GCC Code Coverage Report

Directory: cvmfs/
File: cvmfs/ssl.cc
Date: 2025-11-09 02:35:23
Exec Total Coverage
Lines: 39 52 75.0%
Branches: 51 127 40.2%
Line Branch Exec Source
1 /**
2 * This file is part of the CernVM File System.
3 */
4
5 #include "ssl.h"
6
7 #include <dirent.h>
8
9 #include <cstdlib>
10 #include <string>
11 #include <vector>
12
13 #include "duplex_curl.h"
14 #include "util/platform.h"
15 #include "util/posix.h"
16 #include "util/string.h"
17
18 namespace {
19
20 946 bool HasCertificates(const std::string &directory) {
21 946 DIR *dirp = opendir(directory.c_str());
22
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 946 times.
 946 if (!dirp)
23 return false;
24
25 platform_dirent64 *dirent;
26
1/2
✓ Branch 1 taken 2838 times.
✗ Branch 2 not taken.
 2838 while ((dirent = platform_readdir(dirp))) {
27
3/6
✓ Branch 2 taken 2838 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 2838 times.
✗ Branch 6 not taken.
✓ Branch 8 taken 2838 times.
✗ Branch 9 not taken.
 5676 const std::string filename(directory + "/" + std::string(dirent->d_name));
28
29 platform_stat64 stat;
30
1/2
✗ Branch 2 not taken.
✓ Branch 3 taken 2838 times.
 2838 if (platform_stat(filename.c_str(), &stat) != 0)
31 continue;
32
3/4
✓ Branch 0 taken 1892 times.
✓ Branch 1 taken 946 times.
✓ Branch 2 taken 1892 times.
✗ Branch 3 not taken.
 2838 if (!(S_ISREG(stat.st_mode) || S_ISLNK(stat.st_mode)))
33 1892 continue;
34
35
3/12
✓ Branch 1 taken 946 times.
✗ Branch 2 not taken.
✗ Branch 3 not taken.
✓ Branch 4 taken 946 times.
✗ Branch 5 not taken.
✗ Branch 6 not taken.
✓ Branch 7 taken 946 times.
✗ Branch 8 not taken.
✗ Branch 9 not taken.
✗ Branch 10 not taken.
✗ Branch 12 not taken.
✗ Branch 13 not taken.
 1892 if (HasSuffix(filename, ".pem", /* ignore case = */ false)
36
8/22
✓ Branch 2 taken 946 times.
✗ Branch 3 not taken.
✓ Branch 4 taken 946 times.
✗ Branch 5 not taken.
✗ Branch 7 not taken.
✓ Branch 8 taken 946 times.
✗ Branch 9 not taken.
✗ Branch 10 not taken.
✓ Branch 11 taken 946 times.
✗ Branch 12 not taken.
✓ Branch 13 taken 946 times.
✗ Branch 14 not taken.
✓ Branch 15 taken 946 times.
✗ Branch 16 not taken.
✓ Branch 18 taken 946 times.
✗ Branch 19 not taken.
✓ Branch 21 taken 946 times.
✗ Branch 22 not taken.
✗ Branch 23 not taken.
✗ Branch 24 not taken.
✗ Branch 26 not taken.
✗ Branch 27 not taken.
 1892 || HasSuffix(filename, ".crt", /* ignore case = */ false)) {
37
1/2
✓ Branch 1 taken 946 times.
✗ Branch 2 not taken.
 946 closedir(dirp);
38 946 return true;
39 }
40
2/3
✗ Branch 1 not taken.
✓ Branch 2 taken 1892 times.
✓ Branch 3 taken 946 times.
 2838 }
41
42 closedir(dirp);
43 return false;
44 }
45
46 } // namespace
47
48
49 4613 SslCertificateStore::SslCertificateStore() {
50 4613 const char *ca_path_env = getenv("X509_CERT_DIR");
51
1/4
✗ Branch 0 not taken.
✓ Branch 1 taken 4613 times.
✗ Branch 2 not taken.
