This is an automated email from the ASF dual-hosted git repository. sudheerv pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit cac7766f7483e70040ec81164d2a8cde5a9c4233 Author: Sudheer Vinukonda <[email protected]> AuthorDate: Thu Jun 20 12:42:20 2019 -0700 Use SSL_version() directly instead of SSL_get_version() which returns a string (Thanks @maskit for the pointer). --- iocore/net/P_SSLNetVConnection.h | 3 +-- iocore/net/SSLNetVConnection.cc | 45 ++++++++++++++++++---------------------- 2 files changed, 21 insertions(+), 27 deletions(-) diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h index d093e73..bea84aa 100644 --- a/iocore/net/P_SSLNetVConnection.h +++ b/iocore/net/P_SSLNetVConnection.h @@ -355,8 +355,6 @@ public: int populate_protocol(std::string_view *results, int n) const override; const char *protocol_contains(std::string_view tag) const override; - void increment_ssl_version_metric(const char *version) const; - /** * Populate the current object based on the socket information in in the * con parameter and the ssl object in the arg parameter @@ -403,6 +401,7 @@ public: private: std::string_view map_tls_protocol_to_tag(const char *proto_string) const; bool update_rbio(bool move_to_socket); + void increment_ssl_version_metric(int version) const; enum SSLHandshakeStatus sslHandshakeStatus = SSL_HANDSHAKE_ONGOING; bool sslClientRenegotiationAbort = false; diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 4d9444b..7a460ca 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -1271,7 +1271,7 @@ SSLNetVConnection::sslServerHandShakeEvent(int &err) const unsigned char *proto = nullptr; unsigned len = 0; - increment_ssl_version_metric(getSSLProtocol()); + increment_ssl_version_metric(SSL_version(ssl)); // If it's possible to negotiate both NPN and ALPN, then ALPN // is preferred since it is the server's preference. The server @@ -1814,32 +1814,27 @@ SSLNetVConnection::populate(Connection &con, Continuation *c, void *arg) } void -SSLNetVConnection::increment_ssl_version_metric(const char *version) const +SSLNetVConnection::increment_ssl_version_metric(int version) const { - if (version) { - // openSSL guarantees the case of the protocol string. - if (version[0] == 'T' && version[1] == 'L' && version[2] == 'S' && version[3] == 'v' && version[4] == '1') { - if (version[5] == 0) { - SSL_INCREMENT_DYN_STAT(ssl_total_tlsv1); - } else if (version[5] == '.' && version[7] == 0) { - switch (version[6]) { - case '1': - SSL_INCREMENT_DYN_STAT(ssl_total_tlsv11); - break; - case '2': - SSL_INCREMENT_DYN_STAT(ssl_total_tlsv12); - break; - case '3': - SSL_INCREMENT_DYN_STAT(ssl_total_tlsv13); - break; - default: - break; - } - } - } - } else if (version[0] == 'S' && version[1] == 'S' && version[2] == 'L' && version[3] == 'v' && version[4] == '3' && - version[5] == 0) { + switch (version) { + case SSL3_VERSION: SSL_INCREMENT_DYN_STAT(ssl_total_sslv3); + break; + case TLS1_VERSION: + SSL_INCREMENT_DYN_STAT(ssl_total_tlsv1); + break; + case TLS1_1_VERSION: + SSL_INCREMENT_DYN_STAT(ssl_total_tlsv11); + break; + case TLS1_2_VERSION: + SSL_INCREMENT_DYN_STAT(ssl_total_tlsv12); + break; + case TLS1_3_VERSION: + SSL_INCREMENT_DYN_STAT(ssl_total_tlsv13); + break; + default: + Debug("ssl", "Unrecognized SSL version %d", version); + break; } }
