bryancall commented on code in PR #12223:
URL: https://github.com/apache/trafficserver/pull/12223#discussion_r2112369067
##########
src/iocore/net/TLSBasicSupport.cc:
##########
@@ -185,6 +185,13 @@ TLSBasicSupport::set_cipher_suite([[maybe_unused]]
std::string const &cipher_sui
#endif
}
+void
+TLSBasicSupport::set_groups_list(std::string const &groups_list)
+{
+ auto ssl = this->_get_ssl_object();
+ SSL_set1_groups_list(ssl, groups_list.c_str());
Review Comment:
From the openssl docs:
`SSL_CTX_set1_groups(), SSL_CTX_set1_groups_list(), SSL_set1_groups(),
SSL_set1_groups_list(), and SSL_CTX_get0_implemented_groups() return 1 for
success and 0 for failure.`
I would change the API to `TLSBasicSupport::set_groups_list` to return a
bool - false for failure and true for success and then print an error message
stating that there is an invalid group list trying to be set and then print the
`group_list`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscr...@trafficserver.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
