Swiftdiff options
| author | Tim Costen <tim.costen@isode.com> | 2019-09-06 10:32:12 (GMT) |
|---|---|---|
| committer | Tim Costen <tim.costen@isode.com> | 2019-09-19 15:27:01 (GMT) |
| commit | e58cf7d5d7d3bab330bccf6a098dd476fbf4dc86 (patch) | |
| tree | f3632c379e2d92022bdb8af5d980b44883cc2360 | |
| parent | 8051f94932b6932a2e3eb60a26c758fbfed6d6ad (diff) | |
| download | swift-e58cf7d5d7d3bab330bccf6a098dd476fbf4dc86.zip swift-e58cf7d5d7d3bab330bccf6a098dd476fbf4dc86.tar.bz2 | |
Add support for use of shared certificate chain when setting up TLS context
Actual implementation is in OpenSSL subclass. This allows a permanent
vector of shared certificates to be used when creating multiple OpenSSL
contexts. This replaces the existing use of a vector of unique pointers
to certificates which handed over responsibility for the underlying
OpenSSL certs to the OpenSSL context. To enable this to work, a
new method is added to the OpenSSLCertificate class which enables
the reference count on the the contained OpenSSL certificate to
be incremented - this stops the OpenSSL certificate being deleted
when the OpenSSL context is freed.
Use of conditional compilation was necessary to get the reference
counting to build with the different versions of OpenSSL in use.
Modify the method in OpenSSLCertificateFactory (and stub in CertificateFactory)
which generates a vector of certificates, so that it generates a vector
of shared_ptrs rather than unique_ptrs.
Add test of CreateCertificateChain to Swiften CertificateTest
class, together with sample certificate file in PEM form.
JIRA: LINK-1763
Bug:
Release-notes:
Manual:
Test-information:
Tested via development version of Mystique - created multiple
TLS sessions using single certificate chain.
Swift unit tests now build and run again.
New Swiften TLS unit test builds and runs.
Change-Id: I7fa4888b640c94b68712a6bff1f7aa334a358df2
| -rw-r--r-- | Swiften/QA/TLSTest/CertificateTest.cpp | 19 | ||||
| -rw-r--r-- | Swiften/QA/TLSTest/certificateChain.pem | 49 | ||||
| -rw-r--r-- | Swiften/TLS/CertificateFactory.cpp | 4 | ||||
| -rw-r--r-- | Swiften/TLS/CertificateFactory.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp | 8 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificate.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp | 8 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContext.cpp | 9 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContext.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/TLSContext.cpp | 2 | ||||
| -rw-r--r-- | Swiften/TLS/TLSContext.h | 2 |
12 files changed, 96 insertions, 13 deletions
diff --git a/Swiften/QA/TLSTest/CertificateTest.cpp b/Swiften/QA/TLSTest/CertificateTest.cpp index 02ec0f8..21f749c 100644 --- a/Swiften/QA/TLSTest/CertificateTest.cpp +++ b/Swiften/QA/TLSTest/CertificateTest.cpp @@ -24,24 +24,26 @@ template<typename CERTIFICATE_FACTORY> class CertificateTest : public CppUnit::TestFixture { CPPUNIT_TEST_SUITE(CertificateTest); CPPUNIT_TEST(testConstructFromDER); CPPUNIT_TEST(testToDER); //CPPUNIT_TEST(testGetSubjectName); CPPUNIT_TEST(testGetCommonNames); CPPUNIT_TEST(testGetSRVNames); CPPUNIT_TEST(testGetDNSNames); CPPUNIT_TEST(testGetXMPPAddresses); + CPPUNIT_TEST(testCreateCertificateChain); CPPUNIT_TEST_SUITE_END(); public: