@@ -323,8 +323,8 @@ am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/clamav-config.h.in \

 	$(top_srcdir)/docs/man/sigtool.1.in \

 	$(top_srcdir)/libclammspack/config.h.in COPYING config/ar-lib \

 	config/compile config/config.guess config/config.rpath \

-	config/config.sub config/depcomp config/install-sh \

-	config/ltmain.sh config/missing config/ylwrap

+	config/config.sub config/install-sh config/ltmain.sh \

+	config/missing config/ylwrap

 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)

 distdir = $(PACKAGE)-$(VERSION)

 top_distdir = $(distdir)

@@ -29170,7 +29170,7 @@ $as_echo "$LIBCURL_HOME" >&6; }

         CURL_LIBS="-lcurl"

     fi

     save_LDFLAGS="$LDFLAGS"

-    LDFLAGS="$CURL_LDFLAGS $CURL_LIBS"

+    LDFLAGS="$CURL_LDFLAGS $CURL_LIBS $SSL_LDFLAGS $SSL_LIBS"

         for ac_prog in gawk mawk nawk awk

 do

@@ -418,7 +418,7 @@ static fc_error_t create_curl_handle(

 #if defined(C_DARWIN) || defined(_WIN32)

     if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function)) {

-        logg("!create_curl_handle: Failed to set SSL CTX function!\n");

+        logg("*create_curl_handle: Failed to set SSL CTX function. Your libcurl may use an SSL backend that does not support CURLOPT_SSL_CTX_FUNCTION.\n");

     }

 #endif

@@ -584,25 +584,25 @@ static fc_error_t remote_cvdhead(

        if both callbacks are set. */

         if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_XFERINFOFUNCTION, xferinfo)) {

-            logg("!create_curl_handle: Failed to set SSL CTX function!\n");

+            logg("!create_curl_handle: Failed to set transfer info function!\n");

         }

         /* pass the struct pointer into the xferinfo function, note that this is

-       an alias to CURLOPT_PROGRESSDATA */

+           an alias to CURLOPT_PROGRESSDATA */

         if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_XFERINFODATA, &prog)) {

-            logg("!create_curl_handle: Failed to set SSL CTX function!\n");

+            logg("!create_curl_handle: Failed to set transfer info data structure!\n");

         }

 #else

         if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, older_progress)) {

-            logg("!create_curl_handle: Failed to set SSL CTX function!\n");

+            logg("!create_curl_handle: Failed to set progress function!\n");

         }

         /* pass the struct pointer into the progress function */

         if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, &prog)) {

-            logg("!create_curl_handle: Failed to set SSL CTX function!\n");

+            logg("!create_curl_handle: Failed to set progress data structure!\n");

         }

 #endif

         if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L)) {

-            logg("!create_curl_handle: Failed to set SSL CTX function!\n");

+            logg("!create_curl_handle: Failed to disable progress function!\n");

         }

     }

@@ -847,25 +847,25 @@ static fc_error_t downloadFile(

        if both callbacks are set. */

         if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_XFERINFOFUNCTION, xferinfo)) {

-            logg("!create_curl_handle: Failed to set SSL CTX function!\n");

+            logg("!downloadFile: Failed to set transfer info function!\n");

         }

         /* pass the struct pointer into the xferinfo function, note that this is

        an alias to CURLOPT_PROGRESSDATA */

         if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_XFERINFODATA, &prog)) {

-            logg("!create_curl_handle: Failed to set SSL CTX function!\n");

+            logg("!downloadFile: Failed to set transfer info data structure!\n");

         }

 #else

         if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, older_progress)) {

-            logg("!create_curl_handle: Failed to set SSL CTX function!\n");

+            logg("!downloadFile: Failed to set progress function!\n");

         }

         /* pass the struct pointer into the progress function */

         if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, &prog)) {

-            logg("!create_curl_handle: Failed to set SSL CTX function!\n");

+            logg("!downloadFile: Failed to set progress data structure!\n");

         }

 #endif

         if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L)) {

-            logg("!create_curl_handle: Failed to set SSL CTX function!\n");

+            logg("!downloadFile: Failed to disable progress function!\n");

         }

     }

@@ -929,11 +929,11 @@ static fc_error_t downloadFile(

     /* Send all data to this function  */

     if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteFileCallback)) {

-        logg("!remote_cvdhead: Failed to set write-data fwrite callback function for curl session.\n");

+        logg("!downloadFile: Failed to set write-data fwrite callback function for curl session.\n");

     }

     if (CURLE_OK != curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&receivedFile)) {

-        logg("!remote_cvdhead: Failed to set write-data file handle for curl session.\n");

+        logg("!downloadFile: Failed to set write-data file handle for curl session.\n");

