Swiftdiff options
| -rw-r--r-- | Swiften/QA/TLSTest/CertificateTest.cpp | 19 | ||||
| -rw-r--r-- | Swiften/QA/TLSTest/certificateChain.pem | 49 | ||||
| -rw-r--r-- | Swiften/TLS/CertificateFactory.cpp | 4 | ||||
| -rw-r--r-- | Swiften/TLS/CertificateFactory.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp | 8 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificate.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp | 8 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContext.cpp | 9 | ||||
| -rw-r--r-- | Swiften/TLS/OpenSSL/OpenSSLContext.h | 2 | ||||
| -rw-r--r-- | Swiften/TLS/TLSContext.cpp | 2 | ||||
| -rw-r--r-- | Swiften/TLS/TLSContext.h | 2 |
12 files changed, 96 insertions, 13 deletions
diff --git a/Swiften/QA/TLSTest/CertificateTest.cpp b/Swiften/QA/TLSTest/CertificateTest.cpp index 02ec0f8..21f749c 100644 --- a/Swiften/QA/TLSTest/CertificateTest.cpp +++ b/Swiften/QA/TLSTest/CertificateTest.cpp | |||
| @@ -30,12 +30,14 @@ class CertificateTest : public CppUnit::TestFixture { | |||
| 30 | CPPUNIT_TEST(testGetSRVNames); | 30 | CPPUNIT_TEST(testGetSRVNames); |
| 31 | CPPUNIT_TEST(testGetDNSNames); | 31 | CPPUNIT_TEST(testGetDNSNames); |
| 32 | CPPUNIT_TEST(testGetXMPPAddresses); | 32 | CPPUNIT_TEST(testGetXMPPAddresses); |
| 33 | CPPUNIT_TEST(testCreateCertificateChain); | ||
| 33 | CPPUNIT_TEST_SUITE_END(); | 34 | CPPUNIT_TEST_SUITE_END(); |
| 34 | 35 | ||
| 35 | public: | 36 | public: |
| 36 | void setUp() { | 37 | void setUp() { |
| 37 | pathProvider = std::make_unique<PlatformApplicationPathProvider>("FileReadBytestreamTest"); | 38 | pathProvider = std::make_unique<PlatformApplicationPathProvider>("FileReadBytestreamTest"); |
| 38 | readByteArrayFromFile(certificateData, (pathProvider->getExecutableDir() / "jabber_org.crt")); | 39 | readByteArrayFromFile(certificateData, (pathProvider->getExecutableDir() / "jabber_org.crt")); |
| 40 | readByteArrayFromFile(chainData, (pathProvider->getExecutableDir() / "certificateChain.pem")); | ||
| 39 | certificateFactory = std::unique_ptr<CertificateFactory>(new CERTIFICATE_FACTORY()); | 41 | certificateFactory = std::unique_ptr<CertificateFactory>(new CERTIFICATE_FACTORY()); |
| 40 | } | 42 | } |
| 41 | 43 | ||
| @@ -88,9 +90,26 @@ class CertificateTest : public CppUnit::TestFixture { | |||
| 88 | CPPUNIT_ASSERT_EQUAL(std::string("*.jabber.org"), testling->getXMPPAddresses()[0]); | 90 | CPPUNIT_ASSERT_EQUAL(std::string("*.jabber.org"), testling->getXMPPAddresses()[0]); |
| 89 | } | 91 | } |
| 90 | 92 | ||
| 93 | void testCreateCertificateChain() { | ||
