Percona-Lab · lukin-oleksiy · May 19, 2026 · satya-bodapati · May 20, 2026 · satya-bodapati
diff --git a/kmipclient/CMakeLists.txt b/kmipclient/CMakeLists.txt
@@ -5,6 +5,68 @@ project(kmipclient)
 set(CMAKE_CXX_STANDARD 20)
 
 find_package(OpenSSL REQUIRED)
+
+option(KMIP_MAINTAINER_MODE "Enable strict compiler warnings for kmipclient targets" OFF)
+option(WARNINGS_AS_ERRORS "Treat compiler warnings as errors" OFF)
+
+function(kmip_enable_maintainer_warnings target_name)
+  if(NOT KMIP_MAINTAINER_MODE)
+    return()
+  endif()
+
+  if(MSVC)
+    target_compile_options(${target_name} PRIVATE /W4)
+    if(WARNINGS_AS_ERRORS)
+      target_compile_options(${target_name} PRIVATE /WX)
+    endif()
+    return()
+  endif()
+
+  if(CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+    target_compile_options(
+      ${target_name}
+      PRIVATE
+      -Weverything
+      -Wno-c++98-compat
+      -Wno-c++98-compat-pedantic
+      -Wno-pre-c++20-compat
+      -Wno-c++20-compat
+      -Wno-padded
+      -Wno-switch-enum
+      -Wno-unsafe-buffer-usage
+      -Wno-covered-switch-default
+      -Wno-documentation
+      -Wno-exit-time-destructors
+      -Wno-global-constructors
+      -Wno-missing-prototypes
+      -Wno-newline-eof
+      -Wno-nrvo
+      -Wno-weak-vtables
+    )
+  elseif(CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
+    target_compile_options(
+      ${target_name}
+      PRIVATE
+      -Wall
+      -Wextra
+      -Wpedantic
+      -Wcast-qual
+      -Wconversion
+      -Wdouble-promotion
+      -Wformat=2
+      -Wnull-dereference
+      -Woverloaded-virtual
+      -Wshadow
+      -Wsign-conversion
+      -Wundef
+      -Wuseless-cast
+    )
+  endif()
+
+  if(WARNINGS_AS_ERRORS)
+    target_compile_options(${target_name} PRIVATE -Werror)
+  endif()
+endfunction()
 find_package(Threads REQUIRED)
 
 add_library(
@@ -77,6 +139,7 @@ install(
 macro(add_example name)
   add_executable(example_${name} examples/example_${name}.cpp)
   target_link_libraries(example_${name} PRIVATE kmipclient)
+  kmip_enable_maintainer_warnings(example_${name})
 endmacro()
 
 add_example(create_aes)
@@ -115,6 +178,15 @@ if(BUILD_TESTS)
     FetchContent_MakeAvailable(googletest)
   endif()
 
+  if(CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+    if(TARGET gtest)
+      target_compile_options(gtest PRIVATE -Wno-character-conversion)
+    endif()
+    if(TARGET gtest_main)
+      target_compile_options(gtest_main PRIVATE -Wno-character-conversion)
+    endif()
+  endif()
+
   enable_testing()
 
   add_executable(
@@ -131,6 +203,7 @@ if(BUILD_TESTS)
     GTest::gtest_main
     kmipclient
   )
+  kmip_enable_maintainer_warnings(kmipclient_test)
 
   include(GoogleTest)
   gtest_discover_tests(kmipclient_test)

diff --git a/kmipclient/examples/example_activate.cpp b/kmipclient/examples/example_activate.cpp
@@ -42,7 +42,7 @@ int main(int argc, char **argv) {
   } catch (const std::exception &e) {
     std::cerr << "Can not activate key with id:" << argv[6]
               << " Cause: " << e.what() << std::endl;
-  };
+  }
 
   return -1;
 }
diff --git a/kmipclient/examples/example_get.cpp b/kmipclient/examples/example_get.cpp
@@ -58,7 +58,7 @@ int main(int argc, char **argv) {
     std::cerr << "Can not get key with id:" << argv[6] << " Cause: " << e.what()
               << std::endl;
     return 1;
-  };
+  }
 
