Skip to content

[CHANGED] TLS: Changed SSL_verify_cb to natsSSLVerifyCb #908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 11, 2025
Merged

[CHANGED] TLS: Changed SSL_verify_cb to natsSSLVerifyCb #908

merged 1 commit into from
Sep 11, 2025
+35 −49

Conversation

kozlovic
Copy link
Member

The callback uses a void* that the user should cast to a X509_STORE_CTX*.

This removes the nats.h dependency on NATS_HAS_TLS and openssl headers.

Programs that have a verification callback would have to modify it to change to a void* and do a cast, as described in the doc for the natsSSLVerifyCb verification callback.

I have tested that an application compiled dynamically (with 3.10.1) and code that directly uses the X509_STORE_CTX* would work without problems if linked to a library build with this code.

Signed-off-by: Ivan Kozlovic [email protected]

@kozlovic
[CHANGED] TLS: Changed SSL_verify_cb to natsSSLVerifyCb
5e99d1f 
The callback uses a `void*` that the user should cast to a `X509_STORE_CTX*`.

This removes the `nats.h` dependency on `NATS_HAS_TLS` and openssl headers.

Programs that have a verification callback would have to modify it
to change to a `void*` and do a cast, as described in the doc for
the `natsSSLVerifyCb` verification callback.

I have tested that an application compiled dynamically (with 3.10.1)
and code that directly uses the `X509_STORE_CTX*` would work without
problems if linked to a library build with this code.

Signed-off-by: Ivan Kozlovic <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Sep 10, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 75.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 70.18%. Comparing base (9ec900b) to head (5e99d1f).
⚠️ Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
src/opts.c 50.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #908      +/-   ##
==========================================
- Coverage   70.20%   70.18%   -0.03%     
==========================================
  Files          48       48              
  Lines       17242    17243       +1     
  Branches     3540     3540              
==========================================
- Hits        12105    12102       -3     
- Misses       1734     1737       +3     
- Partials     3403     3404       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@kozlovic kozlovic requested a review from mtmk September 10, 2025 23:39
@kozlovic kozlovic mentioned this pull request Sep 10, 2025
Closed
mtmk
mtmk approved these changes Sep 11, 2025
View reviewed changes
Copy link
Member

@mtmk mtmk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kozlovic kozlovic merged commit d93ba43 into main Sep 11, 2025
28 checks passed
@kozlovic kozlovic deleted the ssl_verify_cb branch September 11, 2025 17:50
github-actions bot pushed a commit that referenced this pull request Sep 11, 2025
@kozlovic @github-actions
[skip ci] Update docs: d93ba43: Merge pull request #908 from nats-io/…
c8469ee 
…ssl_verify_cb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtmk mtmk mtmk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kozlovic @mtmk