mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-21 17:40:59 +01:00
Code Issues Projects Releases Wiki Activity

CLEANUP: ssl-sock: Remove useless tests on connection when resuming TLS session

Browse Source 
In ssl_sock_srv_try_reuse_sess(), the connection is always defined, to TCP
and QUIC connections. No reason to test it. Because it is not so obvious for
the QUIC part, a BUG_ON() could be added here. For now, just remove useless
tests.

This patch should fix a Coverity report from #3213.
This commit is contained in:
Christopher Faulet 2025-12-15 08:16:57 +01:00
parent d6b1d5f6e9
commit a25394b6c8
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl_sock.c
View File

@ -5701,7 +5701,7 @@ int ssl_sock_srv_try_reuse_sess(struct ssl_sock_ctx *ctx, struct server *srv)
/* No connection or the sni of the cached SSL session does not /* No connection or the sni of the cached SSL session does not
* match the one of the new connection, don't reuse the SSL session * match the one of the new connection, don't reuse the SSL session
*/ */
if (!conn || srv->ssl_ctx.reused_sess[tid].sni_hash != conn->sni_hash) if (srv->ssl_ctx.reused_sess[tid].sni_hash != conn->sni_hash)
goto out; goto out;
/* let's recreate a session from (ptr,size) and assign /* let's recreate a session from (ptr,size) and assign
@ -5752,7 +5752,7 @@ int ssl_sock_srv_try_reuse_sess(struct ssl_sock_ctx *ctx, struct server *srv)
/* No connection or the sni of the cached SSL session does not /* No connection or the sni of the cached SSL session does not
* match the one of the new connection, don't reuse the SSL session * match the one of the new connection, don't reuse the SSL session
*/ */
if (!conn || srv->ssl_ctx.reused_sess[old_tid-1].sni_hash != conn->sni_hash) { if (srv->ssl_ctx.reused_sess[old_tid-1].sni_hash != conn->sni_hash) {
HA_RWLOCK_RDUNLOCK(SSL_SERVER_LOCK, &srv->ssl_ctx.reused_sess[old_tid-1].sess_lock); HA_RWLOCK_RDUNLOCK(SSL_SERVER_LOCK, &srv->ssl_ctx.reused_sess[old_tid-1].sess_lock);
goto out; goto out;
} }