Skip to content

Refactor TLS SSL context configuration#7974

Draft
Copilot wants to merge 10 commits into
mainfrom
copilot/refactor-ssl-context-usage
Draft

Refactor TLS SSL context configuration#7974
Copilot wants to merge 10 commits into
mainfrom
copilot/refactor-ssl-context-usage

Conversation

Copilot AI commented Jun 24, 2026
edited by eddyashton
Loading

Copy link
Copy Markdown
Contributor

Closes #3461.

TLS connections configured both SSL_CTX and SSL directly, even though SSL inherits connection options from its context. This refactors setup so each connection’s SSL_CTX is fully configured before creating the per-connection SSL.

  • Context-first TLS setup

    • Delay SSL creation until after certificate, verification, and ALPN configuration is applied to SSL_CTX.
    • Keep connection-specific setup, such as SNI, on SSL.

  • Clear certificate configuration phases

    • Split certificate application into explicit context and connection phases: 
      cert->configure_context(cfg);
create_ssl();
cert->configure_connection(get_ssl());

  • Safer OpenSSL handling

    • Add checks for touched OpenSSL calls and allocations.
    • Use RAII during BIO setup until ownership is transferred to OpenSSL.

  • Focused coverage

    • Add a TLS unit test confirming verification mode is inherited by the created SSL connection.

Copilot AI and others added 8 commits June 24, 2026 21:03
@achamayou
Refactor TLS SSL context usage
d9798fa 
Co-authored-by: achamayou <4016369+achamayou@users.noreply.github.com>
@achamayou
Address TLS review feedback
a6fb403 
Co-authored-by: achamayou <4016369+achamayou@users.noreply.github.com>
@achamayou
Make TLS setup checks explicit
1094824 
Co-authored-by: achamayou <4016369+achamayou@users.noreply.github.com>
@achamayou
Address final TLS validation feedback
9f76d8d 
Co-authored-by: achamayou <4016369+achamayou@users.noreply.github.com>
@achamayou
Clean up TLS SSL use helper
e6c6f51 
Co-authored-by: achamayou <4016369+achamayou@users.noreply.github.com>
@achamayou
Protect TLS BIO setup with RAII
14cf880 
Co-authored-by: achamayou <4016369+achamayou@users.noreply.github.com>
@achamayou
Add TLS SSL null checks
cb62231 
Co-authored-by: achamayou <4016369+achamayou@users.noreply.github.com>
@achamayou
Clarify TLS certificate configuration phases
1b0c1c1 
Co-authored-by: achamayou <4016369+achamayou@users.noreply.github.com>
Copilot AI changed the title [WIP] Refactor use of SSL context objects Refactor TLS SSL context configuration Jun 24, 2026
Copilot AI requested a review from achamayou June 24, 2026 21:15
@achamayou

achamayou commented Jun 25, 2026

Copy link
Copy Markdown
Member

@copilot resolve the merge conflicts in this pull request

@achamayou
Merge main and resolve TLS conflicts
766754b 
Co-authored-by: achamayou <4016369+achamayou@users.noreply.github.com>

Copilot AI commented Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

@copilot resolve the merge conflicts in this pull request

Resolved the merge conflicts in commit 766754b2b. Targeted validation passed with cmake --build build --target tls_test and ./build/tls_test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@achamayou achamayou Awaiting requested review from achamayou
Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

@achamayou achamayou

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Refactor use of SSL context objects

2 participants

@achamayou