   return 0;
 }
diff --git a/kmipclient/examples/example_get_all_ids.cpp b/kmipclient/examples/example_get_all_ids.cpp
@@ -44,7 +44,7 @@ int main(int argc, char **argv) {
     }
   } catch (const std::exception &e) {
     std::cerr << "Can not get keys." << " Cause: " << e.what() << std::endl;
-  };
+  }
 
   try {
     const auto opt_ids_s = client.op_all(object_type::KMIP_OBJTYPE_SECRET_DATA);
@@ -54,7 +54,7 @@ int main(int argc, char **argv) {
     }
   } catch (const std::exception &e) {
     std::cerr << "Can not get id-s. Cause: " << e.what() << std::endl;
-  };
+  }
 
   return 0;
 }
diff --git a/kmipclient/examples/example_get_attributes.cpp b/kmipclient/examples/example_get_attributes.cpp
@@ -74,7 +74,7 @@ int main(int argc, char **argv) {
     std::cerr << "Can not get key with id:" << argv[6] << " Cause: " << e.what()
               << std::endl;
     return -1;
-  };
+  }
 
   return 0;
 }
diff --git a/kmipclient/examples/example_get_name.cpp b/kmipclient/examples/example_get_name.cpp
@@ -53,7 +53,7 @@ int main(int argc, char **argv) {
     std::cerr << "Can not get name or group for id:" << argv[6]
               << " Cause: " << e.what() << std::endl;
     return -1;
-  };
+  }
 
   return 0;
 }
diff --git a/kmipclient/examples/example_get_secret.cpp b/kmipclient/examples/example_get_secret.cpp
@@ -57,7 +57,7 @@ int main(int argc, char **argv) {
     std::cerr << "Can not get secret with id:" << argv[6]
               << " Cause: " << e.what() << std::endl;
     return -1;
-  };
+  }
 
   return 0;
 }
diff --git a/kmipclient/examples/example_get_tls_verify.cpp b/kmipclient/examples/example_get_tls_verify.cpp
@@ -114,7 +114,7 @@ int main(int argc, char **argv) {
     std::cerr << "Can not get key with id:" << argv[6] << " Cause: " << e.what()
               << std::endl;
     return 1;
-  };
+  }
 
   return 0;
 }
diff --git a/kmipclient/examples/example_locate.cpp b/kmipclient/examples/example_locate.cpp
@@ -51,7 +51,7 @@ int main(int argc, char **argv) {
     std::cerr << "Can not get keys with name:" << argv[6]
               << " Cause: " << e.what() << std::endl;
     return 1;
-  };
+  }
 
   try {
     const auto opt_ids_s = client.op_locate_by_name(
@@ -65,7 +65,7 @@ int main(int argc, char **argv) {
     std::cerr << "Can not get secrets with name:" << argv[6]
               << " Cause: " << e.what() << std::endl;
     return 1;
-  };
+  }
 
   return 0;
 }
diff --git a/kmipclient/examples/example_locate_by_group.cpp b/kmipclient/examples/example_locate_by_group.cpp
@@ -51,7 +51,7 @@ int main(int argc, char **argv) {
     std::cerr << "Can not get keys with group name:" << argv[6]
               << " Cause: " << e.what() << std::endl;
     return -1;
-  };
+  }
 
   try {
     const auto opt_ids_s = client.op_locate_by_group(
@@ -65,7 +65,7 @@ int main(int argc, char **argv) {
     std::cerr << "Can not get secrets with group name:" << argv[6]
               << " Cause: " << e.what() << std::endl;
     return -1;
-  };
+  }
 
   return 0;
 }
diff --git a/kmipclient/examples/example_pool.cpp b/kmipclient/examples/example_pool.cpp
@@ -75,6 +75,7 @@ int main(int argc, char **argv) {
           .client_cert = client_cert,
           .client_key = client_key,
           .server_ca_cert = server_ca_cert,
+          .logger = nullptr,
           .timeout_ms = 5000,
           .max_connections = static_cast<size_t>(max_pool_size),
       }
@@ -84,7 +85,7 @@ int main(int argc, char **argv) {
   // Spawn threads – each borrows a connection, uses it, returns it.
   // ------------------------------------------------------------------
   std::vector<std::thread> threads;
-  threads.reserve(num_threads);
+  threads.reserve(static_cast<std::size_t>(num_threads));
 
