You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by su...@apache.org on 2019/06/21 22:50:39 UTC
[trafficserver] 02/03: Use SSL_version() directly instead of
SSL_get_version() which returns a string (Thanks @maskit for the pointer).
This is an automated email from the ASF dual-hosted git repository.
sudheerv pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit cac7766f7483e70040ec81164d2a8cde5a9c4233
Author: Sudheer Vinukonda <su...@apache.org>
AuthorDate: Thu Jun 20 12:42:20 2019 -0700
Use SSL_version() directly instead of SSL_get_version() which returns a string
(Thanks @maskit for the pointer).
---
iocore/net/P_SSLNetVConnection.h | 3 +--
iocore/net/SSLNetVConnection.cc | 45 ++++++++++++++++++----------------------
2 files changed, 21 insertions(+), 27 deletions(-)
diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h
index d093e73..bea84aa 100644
--- a/iocore/net/P_SSLNetVConnection.h
+++ b/iocore/net/P_SSLNetVConnection.h
@@ -355,8 +355,6 @@ public:
int populate_protocol(std::string_view *results, int n) const override;
const char *protocol_contains(std::string_view tag) const override;
- void increment_ssl_version_metric(const char *version) const;
-
/**
* Populate the current object based on the socket information in in the
* con parameter and the ssl object in the arg parameter
@@ -403,6 +401,7 @@ public:
private:
std::string_view map_tls_protocol_to_tag(const char *proto_string) const;
bool update_rbio(bool move_to_socket);
+ void increment_ssl_version_metric(int version) const;
enum SSLHandshakeStatus sslHandshakeStatus = SSL_HANDSHAKE_ONGOING;
bool sslClientRenegotiationAbort = false;
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 4d9444b..7a460ca 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1271,7 +1271,7 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err)
const unsigned char *proto = nullptr;
unsigned len = 0;
- increment_ssl_version_metric(getSSLProtocol());
+ increment_ssl_version_metric(SSL_version(ssl));
// If it's possible to negotiate both NPN and ALPN, then ALPN
// is preferred since it is the server's preference. The server
@@ -1814,32 +1814,27 @@ SSLNetVConnection::populate(Connection &con, Continuation *c, void *arg)
}
void
-SSLNetVConnection::increment_ssl_version_metric(const char *version) const
+SSLNetVConnection::increment_ssl_version_metric(int version) const
{
- if (version) {
- // openSSL guarantees the case of the protocol string.
- if (version[0] == 'T' && version[1] == 'L' && version[2] == 'S' && version[3] == 'v' && version[4] == '1') {
- if (version[5] == 0) {
- SSL_INCREMENT_DYN_STAT(ssl_total_tlsv1);
- } else if (version[5] == '.' && version[7] == 0) {
- switch (version[6]) {
- case '1':
- SSL_INCREMENT_DYN_STAT(ssl_total_tlsv11);
- break;
- case '2':
- SSL_INCREMENT_DYN_STAT(ssl_total_tlsv12);
- break;
- case '3':
- SSL_INCREMENT_DYN_STAT(ssl_total_tlsv13);
- break;
- default:
- break;
- }
- }
- }
- } else if (version[0] == 'S' && version[1] == 'S' && version[2] == 'L' && version[3] == 'v' && version[4] == '3' &&
- version[5] == 0) {
+ switch (version) {
+ case SSL3_VERSION:
SSL_INCREMENT_DYN_STAT(ssl_total_sslv3);
+ break;
+ case TLS1_VERSION:
+ SSL_INCREMENT_DYN_STAT(ssl_total_tlsv1);
+ break;
+ case TLS1_1_VERSION:
+ SSL_INCREMENT_DYN_STAT(ssl_total_tlsv11);
+ break;
+ case TLS1_2_VERSION:
+ SSL_INCREMENT_DYN_STAT(ssl_total_tlsv12);
+ break;
+ case TLS1_3_VERSION:
+ SSL_INCREMENT_DYN_STAT(ssl_total_tlsv13);
+ break;
+ default:
+ Debug("ssl", "Unrecognized SSL version %d", version);
+ break;
}
}