✗ Branch 3 not taken.
 4613 if (ca_path_env && *ca_path_env)
52 ca_path_ = ca_path_env;
53 else
54
1/2
✓ Branch 1 taken 4613 times.
✗ Branch 2 not taken.
 4613 ca_path_ = "/etc/grid-security/certificates";
55 4613 const char *ca_bundle_env = getenv("X509_CERT_BUNDLE");
56
1/4
✗ Branch 0 not taken.
✓ Branch 1 taken 4613 times.
✗ Branch 2 not taken.
✗ Branch 3 not taken.
 4613 if (ca_bundle_env && *ca_bundle_env)
57 ca_bundle_ = ca_bundle_env;
58 4613 }
59
60
61 bool SslCertificateStore::ApplySslCertificatePath(CURL *handle) const {
62 const CURLcode res1 = curl_easy_setopt(
63 handle, CURLOPT_CAPATH, ca_path_.c_str());
64 CURLcode res2 = CURLE_OK;
65 if (!ca_bundle_.empty())
66 res2 = curl_easy_setopt(handle, CURLOPT_CAINFO, ca_bundle_.c_str());
67
68 return (res1 == CURLE_OK) && (res2 == CURLE_OK);
69 }
70
71
72 946 void SslCertificateStore::UseSystemCertificatePath() {
73 946 std::vector<std::string> candidates;
74
75
2/4
✓ Branch 2 taken 946 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 946 times.
✗ Branch 6 not taken.
 946 candidates.push_back("/etc/ssl/certs");
76
2/4
✓ Branch 2 taken 946 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 946 times.
✗ Branch 6 not taken.
 946 candidates.push_back("/etc/pki/tls/certs");
77
2/4
✓ Branch 2 taken 946 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 946 times.
✗ Branch 6 not taken.
 946 candidates.push_back("/etc/ssl");
78
2/4
✓ Branch 2 taken 946 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 946 times.
✗ Branch 6 not taken.
 946 candidates.push_back("/etc/pki/tls");
79
2/4
✓ Branch 2 taken 946 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 946 times.
✗ Branch 6 not taken.
 946 candidates.push_back("/etc/pki/ca-trust/extracted/pem");
80
2/4
✓ Branch 2 taken 946 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 946 times.
✗ Branch 6 not taken.
 946 candidates.push_back("/etc/ssl");
81
82
1/2
✓ Branch 1 taken 946 times.
✗ Branch 2 not taken.
 946 for (unsigned i = 0; i < candidates.size(); ++i) {
83
2/4
✓ Branch 2 taken 946 times.
✗ Branch 3 not taken.
✓ Branch 4 taken 946 times.
✗ Branch 5 not taken.
 946 if (HasCertificates(candidates[i])) {
84
1/2
✓ Branch 2 taken 946 times.
✗ Branch 3 not taken.
 946 const std::string bundle_candidate = candidates[i] + "/ca-bundle.crt";
85 946 if (ca_bundle_.empty()
86
4/8
✓ Branch 0 taken 946 times.
✗ Branch 1 not taken.
✓ Branch 3 taken 946 times.
✗ Branch 4 not taken.
✓ Branch 5 taken 946 times.
✗ Branch 6 not taken.
✓ Branch 7 taken 946 times.
✗ Branch 8 not taken.
 1892 && (FileExists(bundle_candidate)
87
2/4
✓ Branch 1 taken 946 times.
✗ Branch 2 not taken.
✓ Branch 3 taken 946 times.
✗ Branch 4 not taken.
 946 || SymlinkExists(bundle_candidate))) {
88
1/2
✓ Branch 1 taken 946 times.
✗ Branch 2 not taken.
 946 ca_bundle_ = bundle_candidate;
89 }
90
1/2
✓ Branch 2 taken 946 times.
✗ Branch 3 not taken.
 946 ca_path_ = candidates[i];
91 946 return;
92 946 }
93 }
94
95 // fallback
96 ca_path_ = candidates[0];
97
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 946 times.
 946 }
98