From 19232716307e143f63ad97e373d1aa33de8a2e58 Mon Sep 17 00:00:00 2001
From: Nick Peng <pymumu@gmail.com>
Date: Sun, 9 Aug 2020 18:01:33 +0800
Subject: [PATCH] compile: fix comile warnings

---
 src/dns.h        |  2 +-
 src/dns_client.c | 44 ++++++++++++++++++++++++++++++--------------
 src/dns_conf.c   |  5 ++---
 3 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/src/dns.h b/src/dns.h
index 366050b5f0..d42aa73cb6 100644
--- a/src/dns.h
+++ b/src/dns.h
@@ -110,7 +110,7 @@ struct dns_head {
 	unsigned short ancount; /* number of answer entries */
 	unsigned short nscount; /* number of authority entries */
 	unsigned short nrcount; /* number of addititional resource entries */
-} __attribute__((packed));
+} __attribute__((packed, aligned(2)));
 
 struct dns_rrs {
 	unsigned short next;
diff --git a/src/dns_client.c b/src/dns_client.c
index 4f7bf4ce4e..f5742067e3 100644
--- a/src/dns_client.c
+++ b/src/dns_client.c
@@ -860,7 +860,7 @@ static int _dns_client_server_add(char *server_ip, char *server_host, int port,
 		}
 
 		SSL_CTX_set_options(server_info->ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
-
+		SSL_CTX_set_session_cache_mode(server_info->ssl_ctx, SSL_SESS_CACHE_CLIENT);
 		if (_dns_client_set_trusted_cert(server_info->ssl_ctx) != 0) {
 			tlog(TLOG_WARN, "disable check certificate for %s.", server_info->ip);
 			server_info->skip_check_cert = 1;
@@ -2115,11 +2115,30 @@ static int _dns_client_tls_matchName(const char *host, const char *pattern, int
 	return match;
 }
 
+static int _dns_client_tls_get_cert_CN(X509 *cert, char *cn, int max_cn_len) {
+	X509_NAME *cert_name = NULL;
+
+	cert_name = X509_get_subject_name(cert);
+	if (cert_name == NULL) {
+		tlog(TLOG_ERROR, "get subject name failed.");
+		goto errout;
+	}
+
+	if (X509_NAME_get_text_by_NID(cert_name, NID_commonName, cn, max_cn_len) == -1) {
+		tlog(TLOG_ERROR, "cannot found x509 name");
+		goto errout;
+	}
+
+	return 0;
+
+errout:
+	return -1;
+}
+
 static int _dns_client_tls_verify(struct dns_server_info *server_info)
 {
 	X509 *cert = NULL;
 	X509_PUBKEY *pubkey = NULL;
-	X509_NAME *cert_name = NULL;
 	char peer_CN[256];
 	char cert_fingerprint[256];
 	int i = 0;
@@ -2143,24 +2162,20 @@ static int _dns_client_tls_verify(struct dns_server_info *server_info)
 	if (server_info->skip_check_cert == 0) {
 		long res = SSL_get_verify_result(server_info->ssl);
 		if (res != X509_V_OK) {
-			tlog(TLOG_WARN, "peer server certificate verify failed.");
+			peer_CN[0] = '\0';
+			_dns_client_tls_get_cert_CN(cert, peer_CN, sizeof(peer_CN));
+			tlog(TLOG_WARN, "peer server %s certificate verify failed", server_info->ip);
+			tlog(TLOG_WARN, "peer CN: %s", peer_CN);
 			goto errout;
 		}
 	}
 
-	cert_name = X509_get_subject_name(cert);
-	if (cert_name == NULL) {
-		tlog(TLOG_ERROR, "get subject name failed.");
-		goto errout;
-	}
-
-	if (X509_NAME_get_text_by_NID(cert_name, NID_commonName, peer_CN, 256) == -1) {
-		tlog(TLOG_ERROR, "cannot found x509 name");
+	if (_dns_client_tls_get_cert_CN(cert, peer_CN, sizeof(peer_CN)) != 0) {
+		tlog(TLOG_ERROR, "get cert CN failed.");
 		goto errout;
 	}
 
 	tlog(TLOG_DEBUG, "peer CN: %s", peer_CN);
-
 	/* check tls host */
 	tls_host_verify = _dns_client_server_get_tls_host_verify(server_info);
 	if (tls_host_verify) {
@@ -2311,7 +2326,7 @@ static int _dns_client_process_tls(struct dns_server_info *server_info, struct e
 
 		server_info->status = DNS_SERVER_STATUS_CONNECTED;
 		memset(&fd_event, 0, sizeof(fd_event));
-		fd_event.events = EPOLLIN;
+		fd_event.events = EPOLLIN | EPOLLOUT;
 		fd_event.data.ptr = server_info;
 		if (epoll_ctl(client.epoll_fd, EPOLL_CTL_MOD, server_info->fd, &fd_event) != 0) {
 			tlog(TLOG_ERROR, "epoll ctl failed, %s", strerror(errno));
@@ -2531,11 +2546,12 @@ static int _dns_client_send_packet(struct dns_query_struct *query, void *packet,
 	struct dns_server_group_member *tmp = NULL;
 	int ret = 0;
 	int send_err = 0;
+	int i = 0;
 
 	query->send_tick = get_tick_count();
 
 	/* send query to all dns servers */
-	for (int i = 0; i < 2; i++) {
+	for (i = 0; i < 2; i++) {
 		pthread_mutex_lock(&client.server_list_lock);
 		list_for_each_entry_safe(group_member, tmp, &query->server_group->head, list)
 		{
diff --git a/src/dns_conf.c b/src/dns_conf.c
index 6812753301..28d9e4fd8b 100644
--- a/src/dns_conf.c
+++ b/src/dns_conf.c
@@ -262,6 +262,7 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
 		return -1;
 	}
 
+	ip = argv[1];
 	if (index >= DNS_MAX_SERVERS) {
 		tlog(TLOG_WARN, "exceeds max server number, %s", ip);
 		return 0;
@@ -274,8 +275,6 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
 	server->httphost[0] = '\0';
 	server->tls_host_verify[0] = '\0';
 
-	ip = argv[1];
-
 	if (type == DNS_SERVER_HTTPS) {
 		if (parse_uri(ip, NULL, server->server, &port, server->path) != 0) {
 			return -1;
@@ -871,6 +870,7 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
 		goto errout;
 	}
 
+	ip = argv[1];
 	if (index >= DNS_MAX_SERVERS) {
 		tlog(TLOG_WARN, "exceeds max server number, %s", ip);
 		return 0;
@@ -879,7 +879,6 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
 	bind_ip = &dns_conf_bind_ip[index];
 	bind_ip->type = type;
 	bind_ip->flags = 0;
-	ip = argv[1];
 	safe_strncpy(bind_ip->ip, ip, DNS_MAX_IPLEN);
 
 	/* process extra options */