Fix tests [2] --filter=[core][unit] --verbose

matyhtf · matyhtf · commit 79617a9b1ebe · 2025-05-18T07:44:09.000+08:00
diff --git a/core-tests/src/server/server.cpp b/core-tests/src/server/server.cpp
@@ -2270,9 +2270,7 @@ static void test_clean_worker(Server::Mode mode) {
             ac.on_connect([&](AsyncClient *ac) { ac->send(SW_STRL(TEST_STR)); });
 
             ac.on_close([_serv](AsyncClient *ac) {
-                swoole_timer_after(100, [_serv, ac](TIMER_PARAMS) {
-                    _serv->shutdown();
-                });
+                swoole_timer_after(100, [_serv, ac](TIMER_PARAMS) { _serv->shutdown(); });
             });
 
             ac.on_error([](AsyncClient *ac) {});
diff --git a/src/protocol/ssl.cc b/src/protocol/ssl.cc
@@ -147,6 +147,10 @@ namespace swoole {
 #define HTTP2_H2_14_ALPN "\x05h2-14"
 #define HTTP1_NPN "\x08http/1.1"
 
+#define ssl_error(str, ...)                                                                                            \
+    long _ssl_error = ERR_get_error();                                                                                 \
+    swoole_warning(str ", Error: %s[%ld]", ##__VA_ARGS__, ERR_reason_error_string(_ssl_error), _ssl_error);
+
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 static int ssl_alpn_advertised(SSL *ssl, const uchar **out, uchar *outlen, const uchar *in, uint32_t inlen, void *arg) {
     unsigned int protos_len;
@@ -201,8 +205,7 @@ bool SSLContext::create() {
     }
     context = SSL_CTX_new(method);
     if (context == nullptr) {
-        int error = ERR_get_error();
-        swoole_warning("SSL_CTX_new() failed, Error: %s[%d]", ERR_reason_error_string(error), error);
+        ssl_error("SSL_CTX_new() failed");
         return false;
     }
 
@@ -310,23 +313,15 @@ bool SSLContext::create() {
          * set the local certificate from CertFile
          */
         if (SSL_CTX_use_certificate_file(context, cert_file.c_str(), SSL_FILETYPE_PEM) <= 0) {
-            int error = ERR_get_error();
-            swoole_warning("SSL_CTX_use_certificate_file(%s) failed, Error: %s[%d]",
-                           cert_file.c_str(),
-                           ERR_reason_error_string(error),
-                           error);
+            ssl_error("SSL_CTX_use_certificate_file(%s) failed", cert_file.c_str());
             return true;
         }
         /*
          * if the crt file have many certificate entry ,means certificate chain
          * we need call this function
          */
         if (SSL_CTX_use_certificate_chain_file(context, cert_file.c_str()) <= 0) {
-            int error = ERR_get_error();
-            swoole_warning("SSL_CTX_use_certificate_chain_file(%s) failed, Error: %s[%d]",
-                           cert_file.c_str(),
-                           ERR_reason_error_string(error),
-                           error);
+            ssl_error("SSL_CTX_use_certificate_chain_file(%s) failed", cert_file.c_str());
             return false;
         }
     }
@@ -335,18 +330,14 @@ bool SSLContext::create() {
          * set the private key from KeyFile (may be the same as CertFile)
          */
         if (SSL_CTX_use_PrivateKey_file(context, key_file.c_str(), SSL_FILETYPE_PEM) <= 0) {
-            int error = ERR_get_error();
-            swoole_warning("SSL_CTX_use_PrivateKey_file(%s) failed, Error: %s[%d]",
-                           key_file.c_str(),
-                           ERR_reason_error_string(error),
-                           error);
+            ssl_error("SSL_CTX_use_PrivateKey_file(%s) failed", key_file.c_str());
             return false;
         }
         /*
          * verify private key
          */
         if (!SSL_CTX_check_private_key(context)) {
-            swoole_warning("Private key does not match the public certificate");
+            ssl_error("SSL_CTX_check_private_key() failed");
             return false;
         }
     }
@@ -370,6 +361,19 @@ bool SSLContext::create() {
     }
 
