Swiftdiff options
| author | Edwin Mons <edwin.mons@isode.com> | 2019-01-18 15:25:58 (GMT) |
|---|---|---|
| committer | Edwin Mons <edwin.mons@isode.com> | 2019-01-18 20:27:03 (GMT) |
| commit | 68dd665d51c925a118cfced4583942b7157b59de (patch) | |
| tree | fc4144d4a3284fdd68c34b8d3bf6c0d107998a6b /Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp | |
| parent | 9b12c9751cf8fd1658dfd948c4d854b0e1407b0d (diff) | |
| download | swift-68dd665d51c925a118cfced4583942b7157b59de.zip swift-68dd665d51c925a118cfced4583942b7157b59de.tar.bz2 | |
Allow ownership transfer of certificates
OpenSSL TLS contexts assume ownership of any additional certificate
passed into it. The CertificateFactory now returns a vector of
unique_ptrs, and OpenSSLContext will do the needful with releasing
ownership at the right moment.
A unit test has been added that uses a chained certificate in
client/server context. Before the fix, this test would either fail, or
result in a segmentation fault, depending on the mood of OpenSSL.
Test-Information:
Unit tests pass on Debian 9
Ran manual tests with server test code, tested both chained and single
certificates, and no longer observed crashes when accepting a
connection.
Change-Id: I21814969e45c7d77e9a1af14f2c958c4c0311cd0
Diffstat (limited to 'Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp')
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp index c94702c..5eb626b 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp | |||
| @@ -20,8 +20,8 @@ Certificate* OpenSSLCertificateFactory::createCertificateFromDER(const ByteArray | |||
| 20 | return new OpenSSLCertificate(der); | 20 | return new OpenSSLCertificate(der); |
| 21 | } | 21 | } |
| 22 | 22 | ||
| 23 | std::vector<Certificate::ref> OpenSSLCertificateFactory::createCertificateChain(const ByteArray& data) { | 23 | std::vector<std::unique_ptr<Certificate>> OpenSSLCertificateFactory::createCertificateChain(const ByteArray& data) { |
| 24 | std::vector<Certificate::ref> certificateChain; | 24 | std::vector<std::unique_ptr<Certificate>> certificateChain; |
| 25 | 25 | ||
| 26 | if (data.size() > std::numeric_limits<int>::max()) { | 26 | if (data.size() > std::numeric_limits<int>::max()) { |
| 27 | return certificateChain; | 27 | return certificateChain; |
| @@ -35,11 +35,11 @@ std::vector<Certificate::ref> OpenSSLCertificateFactory::createCertificateChain( | |||
| 35 | auto x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr); | 35 | auto x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr); |
| 36 | if (x509certFromPEM && openSSLCert) { | 36 | if (x509certFromPEM && openSSLCert) { |
| 37 | std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); | 37 | std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); |
| 38 | certificateChain.push_back(std::make_shared<OpenSSLCertificate>(x509Cert)); | 38 | certificateChain.emplace_back(std::make_unique<OpenSSLCertificate>(x509Cert)); |
| 39 | openSSLCert = nullptr; | 39 | openSSLCert = nullptr; |
| 40 | while ((x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr)) != nullptr) { | 40 | while ((x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr)) != nullptr) { |
| 41 | std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); | 41 | std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); |
| 42 | certificateChain.push_back(std::make_shared<OpenSSLCertificate>(x509Cert)); | 42 | certificateChain.emplace_back(std::make_unique<OpenSSLCertificate>(x509Cert)); |
| 43 | openSSLCert = nullptr; | 43 | openSSLCert = nullptr; |
| 44 | } | 44 | } |
| 45 | } | 45 | } |