sectransp: fix compiler warning c89 mixed code/declaration

Since cbf57176 the Cirrus CI 'macOS arm64 SecureTransport http2' has been failing due to c89 warnings mixed code/declaration. That commit is not the cause so I assume something has changed in the CI outside of our configuration. Anyway, we don't mix code/declaration so this is the fix for that. Closes https://github.com/curl/curl/pull/10574
2025-09-16 00:52:42 +03:00 · 2023-02-20 23:28:14 -05:00 · 2023-02-20 23:28:14 -05:00 · 47129b2b4b
commit 47129b2b4b
parent c52f7a8946
1 changed files with 15 additions and 8 deletions
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@ -2202,16 +2202,18 @@ static int append_cert_to_array(struct Curl_easy *data,
                                const unsigned char *buf, size_t buflen,
                                CFMutableArrayRef array)
 {
-    CFDataRef certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
    char *certp;
    CURLcode result;
+    SecCertificateRef cacert;
+    CFDataRef certdata;
+
+    certdata = CFDataCreate(kCFAllocatorDefault, buf, buflen);
    if(!certdata) {
      failf(data, "SSL: failed to allocate array for CA certificate");
      return CURLE_OUT_OF_MEMORY;
    }

-    SecCertificateRef cacert =
-      SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
+    cacert = SecCertificateCreateWithData(kCFAllocatorDefault, certdata);
    CFRelease(certdata);
    if(!cacert) {
      failf(data, "SSL: failed to create SecCertificate from CA certificate");
@ -2425,11 +2427,15 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,

  do {
    SecTrustRef trust;
-    OSStatus ret = SSLCopyPeerTrust(ctx, &trust);
+    OSStatus ret;
+    SecKeyRef keyRef;
+    OSStatus success;
+
+    ret = SSLCopyPeerTrust(ctx, &trust);
    if(ret != noErr || !trust)
      break;

-    SecKeyRef keyRef = SecTrustCopyPublicKey(trust);
+    keyRef = SecTrustCopyPublicKey(trust);
    CFRelease(trust);
    if(!keyRef)
      break;
@ -2443,8 +2449,8 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data,

 #elif SECTRANSP_PINNEDPUBKEY_V2

-    OSStatus success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL,
-                                     &publicKeyBits);
+    success = SecItemExport(keyRef, kSecFormatOpenSSL, 0, NULL,
+                            &publicKeyBits);
    CFRelease(keyRef);
    if(success != errSecSuccess || !publicKeyBits)
      break;
@ -2987,12 +2993,13 @@ static CURLcode sectransp_connect_step3(struct Curl_cfilter *cf,
                                        struct Curl_easy *data)
 {
  struct ssl_connect_data *connssl = cf->ctx;
+  CURLcode result;

  DEBUGF(LOG_CF(data, cf, "connect_step3"));
  /* There is no step 3!
   * Well, okay, let's collect server certificates, and if verbose mode is on,
   * let's print the details of the server certificates. */
-  const CURLcode result = collect_server_cert(cf, data);
+  result = collect_server_cert(cf, data);
  if(result)
    return result;