You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bn...@apache.org on 2021/10/27 18:59:56 UTC
[trafficserver] branch master updated: ssl_verify_test:
clang-analyzer fix to account for nul sni_name (#8462)
This is an automated email from the ASF dual-hosted git repository.
bnolsen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 9bbed6e ssl_verify_test: clang-analyzer fix to account for nul sni_name (#8462)
9bbed6e is described below
commit 9bbed6eecd19b242bf40ae73dc993c7ddc6ce089
Author: Brian Olsen <bn...@gmail.com>
AuthorDate: Wed Oct 27 12:59:46 2021 -0600
ssl_verify_test: clang-analyzer fix to account for nul sni_name (#8462)
---
tests/tools/plugins/ssl_verify_test.cc | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/tests/tools/plugins/ssl_verify_test.cc b/tests/tools/plugins/ssl_verify_test.cc
index 1cc35ae..2ef3187 100644
--- a/tests/tools/plugins/ssl_verify_test.cc
+++ b/tests/tools/plugins/ssl_verify_test.cc
@@ -46,24 +46,27 @@ CB_server_verify(TSCont cont, TSEvent event, void *edata)
int count = reinterpret_cast<intptr_t>(TSContDataGet(cont));
// Is this a good name or not?
- TSEvent reenable_event = TS_EVENT_CONTINUE;
- TSSslConnection sslobj = TSVConnSslConnectionGet(ssl_vc);
- SSL *ssl = reinterpret_cast<SSL *>(sslobj);
- const char *sni_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+ TSEvent reenable_event = TS_EVENT_CONTINUE;
+ TSSslConnection const sslobj = TSVConnSslConnectionGet(ssl_vc);
+ SSL const *const ssl = reinterpret_cast<SSL *>(sslobj);
+ char const *const sni_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
if (sni_name) {
std::string sni_string(sni_name);
if (bad_names.find(sni_string) != bad_names.end()) {
reenable_event = TS_EVENT_ERROR;
}
- }
- TSDebug(PN, "Server verify callback %d %p - event is %s SNI=%s %s", count, ssl_vc,
- event == TS_EVENT_SSL_VERIFY_SERVER ? "good" : "bad", sni_name,
- reenable_event == TS_EVENT_ERROR ? "error HS" : "good HS");
+ TSDebug(PN, "Server verify callback %d %p - event is %s SNI=%s %s", count, ssl_vc,
+ event == TS_EVENT_SSL_VERIFY_SERVER ? "good" : "bad", sni_name,
+ reenable_event == TS_EVENT_ERROR ? "error HS" : "good HS");
- int len;
- const char *method2_name = TSVConnSslSniGet(ssl_vc, &len);
- TSDebug(PN, "Server verify callback SNI APIs match=%s", 0 == strncmp(method2_name, sni_name, len) ? "true" : "false");
+ int len;
+ char const *const method2_name = TSVConnSslSniGet(ssl_vc, &len);
+ TSDebug(PN, "Server verify callback SNI APIs match=%s", 0 == strncmp(method2_name, sni_name, len) ? "true" : "false");
+ } else {
+ TSDebug(PN, "SSL_get_servername failed");
+ reenable_event = TS_EVENT_ERROR;
+ }
// All done, reactivate things
TSVConnReenableEx(ssl_vc, reenable_event);