Swiftdiff options
| author | Tim Costen <tim.costen@isode.com> | 2019-10-04 09:03:59 (GMT) |
|---|---|---|
| committer | Tim Costen <tim.costen@isode.com> | 2019-10-04 12:25:33 (GMT) |
| commit | 2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd (patch) | |
| tree | c18d0317b1f750bad3d413ed5bc6ec40a2e0bfbb /Swiften/QA/TLSTest/CertificateTest.cpp | |
| parent | df07a5e1e654c5fe4b513b8b0e41a392e9955cdf (diff) | |
| download | swift-2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd.zip swift-2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd.tar.bz2 | |
Correct leaks in OpenSSL interface
Remove increment of reference count on first certificate added
to a new SSL context - the call to SSL_CTX_use_certificate does
this internally. When adding extra certificates to the context
via calls to SSL_CTX_add_extra_certificate, the explicit
increment of the reference count is still required to prevent
destruction of the certificates when the SSL context is freed.
In OpenSSLContext::setPrivateKey, make sure the EVP_PKEY returned
by PEM_read_bio_PrivateKey is tidied up, by wrapping it in a
shared_ptr which calls EVP_PKEY_free.
Add a new Unit test which creates an SSL context and inserts a
multi-element certificate chain and a private key.
JIRA: SWIFT-423
Bug:
Release-notes:
Manual:
Change-Id: I82c66139a9dfe7a925eb39f73721200895a689e2
Test-information:
Leak testing performed via ASAN-compiled MLink unit tests -
now no leaks/errors reported associated with TLS Contexts and
Certificates. Swiften unit test runs as expected.
Diffstat (limited to 'Swiften/QA/TLSTest/CertificateTest.cpp')
| -rw-r--r-- | Swiften/QA/TLSTest/CertificateTest.cpp | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/Swiften/QA/TLSTest/CertificateTest.cpp b/Swiften/QA/TLSTest/CertificateTest.cpp index 21f749c..624d953 100644 --- a/Swiften/QA/TLSTest/CertificateTest.cpp +++ b/Swiften/QA/TLSTest/CertificateTest.cpp @@ -17,2 +17,5 @@ #include <Swiften/TLS/CertificateFactory.h> +#include <Swiften/TLS/TLSContext.h> +#include <Swiften/TLS/PlatformTLSFactories.h> +#include <Swiften/TLS/TLSContextFactory.h> @@ -33,2 +36,3 @@ class CertificateTest : public CppUnit::TestFixture { CPPUNIT_TEST(testCreateCertificateChain); + CPPUNIT_TEST(testCreateTlsContext); CPPUNIT_TEST_SUITE_END(); @@ -40,3 +44,7 @@ class CertificateTest : public CppUnit::TestFixture { readByteArrayFromFile(chainData, (pathProvider->getExecutableDir() / "certificateChain.pem")); + readByteArrayFromFile(keyData, (pathProvider->getExecutableDir() / "privateKey.pem")); certificateFactory = std::unique_ptr<CertificateFactory>(new CERTIFICATE_FACTORY()); + + PlatformTLSFactories* tlsFactories_ = new PlatformTLSFactories(); + tlsContextFactory_ = tlsFactories_->getTLSContextFactory(); } @@ -108,2 +116,18 @@ class CertificateTest : public CppUnit::TestFixture { + void testCreateTlsContext() { + // Create 2-certificate chain as in previous test + std::vector<std::shared_ptr<Certificate>> chain = certificateFactory->createCertificateChain(chainData); + CPPUNIT_ASSERT_EQUAL(2,static_cast<int>(chain.size())); + + // Load private key from string + PrivateKey::ref key = certificateFactory->createPrivateKey(Swift::createSafeByteArray(keyData)); + CPPUNIT_ASSERT(key); + + const TLSOptions options; + auto context = tlsContextFactory_->createTLSContext(options, TLSContext::Mode::Server); + CPPUNIT_ASSERT(context); + + context->setCertificateChain(chain); + context->setPrivateKey(key); + } private: @@ -112,3 +136,5 @@ class CertificateTest : public CppUnit::TestFixture { ByteArray chainData; + ByteArray keyData; std::unique_ptr<CertificateFactory> certificateFactory; + TLSContextFactory* tlsContextFactory_; }; |