| 94 | // The input chain contains a 2-certificate chain: | ||
| 95 | // the first certificate has: | ||
| 96 | // a subject of "O=messaging,CN=Mixer Messaging Configuration,CN=badger.isode.net" | ||
| 97 | // an issuer of "O=messaging, CN=New Messaging CA" | ||
| 98 | // the second certificate has: | ||
| 99 | // a subject of "O=messaging, CN=New Messaging CA" | ||
| 100 | // an issuer of "O=messaging, CN=New Messaging CA" | ||
| 101 | // i.e. it is a self-signed certificate | ||
| 102 | std::vector<std::shared_ptr<Certificate>> chain = certificateFactory->createCertificateChain(chainData); | ||
| 103 | CPPUNIT_ASSERT_EQUAL(2,static_cast<int>(chain.size())); | ||
| 104 | CPPUNIT_ASSERT_EQUAL(std::string("Mixer Messaging Configuration"), chain[0]->getCommonNames()[0]); | ||
| 105 | CPPUNIT_ASSERT_EQUAL(std::string("badger.isode.net"), chain[0]->getCommonNames()[1]); | ||
| 106 | CPPUNIT_ASSERT_EQUAL(std::string("New Messaging CA"), chain[1]->getCommonNames()[0]); | ||
| 107 | } | ||
| 108 | |||
| 91 | private: | 109 | private: |
| 92 | std::unique_ptr<PlatformApplicationPathProvider> pathProvider; | 110 | std::unique_ptr<PlatformApplicationPathProvider> pathProvider; |
| 93 | ByteArray certificateData; | 111 | ByteArray certificateData; |
| 112 | ByteArray chainData; | ||
| 94 | std::unique_ptr<CertificateFactory> certificateFactory; | 113 | std::unique_ptr<CertificateFactory> certificateFactory; |
| 95 | }; | 114 | }; |
| 96 | 115 | ||
diff --git a/Swiften/QA/TLSTest/certificateChain.pem b/Swiften/QA/TLSTest/certificateChain.pem new file mode 100644 index 0000000..cb3c0fb --- /dev/null +++ b/Swiften/QA/TLSTest/certificateChain.pem | |||
| @@ -0,0 +1,49 @@ | |||
| 1 | -----BEGIN CERTIFICATE----- | ||
| 2 | MIIFFTCCA/2gAwIBAgIKXmMION+1bnZpIzANBgkqhkiG9w0BAQsFADAvMRIwEAYD | ||
| 3 | VQQKEwltZXNzYWdpbmcxGTAXBgNVBAMTEE5ldyBNZXNzYWdpbmcgQ0EwHhcNMTkw | ||
| 4 | NzI5MTAxMjMxWhcNMjAwNzI5MTAxMjMxWjBXMRIwEAYDVQQKEwltZXNzYWdpbmcx | ||
| 5 | JjAkBgNVBAMTHU1peGVyIE1lc3NhZ2luZyBDb25maWd1cmF0aW9uMRkwFwYDVQQD | ||
| 6 | ExBiYWRnZXIuaXNvZGUubmV0MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC | ||
| 7 | AYEAt42TMYe9oO4K6XmvST4kiy4cG+nmVDCtZRfAfF/A+1GQXTZ8OfLbPF5noLIF | ||
| 8 | f1Jj6fBDA2HiKoLQWfNnIklNEzgPbOREuAuCe660sW1JzJFr5O5qYyf6bHKkYmRr | ||
| 9 | CGHJ3G5kkXZOW3MhczPNHrTIUSL7lYLMZAcyWStkhgBy7lBuYtgDEXbdRH8OGgly | ||
| 10 | XC39AAU93y7ynw6W3SorU6h9cwvS0Ho8KVemCXoE38WLeSrIw1ks+Kf1YQopg9O3 | ||
| 11 | 2SkXp6Z9elG5Wk5Rh0L0H2XHnAvmodr9TW6rtrPkJZfLL+NfcnGtI6QKnvL8EhYG | ||
| 12 | d+XiPOV8jyGAFRC1Be72wlF29Rw20zdoD3kAdeqBLWfL8H9mnQpebEIDj8Lmahub | ||