     }

     logg("*downloadFile: Download source:      %s\n", url);

@@ -47,7 +47,7 @@ if test "X$have_curl" = "Xyes"; then

         CURL_LIBS="-lcurl"

     fi

     save_LDFLAGS="$LDFLAGS"

-    LDFLAGS="$CURL_LDFLAGS $CURL_LIBS"

+    LDFLAGS="$CURL_LDFLAGS $CURL_LIBS $SSL_LDFLAGS $SSL_LIBS"

     dnl Following section modified from libcurl, Copyright (C) 2006, David Shaw, license under COPYING.curl

     AC_PROG_AWK

@@ -61,9 +61,9 @@ if test "X$have_curl" = "Xyes"; then

     curl_version=`echo $awk_curl_version | $curl_version_parse`

     dnl end of section

-    AM_COND_IF([BUILD_CLAMONACC], 

+    AM_COND_IF([BUILD_CLAMONACC],

                     dnl if version greater than (7.45)

-                    [if test $curl_version -ge 470272 ; then 

+                    [if test $curl_version -ge 470272 ; then

                         $enable_clamonacc="yes"

                     else

                         AC_MSG_ERROR([m4_normalize([

@@ -214,7 +214,7 @@ void cert_store_unload(void)

 #if OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ */

 static cl_error_t x509_cert_name_cmp(X509 *cert_a, X509 *cert_b, int *cmp_out)

 {

-    int rc = CL_EMEM;

+    cl_error_t status = CL_EMEM;

     X509_NAME *a = NULL;

     X509_NAME *b = NULL;

@@ -233,13 +233,24 @@ static cl_error_t x509_cert_name_cmp(X509 *cert_a, X509 *cert_b, int *cmp_out)

     if (!bio_out_b)

         goto done;

-    rc = X509_NAME_print_ex(bio_out_a, a, 0, XN_FLAG_SEP_SPLUS_SPC);

+    a = X509_get_subject_name(cert_a);

+

+    if (-1 == X509_NAME_print_ex(bio_out_a, a, 0, XN_FLAG_SEP_SPLUS_SPC)) {

+        mprintf("!Failed to print x509 certificate name!\n");

+        goto done;

+    }

     BIO_get_mem_ptr(bio_out_a, &biomem_a);

-    rc = X509_NAME_print_ex(bio_out_b, b, 0, XN_FLAG_SEP_SPLUS_SPC);

+    b = X509_get_subject_name(cert_b);

+

+    if (-1 == X509_NAME_print_ex(bio_out_b, b, 0, XN_FLAG_SEP_SPLUS_SPC)) {

+        mprintf("!Failed to print x509 certificate name!\n");

+        goto done;

+    }

     BIO_get_mem_ptr(bio_out_b, &biomem_b);

     *cmp_out = strncmp(biomem_a->data, biomem_b->data, MIN(biomem_a->length, biomem_b->length));

+    status   = CL_SUCCESS;

 done:

     if (NULL != bio_out_a)

@@ -247,19 +258,20 @@ done:

     if (NULL != bio_out_b)

         BIO_free(bio_out_b);

-    return !rc;

+    return status;

 }

 cl_error_t x509_get_cert_name(X509 *cert, char **name)

 {

-    int rc = CL_EMEM;

+    cl_error_t status = CL_EMEM;

     X509_NAME *a = NULL;

     BIO *bio_out = NULL;

     BUF_MEM *biomem;

+    char *cert_name = NULL;

     if (NULL == cert || NULL == name) {

-        rc = CL_EARG;

+        status = CL_EARG;

         goto done;

     }

@@ -269,21 +281,31 @@ cl_error_t x509_get_cert_name(X509 *cert, char **name)

     if (!bio_out)

         goto done;

-    rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC);

+    a = X509_get_subject_name(cert);

+

+    if (-1 == X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_SPLUS_SPC)) {

+        mprintf("!Failed to print x509 certificate name!\n");

+        goto done;

+    }

     BIO_get_mem_ptr(bio_out, &biomem);

-    *name = malloc(biomem->length + 1);

-    if (!name)

+    cert_name = malloc(biomem->length + 1);

+    if (!cert_name) {

+        mprintf("!Failed to allocate memory for certificate name biomem structure!\n");

         goto done;

+    }

+

+    memcpy(cert_name, biomem->data, biomem->length);

+    cert_name[biomem->length] = '\0';

-    memcpy(*name, biomem->data, biomem->length);

-    *name[biomem->length] = '\0';

+    *name  = cert_name;

+    status = CL_SUCCESS;

 done:

     if (NULL != bio_out)

         BIO_free(bio_out);

-    return !rc;

+    return status;

 }

 #endif