError = "Unknown issuer:";
|
|
issuer = node->cert->issuerName;
|
|
break;
|
|
case SEC_ERROR_UNTRUSTED_ISSUER:
|
|
specificError = "Untrusted issuer:";
|
|
issuer = node->cert->issuerName;
|
|
break;
|
|
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
|
|
specificError = "Expired issuer certificate:";
|
|
issuer = node->cert->issuerName;
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
if (specificError)
|
|
SAL_INFO("xmlsecurity.xmlsec", specificError);
|
|
if (issuer)
|
|
SAL_INFO("xmlsecurity.xmlsec", issuer);
|
|
}
|
|
}
|
|
}
|
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|