Allow ownership transfer of certificates

OpenSSL TLS contexts assume ownership of any additional certificate passed into it. The CertificateFactory now returns a vector of unique_ptrs, and OpenSSLContext will do the needful with releasing ownership at the right moment. A unit test has been added that uses a chained certificate in client/server context. Before the fix, this test would either fail, or result in a segmentation fault, depending on the mood of OpenSSL. Test-Information: Unit tests pass on Debian 9 Ran manual tests with server test code, tested both chained and single certificates, and no longer observed crashes when accepting a connection. Change-Id: I21814969e45c7d77e9a1af14f2c958c4c0311cd0
author: Edwin Mons <edwin.mons@isode.com> 2019-01-18 15:25:58 (GMT)
committer: Edwin Mons <edwin.mons@isode.com> 2019-01-18 20:27:03 (GMT)
commit: 68dd665d51c925a118cfced4583942b7157b59de (patch)
tree: fc4144d4a3284fdd68c34b8d3bf6c0d107998a6b /Swiften/TLS/OpenSSL/OpenSSLContext.cpp
parent: 9b12c9751cf8fd1658dfd948c4d854b0e1407b0d (diff)
download: swift-68dd665d51c925a118cfced4583942b7157b59de.zip
swift-68dd665d51c925a118cfced4583942b7157b59de.tar.bz2
1 files changed, 5 insertions, 4 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 968ef8f..e9889bc 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -338,14 +338,14 @@ void OpenSSLContext::sendPendingDataToApplication() {
     }
 }
 
-bool OpenSSLContext::setCertificateChain(const std::vector<Certificate::ref>& certificateChain) {
+bool OpenSSLContext::setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& certificateChain) {
     if (certificateChain.size() == 0) {
         SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl;
         return false;
     }
 
     // load endpoint certificate
-    auto openSSLCert = std::dynamic_pointer_cast<OpenSSLCertificate>(certificateChain[0]);
+    auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificateChain[0].get());
     if (!openSSLCert) {
         return false;
     }
@@ -355,8 +355,8 @@ bool OpenSSLContext::setCertificateChain(const std::vector<Certificate::ref>& ce
     }
 
     if (certificateChain.size() > 1) {
-        for (auto certificate : range(certificateChain.begin() + 1, certificateChain.end())) {
-            auto openSSLCert = std::dynamic_pointer_cast<OpenSSLCertificate>(certificate);
+        for (auto certificate = certificateChain.begin() + 1; certificate != certificateChain.end(); ++certificate) {
+            auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificate->get());
             if (!openSSLCert) {
                 return false;
             }
@@ -364,6 +364,7 @@ bool OpenSSLContext::setCertificateChain(const std::vector<Certificate::ref>& ce
                 SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl;
                 return false;
             }
+            certificate->release();
         }
     }
author	Edwin Mons <edwin.mons@isode.com>	2019-01-18 15:25:58 (GMT)
committer	Edwin Mons <edwin.mons@isode.com>	2019-01-18 20:27:03 (GMT)
commit	68dd665d51c925a118cfced4583942b7157b59de (patch)
tree	fc4144d4a3284fdd68c34b8d3bf6c0d107998a6b /Swiften/TLS/OpenSSL/OpenSSLContext.cpp
parent	9b12c9751cf8fd1658dfd948c4d854b0e1407b0d (diff)
download	swift-68dd665d51c925a118cfced4583942b7157b59de.zip swift-68dd665d51c925a118cfced4583942b7157b59de.tar.bz2