     if (http || http_v2) {
+        unsigned int protos_len;
+        const char *protos;
+        if (http_v2) {
+            protos = HTTP2_H2_ALPN HTTP1_NPN;
+            protos_len = sizeof(HTTP2_H2_ALPN HTTP1_NPN) - 1;
+        } else {
+            protos = HTTP1_NPN;
+            protos_len = sizeof(HTTP1_NPN) - 1;
+        }
+        if (SSL_CTX_set_alpn_protos(context, (const uchar *) protos, protos_len) < 0) {
+            ssl_error("SSL_CTX_set_alpn_protos(%s) failed", protos);
+            return false;
+        }
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
         SSL_CTX_set_alpn_select_cb(context, ssl_alpn_advertised, (void *) this);
 #endif
@@ -382,7 +386,6 @@ bool SSLContext::create() {
 #endif
 
     if (!client_cert_file.empty() && !set_client_certificate()) {
-        swoole_warning("set_client_certificate() error");
         return false;
     }
 
@@ -403,7 +406,7 @@ bool SSLContext::set_capath() {
         }
     } else {
         if (!SSL_CTX_set_default_verify_paths(context)) {
-            swoole_warning("Unable to set default verify locations and no CA settings specified");
+            ssl_error("SSL_CTX_set_default_verify_paths() failed");
             return false;
         }
     }
@@ -422,11 +425,12 @@ bool SSLContext::set_ciphers() {
 
     if (!ciphers.empty()) {
         if (SSL_CTX_set_cipher_list(context, ciphers.c_str()) == 0) {
-            swoole_warning("SSL_CTX_set_cipher_list(\"%s\") failed", ciphers.c_str());
+            ssl_error("SSL_CTX_set_cipher_list(\"%s\") failed", ciphers.c_str());
             return false;
         }
-        if (prefer_server_ciphers) {
-            SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE);
+        if (prefer_server_ciphers && !SSL_CTX_set_options(context, SSL_OP_CIPHER_SERVER_PREFERENCE)) {
+            ssl_error("SSL_CTX_set_options(SSL_OP_CIPHER_SERVER_PREFERENCE) failed");
+            return false;
         }
     }
 
@@ -454,14 +458,14 @@ bool SSLContext::set_client_certificate() {
     SSL_CTX_set_verify_depth(context, depth);
 
     if (SSL_CTX_load_verify_locations(context, cert_file, nullptr) == 0) {
-        swoole_warning("SSL_CTX_load_verify_locations(\"%s\") failed", cert_file);
+        ssl_error("SSL_CTX_load_verify_locations(\"%s\") failed", cert_file);
         return false;
     }
 
     ERR_clear_error();
     list = SSL_load_client_CA_file(cert_file);
     if (list == nullptr) {
-        swoole_warning("SSL_load_client_CA_file(\"%s\") failed", cert_file);
+        ssl_error("SSL_load_client_CA_file(\"%s\") failed", cert_file);
         return false;
     }
 
@@ -540,28 +544,28 @@ bool SSLContext::set_dhparam() {
 
     bio = BIO_new_file(file, "r");
     if (bio == nullptr) {
-        swoole_warning("BIO_new_file(%s) failed", file);
+        ssl_error("BIO_new_file(%s) failed", file);
         return false;
     }
 
 #if OPENSSL_VERSION_MAJOR >= 3
     EVP_PKEY *pkey = PEM_read_bio_Parameters(bio, nullptr);
     if (pkey == nullptr) {
-        swoole_warning("PEM_read_bio_Parameters('%s') failed", file);
+        ssl_error("PEM_read_bio_Parameters('%s') failed", file);
         BIO_free(bio);
         return false;
     }
 
     if (SSL_CTX_set0_tmp_dh_pkey(context, pkey) != 1) {
-        swoole_warning("SSL_CTX_set0_tmp_dh_pkey('%s') failed", file);
+        ssl_error("SSL_CTX_set0_tmp_dh_pkey('%s') failed", file);
         EVP_PKEY_free(pkey);
         BIO_free(bio);
         return false;
     }
 #else
     DH *dh = PEM_read_bio_DHparams(bio, nullptr, nullptr, nullptr);
     if (dh == nullptr) {
-        swoole_warning("PEM_read_bio_DHparams(%s) failed", file);
+        ssl_error("PEM_read_bio_DHparams(%s) failed", file);
         BIO_free(bio);
         return false;
     }