   for (int i = 0; i < num_threads; ++i) {
     threads.emplace_back([&pool, &key_name_prefix, i]() {

diff --git a/kmipclient/examples/example_register_key.cpp b/kmipclient/examples/example_register_key.cpp
@@ -86,7 +86,7 @@ int main(int argc, char **argv) {
     std::cerr << "Can not register key:" << argv[6] << " Cause: " << e.what()
               << std::endl;
     return -1;
-  };
+  }
 
   return 0;
 }
diff --git a/kmipclient/examples/example_revoke.cpp b/kmipclient/examples/example_revoke.cpp
@@ -48,6 +48,6 @@ int main(int argc, char **argv) {
     std::cerr << "Can not get key with id:" << argv[6] << " Cause: " << e.what()
               << std::endl;
     return -1;
-  };
+  }
   return 0;
 }
diff --git a/kmipclient/include/kmipclient/Kmip.hpp b/kmipclient/include/kmipclient/Kmip.hpp
@@ -79,7 +79,7 @@ namespace kmipclient {
         )),
         m_client(m_net_client, logger, version, close_on_destroy) {
       m_net_client->connect();
-    };
+    }
 
     /**
      * @brief Destroys the facade, closing the transport if close_on_destroy is true.
@@ -99,23 +99,25 @@ namespace kmipclient {
      * @brief Returns the initialized high-level KMIP client.
      * @return Mutable reference to the owned @ref KmipClient.
      */
-    KmipClient &client() { return m_client; };
+    KmipClient &client() { return m_client; }
 
     /**
      * @brief Returns const reference to the client.
      */
-    [[nodiscard]] const KmipClient &client() const { return m_client; };
+    [[nodiscard]] const KmipClient &client() const { return m_client; }
 
     /**
      * @brief Returns reference to the underlying transport.
      * Use with care; generally prefer client() for KMIP operations.
      */
-    NetClientOpenSSL &transport() { return *m_net_client; };
+    NetClientOpenSSL &transport() { return *m_net_client; }
 
     /**
      * @brief Returns const reference to the underlying transport.
      */
-    [[nodiscard]] const NetClientOpenSSL &transport() const { return *m_net_client; };
+    [[nodiscard]] const NetClientOpenSSL &transport() const {
+      return *m_net_client;
+    }
 
     /**
      * @brief Queries the close_on_destroy setting.

diff --git a/kmipclient/include/kmipclient/NetClient.hpp b/kmipclient/include/kmipclient/NetClient.hpp
@@ -68,15 +68,15 @@ namespace kmipclient {
         m_clientCertificateFn(clientCertificateFn),
         m_clientKeyFn(clientKeyFn),
         m_serverCaCertificateFn(serverCaCertFn),
-        m_timeout_ms(timeout_ms) {};
+        m_timeout_ms(timeout_ms) {}
 
     /** @brief Virtual destructor for interface-safe cleanup. */
     virtual ~NetClient() = default;
     // no copy, no move
     NetClient(const NetClient &) = delete;
-    virtual NetClient &operator=(const NetClient &) = delete;
+    NetClient &operator=(const NetClient &) = delete;
     NetClient(NetClient &&) = delete;
-    virtual NetClient &operator=(NetClient &&) = delete;
+    NetClient &operator=(NetClient &&) = delete;
     /**
      * @brief Establishes network/TLS connection to the KMIP server.
      *        Must honor @ref m_timeout_ms for connect + handshake phases.

diff --git a/kmipclient/include/kmipclient/kmipclient_version.hpp b/kmipclient/include/kmipclient/kmipclient_version.hpp
@@ -25,7 +25,7 @@
 /** @brief kmipclient semantic version minor component. */
 #define KMIPCLIENT_VERSION_MINOR 2
 /** @brief kmipclient semantic version patch component. */
-#define KMIPCLIENT_VERSION_PATCH 1
+#define KMIPCLIENT_VERSION_PATCH 3
 
