fix style

This commit is contained in:
Pervakov Grigorii 2024-03-21 08:58:20 +00:00
parent 6b50f5bf10
commit 570dc32b07
2 changed files with 33 additions and 26 deletions

View File

@ -22,7 +22,6 @@ int callSetCertificate(SSL * ssl, [[maybe_unused]] void * arg)
}
/// This is callback for OpenSSL. It will be called on every connection to obtain a certificate and private key.
int CertificateReloader::setCertificate(SSL * ssl)
{
@ -30,31 +29,37 @@ int CertificateReloader::setCertificate(SSL * ssl)
if (!current)
return -1;
if (current->certs_chain.size() < 1)
if (current->certs_chain.empty())
return -1;
int ret;
ret = SSL_clear_chain_certs(ssl);
if (!ret)
return ret;
ret = SSL_use_certificate(ssl, const_cast<X509 *>(current->certs_chain[0].certificate()));
if (!ret)
return ret;
for (auto cert = current->certs_chain.begin() + 1; cert != current->certs_chain.end(); cert++) {
ret = SSL_add1_chain_cert(ssl, const_cast<X509 *>(cert->certificate()));
if (!ret)
return ret;
}
ret = SSL_use_PrivateKey(ssl, const_cast<EVP_PKEY *>(static_cast<const EVP_PKEY *>(current->key)));
int err = SSL_check_private_key(ssl);
if (err != 1)
if (auto err = SSL_clear_chain_certs(ssl))
{
std::string msg = Poco::Net::Utility::getLastError();
LOG_ERROR(log, "Unusable key-pair {}", msg);
LOG_ERROR(log, "Clear certificates {}", Poco::Net::Utility::getLastError());
return -1;
}
if (auto err = SSL_use_certificate(ssl, const_cast<X509 *>(current->certs_chain[0].certificate())))
{
LOG_ERROR(log, "Use certificate {}", Poco::Net::Utility::getLastError());
return -1;
}
for (auto cert = current->certs_chain.begin() + 1; cert != current->certs_chain.end(); cert++)
{
if (auto err = SSL_add1_chain_cert(ssl, const_cast<X509 *>(cert->certificate())))
{
LOG_ERROR(log, "Add certificate to chain {}", Poco::Net::Utility::getLastError());
return -1;
}
}
if (auto err = SSL_use_PrivateKey(ssl, const_cast<EVP_PKEY *>(static_cast<const EVP_PKEY *>(current->key))))
{
LOG_ERROR(log, "Use private key {}", Poco::Net::Utility::getLastError());
return -1;
}
if (auto err = SSL_check_private_key(ssl))
{
LOG_ERROR(log, "Unusable key-pair {}", Poco::Net::Utility::getLastError());
return -1;
}
return 1;
}

View File

@ -166,10 +166,12 @@ def test_chain_reload():
"""Check cert chain reload"""
check_certificate_switch("first", "WithChain")
assert (
node.exec_in_container([
"bash",
"-c",
"openssl s_client -showcerts -servername localhost -connect localhost:8443 </dev/null 2>/dev/null | grep 'BEGIN CERTIFICATE' | wc -l",
])
node.exec_in_container(
[
"bash",
"-c",
"openssl s_client -showcerts -servername localhost -connect localhost:8443 </dev/null 2>/dev/null | grep 'BEGIN CERTIFICATE' | wc -l",
]
)
== "2\n"
)