GCC Code Coverage Report

Directory: cvmfs/
File: cvmfs/ssl.cc
Date: 2025-06-22 02:36:02
Exec Total Coverage
Lines: 39 52 75.0%
Branches: 51 127 40.2%
Line Branch Exec Source
1 /**
2 * This file is part of the CernVM File System.
3 */
4
5 #include "ssl.h"
6
7 #include <dirent.h>
8
9 #include <cstdlib>
10 #include <string>
11 #include <vector>
12
13 #include "duplex_curl.h"
14 #include "util/platform.h"
15 #include "util/posix.h"
16 #include "util/string.h"
17
18 namespace {
19
20 1227 bool HasCertificates(const std::string &directory) {
21 1227 DIR *dirp = opendir(directory.c_str());
22
1/2
✗ Branch 0 not taken.
✓ Branch 1 taken 1227 times.
 1227 if (!dirp)
23 return false;
24
25 platform_dirent64 *dirent;
26
1/2
✓ Branch 1 taken 3681 times.
✗ Branch 2 not taken.
 3681 while ((dirent = platform_readdir(dirp))) {
27
3/6
✓ Branch 2 taken 3681 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 3681 times.
✗ Branch 6 not taken.
✓ Branch 8 taken 3681 times.
✗ Branch 9 not taken.
 7362 const std::string filename(directory + "/" + std::string(dirent->d_name));
28
29 platform_stat64 stat;
30
1/2
✗ Branch 2 not taken.
✓ Branch 3 taken 3681 times.
 3681 if (platform_stat(filename.c_str(), &stat) != 0)
31 continue;
32
3/4
✓ Branch 0 taken 2454 times.
✓ Branch 1 taken 1227 times.
✓ Branch 2 taken 2454 times.
✗ Branch 3 not taken.
 3681 if (!(S_ISREG(stat.st_mode) || S_ISLNK(stat.st_mode)))
33 2454 continue;
34
35
3/12
✓ Branch 1 taken 1227 times.
✗ Branch 2 not taken.
✗ Branch 3 not taken.
✓ Branch 4 taken 1227 times.
✗ Branch 5 not taken.
✗ Branch 6 not taken.
✓ Branch 7 taken 1227 times.
✗ Branch 8 not taken.
✗ Branch 9 not taken.
✗ Branch 10 not taken.
✗ Branch 12 not taken.
✗ Branch 13 not taken.
 2454 if (HasSuffix(filename, ".pem", /* ignore case = */ false)
36
8/22
✓ Branch 2 taken 1227 times.
✗ Branch 3 not taken.
✓ Branch 4 taken 1227 times.
✗ Branch 5 not taken.
✗ Branch 7 not taken.
✓ Branch 8 taken 1227 times.
✗ Branch 9 not taken.
✗ Branch 10 not taken.
✓ Branch 11 taken 1227 times.
✗ Branch 12 not taken.
✓ Branch 13 taken 1227 times.
✗ Branch 14 not taken.
✓ Branch 15 taken 1227 times.
✗ Branch 16 not taken.
✓ Branch 18 taken 1227 times.
✗ Branch 19 not taken.
✓ Branch 21 taken 1227 times.
✗ Branch 22 not taken.
✗ Branch 23 not taken.
✗ Branch 24 not taken.
✗ Branch 26 not taken.
✗ Branch 27 not taken.
 2454 || HasSuffix(filename, ".crt", /* ignore case = */ false)) {
37
1/2
✓ Branch 1 taken 1227 times.
✗ Branch 2 not taken.
 1227 closedir(dirp);
38 1227 return true;
39 }
40
2/3
✗ Branch 1 not taken.
✓ Branch 2 taken 2454 times.
✓ Branch 3 taken 1227 times.
 3681 }
41
42 closedir(dirp);
43 return false;
44 }
45
46 } // namespace
47
48
49 6413 SslCertificateStore::SslCertificateStore() {
50 6413 const char *ca_path_env = getenv("X509_CERT_DIR");
51
1/4
✗ Branch 0 not taken.
✓ Branch 1 taken 6413 times.
✗ Branch 2 not taken.
✗ Branch 3 not taken.
