From 8210ccba08072a58c750c8f85160c8825f4708f7 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Wed, 22 Jan 2025 10:08:55 +0000
Subject: [PATCH 1/3] sll_protocol may be be16

Google's fuzzer platform blows a warning

/src/libwebsockets/lib/plat/unix/unix-sockets.c:497:21: warning: implicit conversion loses integer precision: 'uint32_t' (aka 'unsigned int') to '__be16' (aka 'unsigned short') [-Wimplicit-int-conversion]
  497 |         sll.sll_protocol = (uint32_t)(htons((uint16_t)0x800));

From e0c312c20248b2c7f509216e3b3463dc372fc114 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Wed, 22 Jan 2025 10:15:29 +0000
Subject: [PATCH 2/3] google-fuzzer: avoid warnings about c / c++ size diff

---
 lib/secure-streams/private-lib-secure-streams.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/secure-streams/private-lib-secure-streams.h b/lib/secure-streams/private-lib-secure-streams.h
index 332e16634..c46af3218 100644
--- a/lib/secure-streams/private-lib-secure-streams.h
+++ b/lib/secure-streams/private-lib-secure-streams.h
@@ -132,17 +132,17 @@ typedef struct lws_ss_handle {
 
 			union {
 				struct { /* LWSSSP_H1 */
-#if defined(WIN32)
+#if defined(WIN32) || defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
 					uint8_t dummy;
 #endif
 				} h1;
 				struct { /* LWSSSP_H2 */
-#if defined(WIN32)
+#if defined(WIN32) || defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
 					uint8_t dummy;
 #endif
 				} h2;
 				struct { /* LWSSSP_WS */
-#if defined(WIN32)
+#if defined(WIN32) || defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
 					uint8_t dummy;
 #endif
 				} ws;

From d6de6840eb52c4cadeab7693c540d52ba6567493 Mon Sep 17 00:00:00 2001
From: Alexandre Snarskii <snar@snar.spb.ru>
Date: Wed, 22 Jan 2025 18:21:43 +0200
Subject: [PATCH 3/3] adjust ssl verification and options after context change

---
 lib/tls/openssl/openssl-server.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/tls/openssl/openssl-server.c b/lib/tls/openssl/openssl-server.c
index e98b9c941..f4f31bb75 100644
--- a/lib/tls/openssl/openssl-server.c
+++ b/lib/tls/openssl/openssl-server.c
@@ -141,6 +141,17 @@ lws_ssl_server_name_cb(SSL *ssl, int *ad, void *arg)
 	/* select the ssl ctx from the selected vhost for this conn */
 	SSL_set_SSL_CTX(ssl, vhost->tls.ssl_ctx);
 
+	/* also, adjust other things we care about */
+	SSL_set_verify(ssl, SSL_CTX_get_verify_mode(vhost->tls.ssl_ctx),
+		SSL_CTX_get_verify_callback(vhost->tls.ssl_ctx));
+	SSL_set_verify_depth(ssl, SSL_CTX_get_verify_depth(vhost->tls.ssl_ctx));
+
+#if OPENSSL_VERSION_NUMBER >= 0x009080dfL
+	SSL_clear_options(ssl, SSL_get_options(ssl) &
+		~SSL_CTX_get_options(vhost->tls.ssl_ctx));
+#endif
+	SSL_set_options(ssl, SSL_CTX_get_options(vhost->tls.ssl_ctx));
+
 	return SSL_TLSEXT_ERR_OK;
 }
 #endif