fix style

ClickHouse · Mar 25, 2024 · 570dc32 · 570dc32
1 parent 6b50f5b
commit 570dc32
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 25 deletions.
diff --git a/src/Server/CertificateReloader.cpp b/src/Server/CertificateReloader.cpp
@@ -22,39 +22,44 @@ int callSetCertificate(SSL * ssl, [[maybe_unused]] void * arg)
 
 }
 
-
 /// This is callback for OpenSSL. It will be called on every connection to obtain a certificate and private key.
 int CertificateReloader::setCertificate(SSL * ssl)
 {
     auto current = data.get();
     if (!current)
         return -1;
 
-    if (current->certs_chain.size() < 1)
+    if (current->certs_chain.empty())
         return -1;
 
-    int ret;
-    ret = SSL_clear_chain_certs(ssl);
-    if (!ret)
-        return ret;
-    ret = SSL_use_certificate(ssl, const_cast<X509 *>(current->certs_chain[0].certificate()));
-    if (!ret)
-        return ret;
-    for (auto cert = current->certs_chain.begin() + 1; cert != current->certs_chain.end(); cert++) {
-        ret = SSL_add1_chain_cert(ssl, const_cast<X509 *>(cert->certificate()));
-        if (!ret)
-        return ret;
+    if (auto err = SSL_clear_chain_certs(ssl))
+    {
+        LOG_ERROR(log, "Clear certificates {}", Poco::Net::Utility::getLastError());
+        return -1;
     }
-    ret = SSL_use_PrivateKey(ssl, const_cast<EVP_PKEY *>(static_cast<const EVP_PKEY *>(current->key)));
-
-    int err = SSL_check_private_key(ssl);
-    if (err != 1)
+    if (auto err = SSL_use_certificate(ssl, const_cast<X509 *>(current->certs_chain[0].certificate())))
     {
-        std::string msg = Poco::Net::Utility::getLastError();
-        LOG_ERROR(log, "Unusable key-pair {}", msg);
+        LOG_ERROR(log, "Use certificate {}", Poco::Net::Utility::getLastError());
+        return -1;
+    }
+    for (auto cert = current->certs_chain.begin() + 1; cert != current->certs_chain.end(); cert++)
+    {
+        if (auto err = SSL_add1_chain_cert(ssl, const_cast<X509 *>(cert->certificate())))
+        {
+            LOG_ERROR(log, "Add certificate to chain {}", Poco::Net::Utility::getLastError());
+            return -1;
+        }
+    }
+    if (auto err = SSL_use_PrivateKey(ssl, const_cast<EVP_PKEY *>(static_cast<const EVP_PKEY *>(current->key))))
+    {
+        LOG_ERROR(log, "Use private key {}", Poco::Net::Utility::getLastError());
+        return -1;
+    }
+    if (auto err = SSL_check_private_key(ssl))
+    {
+        LOG_ERROR(log, "Unusable key-pair {}", Poco::Net::Utility::getLastError());
         return -1;
     }
-
     return 1;
 }
 

diff --git a/tests/integration/test_reload_certificate/test.py b/tests/integration/test_reload_certificate/test.py
@@ -166,10 +166,12 @@ def test_chain_reload():
     """Check cert chain reload"""
     check_certificate_switch("first", "WithChain")
     assert (
-        node.exec_in_container([
-            "bash",
-            "-c",
-            "openssl s_client -showcerts -servername localhost -connect localhost:8443 </dev/null 2>/dev/null | grep 'BEGIN CERTIFICATE' | wc -l",
-        ])
+        node.exec_in_container(
+            [
+                "bash",
+                "-c",
+                "openssl s_client -showcerts -servername localhost -connect localhost:8443 </dev/null 2>/dev/null | grep 'BEGIN CERTIFICATE' | wc -l",
+            ]
+        )
         == "2\n"
     )