You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bc...@apache.org on 2019/04/24 01:02:49 UTC
[trafficserver] branch master updated: cppcheck: Fixed various
issues with SSL files
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new d124a49 cppcheck: Fixed various issues with SSL files
d124a49 is described below
commit d124a4978438a7559588e1a82d04df7b8766a926
Author: Bryan Call <bc...@apache.org>
AuthorDate: Tue Apr 23 15:15:02 2019 +0800
cppcheck: Fixed various issues with SSL files
Cleaned up checking pointer for null twice
Removed copy constructors on class
Fixed scoped variables with the same name
---
iocore/net/SSLClientUtils.cc | 7 ++++---
iocore/net/SSLSessionCache.h | 3 +++
iocore/net/SSLSessionTicket.cc | 7 +++----
3 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc
index 2a0023f..41aa534 100644
--- a/iocore/net/SSLClientUtils.cc
+++ b/iocore/net/SSLClientUtils.cc
@@ -50,11 +50,12 @@ verify_callback(int signature_ok, X509_STORE_CTX *ctx)
SSLNetVConnection *netvc = SSLNetVCAccess(ssl);
// No enforcing, go away
- if (netvc && netvc->options.verifyServerPolicy == YamlSNIConfig::Policy::DISABLED) {
- return true; // Tell them that all is well
- } else if (!netvc) { // No netvc, very bad. Go away. Things are not good.
+ if (netvc == nullptr) {
+ // No netvc, very bad. Go away. Things are not good.
Warning("Netvc gone by in verify_callback");
return false;
+ } else if (netvc->options.verifyServerPolicy == YamlSNIConfig::Policy::DISABLED) {
+ return true; // Tell them that all is well
}
depth = X509_STORE_CTX_get_error_depth(ctx);
diff --git a/iocore/net/SSLSessionCache.h b/iocore/net/SSLSessionCache.h
index 5a5d50f..a32809c 100644
--- a/iocore/net/SSLSessionCache.h
+++ b/iocore/net/SSLSessionCache.h
@@ -153,6 +153,9 @@ public:
SSLSessionCache();
~SSLSessionCache();
+ SSLSessionCache(const SSLSessionCache &) = delete;
+ SSLSessionCache &operator=(const SSLSessionCache &) = delete;
+
private:
SSLSessionBucket *session_bucket = nullptr;
size_t nbuckets;
diff --git a/iocore/net/SSLSessionTicket.cc b/iocore/net/SSLSessionTicket.cc
index 151c64a..07eea13 100644
--- a/iocore/net/SSLSessionTicket.cc
+++ b/iocore/net/SSLSessionTicket.cc
@@ -57,13 +57,13 @@ ssl_callback_session_ticket(SSL *ssl, unsigned char *keyname, unsigned char *iv,
{
SSLCertificateConfig::scoped_config lookup;
SSLTicketKeyConfig::scoped_config params;
- SSLNetVConnection *netvc = SSLNetVCAccess(ssl);
+ SSLNetVConnection &netvc = *SSLNetVCAccess(ssl);
// Get the IP address to look up the keyblock
IpEndpoint ip;
int namelen = sizeof(ip);
SSLCertContext *cc = nullptr;
- if (0 == safe_getsockname(netvc->get_socket(), &ip.sa, &namelen)) {
+ if (0 == safe_getsockname(netvc.get_socket(), &ip.sa, &namelen)) {
cc = lookup->find(ip);
}
ssl_ticket_key_block *keyblock = nullptr;
@@ -99,8 +99,7 @@ ssl_callback_session_ticket(SSL *ssl, unsigned char *keyname, unsigned char *iv,
SSL_INCREMENT_DYN_STAT(ssl_total_tickets_verified_old_key_stat);
}
- SSLNetVConnection *netvc = SSLNetVCAccess(ssl);
- netvc->setSSLSessionCacheHit(true);
+ netvc.setSSLSessionCacheHit(true);
// When we decrypt with an "older" key, encrypt the ticket again with the most recent key.
return (i == 0) ? 1 : 2;
}