 /** @brief Internal helper for macro-stringification. */
 #define KMIPCLIENT_STRINGIFY_I(x) #x

diff --git a/kmipclient/src/IOUtils.hpp b/kmipclient/src/IOUtils.hpp
@@ -34,7 +34,7 @@ namespace kmipclient {
     explicit IOUtils(
         NetClient &nc, const std::shared_ptr<kmipcore::Logger> &logger = {}
     )
-      : net_client(nc), logger_(logger) {};
+      : net_client(nc), logger_(logger) {}
 
     void do_exchange(
         const std::vector<uint8_t> &request_bytes,

diff --git a/kmipclient/src/KmipClient.cpp b/kmipclient/src/KmipClient.cpp
@@ -72,24 +72,24 @@ namespace kmipclient {
   }
 
   KmipClient::KmipClient(
-      NetClient &net_client,
+      NetClient &transport,
       const std::shared_ptr<kmipcore::Logger> &logger,
       kmipcore::ProtocolVersion version,
       bool close_on_destroy
   )
-    : net_client(&net_client),
-      io(std::make_unique<IOUtils>(net_client, logger)),
+    : net_client(&transport),
+      io(std::make_unique<IOUtils>(transport, logger)),
       version_(version),
       close_on_destroy_(close_on_destroy) {};
 
   KmipClient::KmipClient(
-      std::shared_ptr<NetClient> net_client,
+      std::shared_ptr<NetClient> transport,
       const std::shared_ptr<kmipcore::Logger> &logger,
       kmipcore::ProtocolVersion version,
       bool close_on_destroy
   )
-    : net_client(net_client.get()),
-      net_client_owner_(std::move(net_client)),
+    : net_client(transport.get()),
+      net_client_owner_(std::move(transport)),
       io(),
       version_(version),
       close_on_destroy_(close_on_destroy) {

diff --git a/kmipclient/src/NetClientOpenSSL.cpp b/kmipclient/src/NetClientOpenSSL.cpp
@@ -428,8 +428,8 @@ namespace kmipclient {
     configure_tls_verification(new_ctx.get(), ssl, m_host, m_tls_verification);
 
     SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
-    BIO_set_conn_hostname(new_bio.get(), m_host.c_str());
-    BIO_set_conn_port(new_bio.get(), m_port.c_str());
+    BIO_set_conn_hostname(new_bio.get(), m_host.data());
+    BIO_set_conn_port(new_bio.get(), m_port.data());
 
     if (m_timeout_ms > 0) {
       if (BIO_set_nbio(new_bio.get(), 1) != 1) {
@@ -443,7 +443,7 @@ namespace kmipclient {
                             std::chrono::milliseconds(m_timeout_ms);
       for (;;) {
         ERR_clear_error();
-        const int connect_ret = BIO_do_connect(new_bio.get());
+        const auto connect_ret = BIO_do_connect(new_bio.get());
         if (connect_ret == 1) {
           break;
         }

diff --git a/kmipclient/src/PEMReader.cpp b/kmipclient/src/PEMReader.cpp
@@ -53,7 +53,7 @@ namespace kmipclient {
       OPENSSL_free(der);
 
       kmipcore::Attributes attrs;
-      attrs.set(KMIP_ATTR_NAME_NAME, "certificate");
+      attrs.set(KMIP_ATTR_NAME_NAME, std::string("certificate"));
       return X509Certificate(cert_bytes, std::move(attrs));
     }
 
@@ -78,7 +78,7 @@ namespace kmipclient {
       OPENSSL_free(der);
 
       kmipcore::Attributes attrs;
-      attrs.set(KMIP_ATTR_NAME_NAME, "private_key");
+      attrs.set(KMIP_ATTR_NAME_NAME, std::string("private_key"));
       return PrivateKey(key_bytes, std::move(attrs));
     }
 
@@ -103,7 +103,7 @@ namespace kmipclient {
       OPENSSL_free(der);
 
       kmipcore::Attributes attrs;
-      attrs.set(KMIP_ATTR_NAME_NAME, "public_key");
+      attrs.set(KMIP_ATTR_NAME_NAME, std::string("public_key"));
       return PublicKey(key_bytes, std::move(attrs));
     }