 6413 if (ca_path_env && *ca_path_env)
52 ca_path_ = ca_path_env;
53 else
54
1/2
✓ Branch 1 taken 6413 times.
✗ Branch 2 not taken.
 6413 ca_path_ = "/etc/grid-security/certificates";
55 6413 const char *ca_bundle_env = getenv("X509_CERT_BUNDLE");
56
1/4
✗ Branch 0 not taken.
✓ Branch 1 taken 6413 times.
✗ Branch 2 not taken.
✗ Branch 3 not taken.
 6413 if (ca_bundle_env && *ca_bundle_env)
57 ca_bundle_ = ca_bundle_env;
58 6413 }
59
60
61 bool SslCertificateStore::ApplySslCertificatePath(CURL *handle) const {
62 const CURLcode res1 =
63 curl_easy_setopt(handle, CURLOPT_CAPATH, ca_path_.c_str());
64 CURLcode res2 = CURLE_OK;
65 if (!ca_bundle_.empty())
66 res2 = curl_easy_setopt(handle, CURLOPT_CAINFO, ca_bundle_.c_str());
67
68 return (res1 == CURLE_OK) && (res2 == CURLE_OK);
69 }
70
71
72 1227 void SslCertificateStore::UseSystemCertificatePath() {
73 1227 std::vector<std::string> candidates;
74
75
2/4
✓ Branch 2 taken 1227 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 1227 times.
✗ Branch 6 not taken.
 1227 candidates.push_back("/etc/ssl/certs");
76
2/4
✓ Branch 2 taken 1227 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 1227 times.
✗ Branch 6 not taken.
 1227 candidates.push_back("/etc/pki/tls/certs");
77
2/4
✓ Branch 2 taken 1227 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 1227 times.
✗ Branch 6 not taken.
 1227 candidates.push_back("/etc/ssl");
78
2/4
✓ Branch 2 taken 1227 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 1227 times.
✗ Branch 6 not taken.
 1227 candidates.push_back("/etc/pki/tls");
79
2/4
✓ Branch 2 taken 1227 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 1227 times.
✗ Branch 6 not taken.
 1227 candidates.push_back("/etc/pki/ca-trust/extracted/pem");
80
2/4
✓ Branch 2 taken 1227 times.
✗ Branch 3 not taken.
✓ Branch 5 taken 1227 times.
✗ Branch 6 not taken.
 1227 candidates.push_back("/etc/ssl");
81
82
1/2
✓ Branch 1 taken 1227 times.
✗ Branch 2 not taken.
 1227 for (unsigned i = 0; i < candidates.size(); ++i) {
83
2/4
✓ Branch 2 taken 1227 times.
✗ Branch 3 not taken.
✓ Branch 4 taken 1227 times.
✗ Branch 5 not taken.
 1227 if (HasCertificates(candidates[i])) {
84
1/2
✓ Branch 2 taken 1227 times.
✗ Branch 3 not taken.
 1227 const std::string bundle_candidate = candidates[i] + "/ca-bundle.crt";
85 1227 if (ca_bundle_.empty()
86
4/8
✓ Branch 0 taken 1227 times.
✗ Branch 1 not taken.
✓ Branch 3 taken 1227 times.
✗ Branch 4 not taken.
✓ Branch 5 taken 1227 times.
✗ Branch 6 not taken.
✓ Branch 7 taken 1227 times.
✗ Branch 8 not taken.
 2454 && (FileExists(bundle_candidate)
87
2/4
✓ Branch 1 taken 1227 times.
✗ Branch 2 not taken.
✓ Branch 3 taken 1227 times.
✗ Branch 4 not taken.
 1227 || SymlinkExists(bundle_candidate))) {
88
1/2
✓ Branch 1 taken 1227 times.
✗ Branch 2 not taken.
 1227 ca_bundle_ = bundle_candidate;
89 }
90
1/2
✓ Branch 2 taken 1227 times.
✗ Branch 3 not taken.
 1227 ca_path_ = candidates[i];
91 1227 return;
92 1227 }
93 }
94
95 // fallback
96 ca_path_ = candidates[0];
97
1/2
✗ Branch 1 not taken.
✓ Branch 2 taken 1227 times.
 1227 }
98