void setUp() { pathProvider = std::make_unique<PlatformApplicationPathProvider>("FileReadBytestreamTest"); readByteArrayFromFile(certificateData, (pathProvider->getExecutableDir() / "jabber_org.crt")); + readByteArrayFromFile(chainData, (pathProvider->getExecutableDir() / "certificateChain.pem")); certificateFactory = std::unique_ptr<CertificateFactory>(new CERTIFICATE_FACTORY()); } void testConstructFromDER() { Certificate::ref testling = Certificate::ref(certificateFactory->createCertificateFromDER(certificateData)); CPPUNIT_ASSERT_EQUAL(std::string("*.jabber.org"), testling->getCommonNames()[0]); } @@ -82,19 +84,36 @@ class CertificateTest : public CppUnit::TestFixture { } void testGetXMPPAddresses() { Certificate::ref testling = Certificate::ref(certificateFactory->createCertificateFromDER(certificateData)); CPPUNIT_ASSERT_EQUAL(1, static_cast<int>(testling->getXMPPAddresses().size())); CPPUNIT_ASSERT_EQUAL(std::string("*.jabber.org"), testling->getXMPPAddresses()[0]); } + void testCreateCertificateChain() { + // The input chain contains a 2-certificate chain: + // the first certificate has: + // a subject of "O=messaging,CN=Mixer Messaging Configuration,CN=badger.isode.net" + // an issuer of "O=messaging, CN=New Messaging CA" + // the second certificate has: + // a subject of "O=messaging, CN=New Messaging CA" + // an issuer of "O=messaging, CN=New Messaging CA" + // i.e. it is a self-signed certificate + std::vector<std::shared_ptr<Certificate>> chain = certificateFactory->createCertificateChain(chainData); + CPPUNIT_ASSERT_EQUAL(2,static_cast<int>(chain.size())); + CPPUNIT_ASSERT_EQUAL(std::string("Mixer Messaging Configuration"), chain[0]->getCommonNames()[0]); + CPPUNIT_ASSERT_EQUAL(std::string("badger.isode.net"), chain[0]->getCommonNames()[1]); + CPPUNIT_ASSERT_EQUAL(std::string("New Messaging CA"), chain[1]->getCommonNames()[0]); + } + private: std::unique_ptr<PlatformApplicationPathProvider> pathProvider; ByteArray certificateData; + ByteArray chainData; std::unique_ptr<CertificateFactory> certificateFactory; }; #ifdef HAVE_OPENSSL #include <Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h> CPPUNIT_TEST_SUITE_REGISTRATION(CertificateTest<OpenSSLCertificateFactory>); #endif diff --git a/Swiften/QA/TLSTest/certificateChain.pem b/Swiften/QA/TLSTest/certificateChain.pem new file mode 100644 index 0000000..cb3c0fb --- /dev/null +++ b/Swiften/QA/TLSTest/certificateChain.pem @@ -0,0 +1,49 @@ +-----BEGIN CERTIFICATE----- +MIIFFTCCA/2gAwIBAgIKXmMION+1bnZpIzANBgkqhkiG9w0BAQsFADAvMRIwEAYD +VQQKEwltZXNzYWdpbmcxGTAXBgNVBAMTEE5ldyBNZXNzYWdpbmcgQ0EwHhcNMTkw +NzI5MTAxMjMxWhcNMjAwNzI5MTAxMjMxWjBXMRIwEAYDVQQKEwltZXNzYWdpbmcx +JjAkBgNVBAMTHU1peGVyIE1lc3NhZ2luZyBDb25maWd1cmF0aW9uMRkwFwYDVQQD +ExBiYWRnZXIuaXNvZGUubmV0MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC +AYEAt42TMYe9oO4K6XmvST4kiy4cG+nmVDCtZRfAfF/A+1GQXTZ8OfLbPF5noLIF +f1Jj6fBDA2HiKoLQWfNnIklNEzgPbOREuAuCe660sW1JzJFr5O5qYyf6bHKkYmRr +CGHJ3G5kkXZOW3MhczPNHrTIUSL7lYLMZAcyWStkhgBy7lBuYtgDEXbdRH8OGgly +XC39AAU93y7ynw6W3SorU6h9cwvS0Ho8KVemCXoE38WLeSrIw1ks+Kf1YQopg9O3 +2SkXp6Z9elG5Wk5Rh0L0H2XHnAvmodr9TW6rtrPkJZfLL+NfcnGtI6QKnvL8EhYG +d+XiPOV8jyGAFRC1Be72wlF29Rw20zdoD3kAdeqBLWfL8H9mnQpebEIDj8Lmahub ++W4uuUqCG8NuY43lGJzJni9CFWvhD7ss1yVGz84zqRHu5iXNDncWH2luJT1gXvFW +6mxcfe+AwSiZ8PrhDQZBfTyx7ob4Ozdc1d59XTPyckj2msnCo2ayg+jKaViDd4vz +nNwhAgMBAAGjggGJMIIBhTAbBgNVHREEFDASghBiYWRnZXIuaXNvZGUubmV0MA4G +A1UdDwEB/wQEAwIF4DAMBgNVHRMBAf8EAjAAMHQGA1UdHwRtMGswaaBnoGWGY2xk +YXA6Ly9kaWFib2xvLmlzb2RlLm5ldDoxOTM4OS9jbj1OZXclMjBNZXNzYWdpbmcl +MjBDQSxvPW1lc3NhZ2luZz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFy +eTCBkQYIKwYBBQUHAQEEgYQwgYEwfwYIKwYBBQUHMAKGc2xkYXA6Ly9kaWFib2xv +Lmlzb2RlLm5ldDoxOTM4OS9jbj1OZXclMjBNZXNzYWdpbmclMjBDQSxvPW1lc3Nh +Z2luZz9jQUNlcnRpZmljYXRlO2JpbmFyeSxjcm9zc0NlcnRpZmljYXRlUGFpcjti +aW5hcnkwHQYDVR0OBBYEFFjf69BczlDoKiSBSvxCr9sy0OJ2MB8GA1UdIwQYMBaA +FJvoU0Lwg8vVCEmEMoKy29zFo/Y7MA0GCSqGSIb3DQEBCwUAA4IBAQCS4zLVH98S +Cl4gsmTkxM+lBsdzQ18ymA6p9ZRXGmJ405C9rN7um9XnbWwOHO6ach7zie2GxWLp +KOYKjX/5Pjt7mPwG8eKepPAxDenzKw5TocjscR9VxBsym0oEkWHPQG+xSqySQGUw +/5QoGy6v06yE8CZ7BKHPh91Jy7IjIDBxWaEtTAPyuH4i4DnsmA0/xSrJ7ez6g399 +YgqDnBInC63bYv5IDD1CmEr/0boBWpsOf50OC6JVhaPLAldwTAxLSOMBJ4q4onXC +ZqDHY3EMRtwYEffNg9ZorXJwLmU3Lq/R3B9lC22XNPDFj/bZ5RpwVFtuN5HfeZzO +aPbNoa0Nf+QB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDJDCCAgygAwIBAgIKSm7KkUZOigMk9zANBgkqhkiG9w0BAQsFADAvMRIwEAYD +VQQKEwltZXNzYWdpbmcxGTAXBgNVBAMTEE5ldyBNZXNzYWdpbmcgQ0EwHhcNMTYw +MTI2MTU1MTU2WhcNMjYwMTI2MTU1MTU2WjAvMRIwEAYDVQQKEwltZXNzYWdpbmcx +GTAXBgNVBAMTEE5ldyBNZXNzYWdpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDgcuX1s8EvO8GDHx7vSW9oeDnLUBx5E48Vb2qcJVc34ik1j6ZV +d8/+tzmyy/BskFbaOJ0KD5XYOoI8TJtu28lASWZj1vAEZkfrDdBbKeb1BQhShMt2 +ICgzp7l4ubwd6rqCGHpD/f12RVhSlU3y6TniaK62a9RwJOpL/wvnCcJLPjaTw8om +EY62EyUP+FymUbo3Rb3aWLM7avHl1/32pyzUgRzvZR63hlMHnlE5Sgc84j9KMwJH +k+mCyXIGPc+yhL33ljR63Eoiqynyk0HPU6pWai1WKuSv6zMDPwnNaJA3VpLNUHsd +eVe1GyOmPFePnhRPZYfC+Dk8lxDUmZfNFKZlAgMBAAGjQjBAMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSb6FNC8IPL1QhJhDKCstvc +xaP2OzANBgkqhkiG9w0BAQsFAAOCAQEApgA5oupwTS2Ylt9mhS/TDX9wzR0DqnC5 +t9skgU9B/1MnzgqEMKGmuhRBiqDyr0jsPegBFI/CpTdIpakpSUrIvBTZADzkrkI+ +3k2jnpEv0vodaFIHQonDysq5h4bXsCSdSprdhiUa1GKFtnJ92Ro/2Uaw5UcqFPCg +7kj7RmRVlAIynUAT81cefQww0HBFPN9SdBEpp6YP4P1u1x8GV0Bfq93r4G5jkiHN +dA6xejk7RZK4mTH+K2aFpWoHCqMr7RAzV5UiXis4cFAmtv+5K/G7eazNx0Y+ODo4 +fweh+xW+dOXuP1lzW4DzwhEf/8tgFgI0jIvscPgdgHY7t9SQRJPYQQ== +-----END CERTIFICATE----- diff --git a/Swiften/TLS/CertificateFactory.cpp b/Swiften/TLS/CertificateFactory.cpp index aaf27d9..d4db3f4 100644 --- a/Swiften/TLS/CertificateFactory.cpp +++ b/Swiften/TLS/CertificateFactory.cpp @@ -17,19 +17,19 @@ #include <Swiften/Base/Log.h> #include <Swiften/StringCodecs/Base64.h> #include <Swiften/TLS/PrivateKey.h> namespace Swift { CertificateFactory::~CertificateFactory() { } -std::vector<std::unique_ptr<Certificate>> CertificateFactory::createCertificateChain(const ByteArray& /* data */) { +std::vector<std::shared_ptr<Certificate>> CertificateFactory::createCertificateChain(const ByteArray& /* data */) { assert(false); - return std::vector<std::unique_ptr<Certificate>>(); + return std::vector<std::shared_ptr<Certificate>>(); } PrivateKey::ref CertificateFactory::createPrivateKey(const