LCOV - code coverage report
Current view: top level - source/extensions/transport_sockets/tls/cert_validator - utility.cc (source / functions) Hit Total Coverage
Test: coverage.dat Lines: 0 8 0.0 %
Date: 2024-01-05 06:35:25 Functions: 0 2 0.0 % 

          Line data    Source code
       1             : #include "source/extensions/transport_sockets/tls/cert_validator/utility.h"
       2             : 
       3             : namespace Envoy {
       4             : namespace Extensions {
       5             : namespace TransportSockets {
       6             : namespace Tls {
       7             : 
       8             : // When the minimum supported BoringSSL includes
       9             : // https://boringssl-review.googlesource.com/c/boringssl/+/53965, remove this and have
      10             : // callers just set `X509_V_FLAG_NO_CHECK_TIME` directly.
      11             : #if !defined(X509_V_FLAG_NO_CHECK_TIME)
      12             : namespace {
      13             : int ignoreCertificateExpirationCallback(int ok, X509_STORE_CTX* store_ctx) {
      14             :   if (!ok) {
      15             :     int err = X509_STORE_CTX_get_error(store_ctx);
      16             :     if (err == X509_V_ERR_CERT_HAS_EXPIRED || err == X509_V_ERR_CERT_NOT_YET_VALID) {
      17             :       return 1;
      18             :     }
      19             :   }
      20             :   return ok;
      21             : }
      22             : } // namespace
      23             : #endif
      24             : 
      25           0 : void CertValidatorUtil::setIgnoreCertificateExpiration(X509_STORE_CTX* store_ctx) {
      26           0 : #if defined(X509_V_FLAG_NO_CHECK_TIME)
      27           0 :   X509_STORE_CTX_set_flags(store_ctx, X509_V_FLAG_NO_CHECK_TIME);
      28             : #else
      29             :   X509_STORE_CTX_set_verify_cb(store_ctx, ignoreCertificateExpirationCallback);
      30             : #endif
      31           0 : }
      32             : 
      33           0 : void CertValidatorUtil::setIgnoreCertificateExpiration(X509_STORE* store) {
      34           0 : #if defined(X509_V_FLAG_NO_CHECK_TIME)
      35           0 :   X509_STORE_set_flags(store, X509_V_FLAG_NO_CHECK_TIME);
      36             : #else
      37             :   X509_STORE_set_verify_cb(store, ignoreCertificateExpirationCallback);
      38             : #endif
      39           0 : }
      40             : 
      41             : } // namespace Tls
      42             : } // namespace TransportSockets
      43             : } // namespace Extensions
      44             : } // namespace Envoy

Generated by: LCOV version 1.15