Add -Wconditional-uninitialized to clang strict warnings.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Configure

@@ -101,13 +101,13 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare
 
 # These are used in addition to $gcc_devteam_warn when the compiler is clang.
 # TODO(openssl-team): fix problems and investigate if (at least) the
-# following warnings can also be enabled: -Wconditional-uninitialized,
+# following warnings can also be enabled:
 # -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers,
 # -Wmissing-variable-declarations,
 # -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align,
 # -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
 # -Wextended-offsetof
-my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
+my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments";
 
 my $strict_warnings = 0;
 

apps/s_client.c

@@ -656,7 +656,7 @@ int s_client_main(int argc, char **argv)
     int prexit = 0;
     int enable_timeouts = 0, sdebug = 0, peerlen = sizeof peer;
     int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0;
-    int ret = 1, in_init = 1, i, nbio_test = 0, s, k, width, state = 0;
+    int ret = 1, in_init = 1, i, nbio_test = 0, s = -1, k, width, state = 0;
     int sbuf_len, sbuf_off, socket_type = SOCK_STREAM, cmdletters = 1;
     int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
     int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;

apps/verify.c

@@ -272,37 +272,35 @@ static int check(X509_STORE *ctx, char *file,
     if (crls)
         X509_STORE_CTX_set0_crls(csc, crls);
     i = X509_verify_cert(csc);
-    if (i > 0 && show_chain) {
+    if (i > 0) {
-        chain = X509_STORE_CTX_get1_chain(csc);
+        printf("OK\n");
-        num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
+        ret = 1;
+	if (show_chain) {
+	    chain = X509_STORE_CTX_get1_chain(csc);
+	    num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
+	    printf("Chain:\n");
+	    for (i = 0; i < sk_X509_num(chain); i++) {
+		X509 *cert = sk_X509_value(chain, i);
+		printf("depth=%d: ", i);
+		X509_NAME_print_ex_fp(stdout,
+				      X509_get_subject_name(cert),
+				      0, XN_FLAG_ONELINE);
+		if (i < num_untrusted)
+		    printf(" (untrusted)");
+		printf("\n");
+	    }
+	    sk_X509_pop_free(chain, X509_free);
+	}
     }
     X509_STORE_CTX_free(csc);
 
     ret = 0;
  end:
-    if (i > 0) {
+    if (i <= 0)
-        printf("OK\n");
+	ERR_print_errors(bio_err);
-        ret = 1;
-    } else
-        ERR_print_errors(bio_err);
-    if (chain) {
-        printf("Chain:\n");
-        for (i = 0; i < sk_X509_num(chain); i++) {
-            X509 *cert = sk_X509_value(chain, i);
-            printf("depth=%d: ", i);
-            X509_NAME_print_ex_fp(stdout,
-                                  X509_get_subject_name(cert),
-                                  0, XN_FLAG_ONELINE);
-            if (i < num_untrusted) {
-                printf(" (untrusted)");
-            }
-            printf("\n");
-        }
-        sk_X509_pop_free(chain, X509_free);
-    }
     X509_free(x);
 
-    return (ret);
+    return ret;
 }
 
 static int cb(int ok, X509_STORE_CTX *ctx)