tls: introduce tls::certificate_data type alias declaration

scylladb · Jan 28, 2025 · 4678025 · 4678025
1 parent abfddd0
commit 4678025
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/include/seastar/net/tls.hh b/include/seastar/net/tls.hh
@@ -494,6 +494,8 @@ namespace tls {
     */
     future<std::vector<subject_alt_name>> get_alt_name_information(connected_socket& socket, std::unordered_set<subject_alt_name_type> types = {});
 
+    using certificate_data = std::vector<uint8_t>;
+
     /**
      * Get the raw certificate (chain) that the connected peer is using.
      * This function forces the TLS handshake. If the handshake didn't happen before the
@@ -503,7 +505,7 @@ namespace tls {
      * certificate during the handshake, the function returns an empty certificate chain.
      * If the socket is not connected the system_error exception will be thrown.
      */
-    future<std::vector<std::vector<uint8_t>>> get_peer_certificate_chain(connected_socket& socket);
+    future<std::vector<certificate_data>> get_peer_certificate_chain(connected_socket& socket);
 
     /**
      * Checks if the socket was connected using session resume.

diff --git a/src/net/tls.cc b/src/net/tls.cc
@@ -1790,7 +1790,7 @@ class session : public enable_lw_shared_from_this<session> {
         }, std::move(types));
     }
 
-    future<std::vector<std::vector<uint8_t>>> get_peer_certificate_chain() {
+    future<std::vector<certificate_data>> get_peer_certificate_chain() {
         return state_checked_access([this] {
             unsigned int list_size = 0;
             const gnutls_datum_t* client_cert_list = gnutls_certificate_get_peers(*this, &list_size);
@@ -1938,7 +1938,7 @@ class tls_connected_socket_impl : public net::connected_socket_impl, public sess
     future<std::vector<subject_alt_name>> get_alt_name_information(std::unordered_set<subject_alt_name_type> types) {
         return _session->get_alt_name_information(std::move(types));
     }
-    future<std::vector<std::vector<uint8_t>>> get_peer_certificate_chain() {
+    future<std::vector<certificate_data>> get_peer_certificate_chain() {
         return _session->get_peer_certificate_chain();
     }
     future<> wait_input_shutdown() override {
@@ -2132,7 +2132,7 @@ future<std::vector<tls::subject_alt_name>> tls::get_alt_name_information(connect
     return get_tls_socket(socket)->get_alt_name_information(std::move(types));
 }
 
-future<std::vector<std::vector<uint8_t>>> tls::get_peer_certificate_chain(connected_socket& socket) {
+future<std::vector<tls::certificate_data>> tls::get_peer_certificate_chain(connected_socket& socket) {
     return get_tls_socket(socket)->get_peer_certificate_chain();
 }
 

diff --git a/tests/unit/tls_test.cc b/tests/unit/tls_test.cc
@@ -1483,7 +1483,7 @@ SEASTAR_THREAD_TEST_CASE(test_peer_certificate_chain_handling) {
         c.shutdown_output();
 
         auto read_file = [](std::filesystem::path const& path) {
-            auto contents = std::vector<uint8_t>(std::filesystem::file_size(path));
+            auto contents = tls::certificate_data(std::filesystem::file_size(path));
             std::ifstream{path, std::ios_base::binary}.read(reinterpret_cast<char *>(contents.data()), contents.size());
             return contents;
         };