diff options
author | Tim Costen <tim.costen@isode.com> | 2019-10-04 09:03:59 (GMT) |
---|---|---|
committer | Tim Costen <tim.costen@isode.com> | 2019-10-04 12:25:33 (GMT) |
commit | 2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd (patch) | |
tree | c18d0317b1f750bad3d413ed5bc6ec40a2e0bfbb /Swiften/QA/TLSTest/CertificateTest.cpp | |
parent | df07a5e1e654c5fe4b513b8b0e41a392e9955cdf (diff) | |
download | swift-2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd.zip swift-2ad1938c50f9fe57fe3dd98eb9f4bb711ac52acd.tar.bz2 |
Correct leaks in OpenSSL interface
Remove increment of reference count on first certificate added
to a new SSL context - the call to SSL_CTX_use_certificate does
this internally. When adding extra certificates to the context
via calls to SSL_CTX_add_extra_certificate, the explicit
increment of the reference count is still required to prevent
destruction of the certificates when the SSL context is freed.
In OpenSSLContext::setPrivateKey, make sure the EVP_PKEY returned
by PEM_read_bio_PrivateKey is tidied up, by wrapping it in a
shared_ptr which calls EVP_PKEY_free.
Add a new Unit test which creates an SSL context and inserts a
multi-element certificate chain and a private key.
JIRA: SWIFT-423
Bug:
Release-notes:
Manual:
Change-Id: I82c66139a9dfe7a925eb39f73721200895a689e2
Test-information:
Leak testing performed via ASAN-compiled MLink unit tests -
now no leaks/errors reported associated with TLS Contexts and
Certificates. Swiften unit test runs as expected.
Diffstat (limited to 'Swiften/QA/TLSTest/CertificateTest.cpp')
-rw-r--r-- | Swiften/QA/TLSTest/CertificateTest.cpp | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/Swiften/QA/TLSTest/CertificateTest.cpp b/Swiften/QA/TLSTest/CertificateTest.cpp index 21f749c..624d953 100644 --- a/Swiften/QA/TLSTest/CertificateTest.cpp +++ b/Swiften/QA/TLSTest/CertificateTest.cpp @@ -15,6 +15,9 @@ #include <Swiften/Base/ByteArray.h> #include <Swiften/TLS/CertificateFactory.h> +#include <Swiften/TLS/TLSContext.h> +#include <Swiften/TLS/PlatformTLSFactories.h> +#include <Swiften/TLS/TLSContextFactory.h> #include <SwifTools/Application/PlatformApplicationPathProvider.h> @@ -31,6 +34,7 @@ class CertificateTest : public CppUnit::TestFixture { CPPUNIT_TEST(testGetDNSNames); CPPUNIT_TEST(testGetXMPPAddresses); CPPUNIT_TEST(testCreateCertificateChain); + CPPUNIT_TEST(testCreateTlsContext); CPPUNIT_TEST_SUITE_END(); public: @@ -38,7 +42,11 @@ class CertificateTest : public CppUnit::TestFixture { pathProvider = std::make_unique<PlatformApplicationPathProvider>("FileReadBytestreamTest"); readByteArrayFromFile(certificateData, (pathProvider->getExecutableDir() / "jabber_org.crt")); readByteArrayFromFile(chainData, (pathProvider->getExecutableDir() / "certificateChain.pem")); + readByteArrayFromFile(keyData, (pathProvider->getExecutableDir() / "privateKey.pem")); certificateFactory = std::unique_ptr<CertificateFactory>(new CERTIFICATE_FACTORY()); + + PlatformTLSFactories* tlsFactories_ = new PlatformTLSFactories(); + tlsContextFactory_ = tlsFactories_->getTLSContextFactory(); } void testConstructFromDER() { @@ -106,11 +114,29 @@ class CertificateTest : public CppUnit::TestFixture { CPPUNIT_ASSERT_EQUAL(std::string("New Messaging CA"), chain[1]->getCommonNames()[0]); } + void testCreateTlsContext() { + // Create 2-certificate chain as in previous test + std::vector<std::shared_ptr<Certificate>> chain = certificateFactory->createCertificateChain(chainData); + CPPUNIT_ASSERT_EQUAL(2,static_cast<int>(chain.size())); + + // Load private key from string + PrivateKey::ref key = certificateFactory->createPrivateKey(Swift::createSafeByteArray(keyData)); + CPPUNIT_ASSERT(key); + + const TLSOptions options; + auto context = tlsContextFactory_->createTLSContext(options, TLSContext::Mode::Server); + CPPUNIT_ASSERT(context); + + context->setCertificateChain(chain); + context->setPrivateKey(key); + } private: std::unique_ptr<PlatformApplicationPathProvider> pathProvider; ByteArray certificateData; ByteArray chainData; + ByteArray keyData; std::unique_ptr<CertificateFactory> certificateFactory; + TLSContextFactory* tlsContextFactory_; }; #ifdef HAVE_OPENSSL |