Allow use of system TAs to be disabled via TLSOptions

Add new boolean flag to TLSOptions which when set to true prevents system Trust Anchors being loaded into new TLS contexts created using OpenSSL. Add new test to Swiften QA with appropriate comment. JIRA: SWIFT-425 Test-information: Checked logic of change under debugger while running the tests in CertificateTest.cpp which create TLS contexts. Change-Id: I2d4a8410ce9cc752e6774e1d1cdb84dcd37b01d7
author: Tim Costen <tim.costen@isode.com> 2019-10-28 11:15:57 (GMT)
committer: Tim Costen <tim.costen@isode.com> 2019-10-29 11:35:05 (GMT)
commit: be7632881677da5267eb711c1f2823ac82d43d09 (patch)
tree: 9088f5433f24017a4729becf03a0ca871b71a90f /Swiften/QA
parent: 8e0a9cd6a608ee2bf83b52c9eb9ac556bf10293f (diff)
download: swift-be7632881677da5267eb711c1f2823ac82d43d09.zip
swift-be7632881677da5267eb711c1f2823ac82d43d09.tar.bz2
1 files changed, 24 insertions, 0 deletions
diff --git a/Swiften/QA/TLSTest/CertificateTest.cpp b/Swiften/QA/TLSTest/CertificateTest.cpp
index 624d953..463ef9e 100644
--- a/Swiften/QA/TLSTest/CertificateTest.cpp
+++ b/Swiften/QA/TLSTest/CertificateTest.cpp
@@ -35,6 +35,7 @@ class CertificateTest : public CppUnit::TestFixture {
         CPPUNIT_TEST(testGetXMPPAddresses);
         CPPUNIT_TEST(testCreateCertificateChain);
         CPPUNIT_TEST(testCreateTlsContext);
+        CPPUNIT_TEST(testCreateTlsContextDisableSystemTAs);
         CPPUNIT_TEST_SUITE_END();
 
     public:
@@ -130,6 +131,29 @@ class CertificateTest : public CppUnit::TestFixture {
             context->setCertificateChain(chain);
             context->setPrivateKey(key);
         }
+
+    /**
+     * This test does not actually verify that use of system TAs has been disabled, it just provides
+     * a convenient mechanism for testing via a debugger.
+     **/
+        void testCreateTlsContextDisableSystemTAs() {
+            // Create 2-certificate chain as in previous test
+            std::vector<std::shared_ptr<Certificate>> chain = certificateFactory->createCertificateChain(chainData);
+            CPPUNIT_ASSERT_EQUAL(2,static_cast<int>(chain.size()));
+
+            // Load private key from string
+            PrivateKey::ref key = certificateFactory->createPrivateKey(Swift::createSafeByteArray(keyData));
+            CPPUNIT_ASSERT(key);
+
+            // Turn off use of system TAs
+            TLSOptions options;
+            options.ignoreSystemTrustAnchors = true;
+            auto context = tlsContextFactory_->createTLSContext(options, TLSContext::Mode::Server);
+            CPPUNIT_ASSERT(context);
+
+            context->setCertificateChain(chain);
+            context->setPrivateKey(key);
+        }
     private:
         std::unique_ptr<PlatformApplicationPathProvider> pathProvider;
         ByteArray certificateData;
author	Tim Costen <tim.costen@isode.com>	2019-10-28 11:15:57 (GMT)
committer	Tim Costen <tim.costen@isode.com>	2019-10-29 11:35:05 (GMT)
commit	be7632881677da5267eb711c1f2823ac82d43d09 (patch)
tree	9088f5433f24017a4729becf03a0ca871b71a90f /Swiften/QA
parent	8e0a9cd6a608ee2bf83b52c9eb9ac556bf10293f (diff)
download	swift-be7632881677da5267eb711c1f2823ac82d43d09.zip swift-be7632881677da5267eb711c1f2823ac82d43d09.tar.bz2