SafeByteArray& data, boost::optional<SafeByteArray> password) { return std::make_shared<PrivateKey>(data, password); } } diff --git a/Swiften/TLS/CertificateFactory.h b/Swiften/TLS/CertificateFactory.h index 619031c..873c36b 100644 --- a/Swiften/TLS/CertificateFactory.h +++ b/Swiften/TLS/CertificateFactory.h @@ -13,13 +13,13 @@ #include <Swiften/TLS/Certificate.h> #include <Swiften/TLS/PrivateKey.h> namespace Swift { class SWIFTEN_API CertificateFactory { public: virtual ~CertificateFactory(); virtual Certificate* createCertificateFromDER(const ByteArray& der) = 0; - virtual std::vector<std::unique_ptr<Certificate>> createCertificateChain(const ByteArray& data); + virtual std::vector<std::shared_ptr<Certificate>> createCertificateChain(const ByteArray& data); PrivateKey::ref createPrivateKey(const SafeByteArray& data, boost::optional<SafeByteArray> password = boost::optional<SafeByteArray>()); }; } diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp index 8d2d965..bb51428 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp @@ -31,18 +31,26 @@ OpenSSLCertificate::OpenSSLCertificate(const ByteArray& der) { const unsigned char* p = vecptr(der); #endif cert = std::shared_ptr<X509>(d2i_X509(nullptr, &p, der.size()), X509_free); if (!cert) { SWIFT_LOG(warning) << "Error creating certificate from DER data" << std::endl; } parse(); } +void OpenSSLCertificate::incrementReferenceCount() const { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + X509_up_ref(cert.get()); +#else + CRYPTO_add(&(cert.get()->references), 1, CRYPTO_LOCK_EVP_PKEY); +#endif +} + ByteArray OpenSSLCertificate::toDER() const { ByteArray result; if (!cert) { return result; } result.resize(i2d_X509(cert.get(), nullptr)); unsigned char* p = vecptr(result); i2d_X509(cert.get(), &p); return result; diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h index 186caea..64da82a 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h @@ -39,18 +39,20 @@ namespace Swift { return xmppAddresses; } ByteArray toDER() const; std::shared_ptr<X509> getInternalX509() const { return cert; } + void incrementReferenceCount() const; + private: void parse(); void addSRVName(const std::string& name) { srvNames.push_back(name); } void addDNSName(const std::string& name) { dnsNames.push_back(name); diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp index 5eb626b..fd94ec8 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp @@ -14,37 +14,37 @@ OpenSSLCertificateFactory::OpenSSLCertificateFactory() { } OpenSSLCertificateFactory::~OpenSSLCertificateFactory() { } Certificate* OpenSSLCertificateFactory::createCertificateFromDER(const ByteArray& der) { return new OpenSSLCertificate(der); } -std::vector<std::unique_ptr<Certificate>> OpenSSLCertificateFactory::createCertificateChain(const ByteArray& data) { - std::vector<std::unique_ptr<Certificate>> certificateChain; +std::vector<std::shared_ptr<Certificate>> OpenSSLCertificateFactory::createCertificateChain(const ByteArray& data) { + std::vector<std::shared_ptr<Certificate>> certificateChain; if (data.size() > std::numeric_limits<int>::max()) { return certificateChain; } auto bio = std::shared_ptr<BIO>(BIO_new(BIO_s_mem()), BIO_free); BIO_write(bio.get(), vecptr(data), int(data.size())); // Attempt parsing data as PEM X509* openSSLCert = nullptr; auto x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr); if (x509certFromPEM && openSSLCert) { std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); - certificateChain.emplace_back(std::make_unique<OpenSSLCertificate>(x509Cert)); + certificateChain.emplace_back(std::make_shared<OpenSSLCertificate>(x509Cert)); openSSLCert = nullptr; while ((x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr)) != nullptr) { std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); - certificateChain.emplace_back(std::make_unique<OpenSSLCertificate>(x509Cert)); + certificateChain.emplace_back(std::make_shared<OpenSSLCertificate>(x509Cert)); openSSLCert = nullptr; } } return certificateChain; } } diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h index 48e9b2c..a6974c8 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h @@ -10,12 +10,12 @@ #include <Swiften/TLS/OpenSSL/OpenSSLCertificate.h> namespace Swift { class OpenSSLCertificateFactory : public CertificateFactory { public: OpenSSLCertificateFactory(); virtual ~OpenSSLCertificateFactory() override final; virtual Certificate* createCertificateFromDER(const ByteArray& der) override final; - virtual std::vector<std::unique_ptr<Certificate>> createCertificateChain(const ByteArray& data) override final; + virtual std::vector<std::shared_ptr<Certificate>> createCertificateChain(const ByteArray& data) override final; }; } diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp index 5c80976..32d6470 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp @@ -561,45 +561,50 @@ void OpenSSLContext::sendPendingDataToApplication() { data.resize(SSL_READ_BUFFERSIZE); ret = SSL_read(handle_.get(), vecptr(data), data.size()); } if (ret < 0 && SSL_get_error(handle_.get(), ret) != SSL_ERROR_WANT_READ) { state_ = State::Error; onError(std::make_shared<TLSError>(TLSError::UnknownError, openSSLInternalErrorToString())); } } -bool OpenSSLContext::setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& certificateChain) { +bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& certificateChain) { if (certificateChain.size() == 0) { SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; return false; } // load endpoint certificate auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificateChain[0].get()); if (!openSSLCert) { return false; } if (SSL_CTX_use_certificate(context_.get(), openSSLCert->getInternalX509().get()) != 1) { return false; } + // Increment reference count on certificate so that it does not get freed when the SSL context is destroyed + openSSLCert->incrementReferenceCount(); + if (certificateChain.size() > 1) { for (auto certificate = certificateChain.begin() + 1; certificate != certificateChain.end(); ++certificate) { auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificate->get()); if (!openSSLCert) { return false; } + if (SSL_CTX_add_extra_chain_cert(context_.get(), openSSLCert->getInternalX509().get()) != 1) { SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; return false; } - certificate->release(); + + openSSLCert->incrementReferenceCount(); } } if (handle_) { // This workaround is needed as OpenSSL has a shortcut to not do anything // if you set the SSL_CTX to the existing SSL_CTX and not reloading the // certificates from the SSL_CTX. auto dummyContext = createSSL_CTX(mode_); SSL_set_SSL_CTX(handle_.get(), dummyContext.get()); diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.h b/Swiften/TLS/OpenSSL/OpenSSLContext.h index 885b1fe..8eb5758 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.h +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.h @@ -40,19 +40,19 @@ namespace Swift { class OpenSSLContext : public TLSContext, boost::noncopyable { public: OpenSSLContext(const TLSOptions& options, Mode mode); virtual ~OpenSSLContext() override final; void accept() override final; void connect() override final; void connect(const std::string& requestHostname) override final; - bool setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& certificateChain) override final; + bool setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& certificateChain) override final; bool setPrivateKey(const PrivateKey::ref& privateKey) override final; bool setClientCertificate(CertificateWithKey::ref cert) override final; void setAbortTLSHandshake(bool abort) override final; bool setDiffieHellmanParameters(const ByteArray& parametersInOpenSslDer) override final; void handleDataFromNetwork(const SafeByteArray&) override final; void handleDataFromApplication(const SafeByteArray&) override final; std::vector<Certificate::ref> getPeerCertificateChain() const override final; diff --git a/Swiften/TLS/TLSContext.cpp b/Swiften/TLS/TLSContext.cpp index 666ea7f..fd31c2d 100644 --- a/Swiften/TLS/TLSContext.cpp +++ b/Swiften/TLS/TLSContext.cpp @@ -15,19 +15,19 @@ TLSContext::~TLSContext() { void TLSContext::accept() { assert(false); } void TLSContext::connect(const std::string& /* serverName */) { assert(false); } -bool TLSContext::setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& /* certificateChain */) { +bool TLSContext::setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& /* certificateChain */) { assert(false); return false; } bool TLSContext::setPrivateKey(const PrivateKey::ref& /* privateKey */) { assert(false); return false; } diff --git a/Swiften/TLS/TLSContext.h b/Swiften/TLS/TLSContext.h index 85776d8..f2dbdce 100644 --- a/Swiften/TLS/TLSContext.h +++ b/Swiften/TLS/TLSContext.h @@ -22,19 +22,19 @@ namespace Swift { class SWIFTEN_API TLSContext { public: virtual ~TLSContext(); virtual void accept(); virtual void connect() = 0; virtual void connect(const std::string& serverName); - virtual bool setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& /* certificateChain */); + virtual bool setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& /* certificateChain */); virtual bool setPrivateKey(const PrivateKey::ref& /* privateKey */); virtual bool setClientCertificate(CertificateWithKey::ref cert) = 0; virtual bool setDiffieHellmanParameters(const ByteArray& parametersInOpenSslDer); /** * This method can be used during the \ref onServerNameRequested signal, * to report an error about an unknown host back to the requesting client. */ |