Allow ownership transfer of certificates

OpenSSL TLS contexts assume ownership of any additional certificate passed into it. The CertificateFactory now returns a vector of unique_ptrs, and OpenSSLContext will do the needful with releasing ownership at the right moment. A unit test has been added that uses a chained certificate in client/server context. Before the fix, this test would either fail, or result in a segmentation fault, depending on the mood of OpenSSL. Test-Information: Unit tests pass on Debian 9 Ran manual tests with server test code, tested both chained and single certificates, and no longer observed crashes when accepting a connection. Change-Id: I21814969e45c7d77e9a1af14f2c958c4c0311cd0
author: Edwin Mons <edwin.mons@isode.com> 2019-01-18 15:25:58 (GMT)
committer: Edwin Mons <edwin.mons@isode.com> 2019-01-18 20:27:03 (GMT)
commit: 68dd665d51c925a118cfced4583942b7157b59de (patch)
tree: fc4144d4a3284fdd68c34b8d3bf6c0d107998a6b /Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp
parent: 9b12c9751cf8fd1658dfd948c4d854b0e1407b0d (diff)
download: swift-68dd665d51c925a118cfced4583942b7157b59de.zip
swift-68dd665d51c925a118cfced4583942b7157b59de.tar.bz2
1 files changed, 4 insertions, 4 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp
index c94702c..5eb626b 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp
@@ -20,8 +20,8 @@ Certificate* OpenSSLCertificateFactory::createCertificateFromDER(const ByteArray
     return new OpenSSLCertificate(der);
 }
 
-std::vector<Certificate::ref> OpenSSLCertificateFactory::createCertificateChain(const ByteArray& data) {
-    std::vector<Certificate::ref> certificateChain;
+std::vector<std::unique_ptr<Certificate>> OpenSSLCertificateFactory::createCertificateChain(const ByteArray& data) {
+    std::vector<std::unique_ptr<Certificate>> certificateChain;
 
     if (data.size() > std::numeric_limits<int>::max()) {
         return certificateChain;
@@ -35,11 +35,11 @@ std::vector<Certificate::ref> OpenSSLCertificateFactory::createCertificateChain(
     auto x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr);
     if (x509certFromPEM && openSSLCert) {
         std::shared_ptr<X509> x509Cert(openSSLCert, X509_free);
-        certificateChain.push_back(std::make_shared<OpenSSLCertificate>(x509Cert));
+        certificateChain.emplace_back(std::make_unique<OpenSSLCertificate>(x509Cert));
         openSSLCert = nullptr;
         while ((x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr)) != nullptr) {
             std::shared_ptr<X509> x509Cert(openSSLCert, X509_free);
-            certificateChain.push_back(std::make_shared<OpenSSLCertificate>(x509Cert));
+            certificateChain.emplace_back(std::make_unique<OpenSSLCertificate>(x509Cert));
             openSSLCert = nullptr;
         }
     }
author	Edwin Mons <edwin.mons@isode.com>	2019-01-18 15:25:58 (GMT)
committer	Edwin Mons <edwin.mons@isode.com>	2019-01-18 20:27:03 (GMT)
commit	68dd665d51c925a118cfced4583942b7157b59de (patch)
tree	fc4144d4a3284fdd68c34b8d3bf6c0d107998a6b /Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp
parent	9b12c9751cf8fd1658dfd948c4d854b0e1407b0d (diff)
download	swift-68dd665d51c925a118cfced4583942b7157b59de.zip swift-68dd665d51c925a118cfced4583942b7157b59de.tar.bz2