Copilot commented on code in PR #12951:
URL: https://github.com/apache/trafficserver/pull/12951#discussion_r2913392000
##########
src/iocore/net/OCSPStapling.cc:
##########
@@ -1410,6 +1410,11 @@ ssl_callback_ocsp_stapling(SSL *ssl, void *)
return SSL_TLSEXT_ERR_NOACK;
} else {
unsigned char *p = static_cast<unsigned char
*>(OPENSSL_malloc(cinf->resp_derlen));
+ if (p == nullptr) {
+ ink_mutex_release(&cinf->stapling_mutex);
+ Dbg(dbg_ctl_ssl_ocsp, "ssl_callback_ocsp_stapling: failed to allocate
memory for %s", cinf->certname);
Review Comment:
The memory allocation failure is logged using `Dbg()` (debug level), but
throughout this file, allocation failures and other unexpected error conditions
are consistently logged using `Error()` (e.g., line 868: `Error("error
allocating memory for %s", certname)`). A failed `OPENSSL_malloc` is an
exceptional, operator-visible event — a client TLS handshake will silently
receive no OCSP stapling response, with no indication in production logs unless
debug logging is enabled. This should use `Error()` instead of `Dbg()` to be
consistent with the rest of the file and to ensure operators are notified of
memory pressure issues.
```suggestion
Error("ssl_callback_ocsp_stapling: failed to allocate memory for %s",
cinf->certname);
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