| 13 | +W4uuUqCG8NuY43lGJzJni9CFWvhD7ss1yVGz84zqRHu5iXNDncWH2luJT1gXvFW | ||
| 14 | 6mxcfe+AwSiZ8PrhDQZBfTyx7ob4Ozdc1d59XTPyckj2msnCo2ayg+jKaViDd4vz | ||
| 15 | nNwhAgMBAAGjggGJMIIBhTAbBgNVHREEFDASghBiYWRnZXIuaXNvZGUubmV0MA4G | ||
| 16 | A1UdDwEB/wQEAwIF4DAMBgNVHRMBAf8EAjAAMHQGA1UdHwRtMGswaaBnoGWGY2xk | ||
| 17 | YXA6Ly9kaWFib2xvLmlzb2RlLm5ldDoxOTM4OS9jbj1OZXclMjBNZXNzYWdpbmcl | ||
| 18 | MjBDQSxvPW1lc3NhZ2luZz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFy | ||
| 19 | eTCBkQYIKwYBBQUHAQEEgYQwgYEwfwYIKwYBBQUHMAKGc2xkYXA6Ly9kaWFib2xv | ||
| 20 | Lmlzb2RlLm5ldDoxOTM4OS9jbj1OZXclMjBNZXNzYWdpbmclMjBDQSxvPW1lc3Nh | ||
| 21 | Z2luZz9jQUNlcnRpZmljYXRlO2JpbmFyeSxjcm9zc0NlcnRpZmljYXRlUGFpcjti | ||
| 22 | aW5hcnkwHQYDVR0OBBYEFFjf69BczlDoKiSBSvxCr9sy0OJ2MB8GA1UdIwQYMBaA | ||
| 23 | FJvoU0Lwg8vVCEmEMoKy29zFo/Y7MA0GCSqGSIb3DQEBCwUAA4IBAQCS4zLVH98S | ||
| 24 | Cl4gsmTkxM+lBsdzQ18ymA6p9ZRXGmJ405C9rN7um9XnbWwOHO6ach7zie2GxWLp | ||
| 25 | KOYKjX/5Pjt7mPwG8eKepPAxDenzKw5TocjscR9VxBsym0oEkWHPQG+xSqySQGUw | ||
| 26 | /5QoGy6v06yE8CZ7BKHPh91Jy7IjIDBxWaEtTAPyuH4i4DnsmA0/xSrJ7ez6g399 | ||
| 27 | YgqDnBInC63bYv5IDD1CmEr/0boBWpsOf50OC6JVhaPLAldwTAxLSOMBJ4q4onXC | ||
| 28 | ZqDHY3EMRtwYEffNg9ZorXJwLmU3Lq/R3B9lC22XNPDFj/bZ5RpwVFtuN5HfeZzO | ||
| 29 | aPbNoa0Nf+QB | ||
| 30 | -----END CERTIFICATE----- | ||
| 31 | -----BEGIN CERTIFICATE----- | ||
| 32 | MIIDJDCCAgygAwIBAgIKSm7KkUZOigMk9zANBgkqhkiG9w0BAQsFADAvMRIwEAYD | ||
| 33 | VQQKEwltZXNzYWdpbmcxGTAXBgNVBAMTEE5ldyBNZXNzYWdpbmcgQ0EwHhcNMTYw | ||
| 34 | MTI2MTU1MTU2WhcNMjYwMTI2MTU1MTU2WjAvMRIwEAYDVQQKEwltZXNzYWdpbmcx | ||
| 35 | GTAXBgNVBAMTEE5ldyBNZXNzYWdpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB | ||
| 36 | DwAwggEKAoIBAQDgcuX1s8EvO8GDHx7vSW9oeDnLUBx5E48Vb2qcJVc34ik1j6ZV | ||
| 37 | d8/+tzmyy/BskFbaOJ0KD5XYOoI8TJtu28lASWZj1vAEZkfrDdBbKeb1BQhShMt2 | ||
| 38 | ICgzp7l4ubwd6rqCGHpD/f12RVhSlU3y6TniaK62a9RwJOpL/wvnCcJLPjaTw8om | ||
| 39 | EY62EyUP+FymUbo3Rb3aWLM7avHl1/32pyzUgRzvZR63hlMHnlE5Sgc84j9KMwJH | ||
| 40 | k+mCyXIGPc+yhL33ljR63Eoiqynyk0HPU6pWai1WKuSv6zMDPwnNaJA3VpLNUHsd | ||
| 41 | eVe1GyOmPFePnhRPZYfC+Dk8lxDUmZfNFKZlAgMBAAGjQjBAMA4GA1UdDwEB/wQE | ||
| 42 | AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSb6FNC8IPL1QhJhDKCstvc | ||
| 43 | xaP2OzANBgkqhkiG9w0BAQsFAAOCAQEApgA5oupwTS2Ylt9mhS/TDX9wzR0DqnC5 | ||
| 44 | t9skgU9B/1MnzgqEMKGmuhRBiqDyr0jsPegBFI/CpTdIpakpSUrIvBTZADzkrkI+ | ||
| 45 | 3k2jnpEv0vodaFIHQonDysq5h4bXsCSdSprdhiUa1GKFtnJ92Ro/2Uaw5UcqFPCg | ||
| 46 | 7kj7RmRVlAIynUAT81cefQww0HBFPN9SdBEpp6YP4P1u1x8GV0Bfq93r4G5jkiHN | ||
| 47 | dA6xejk7RZK4mTH+K2aFpWoHCqMr7RAzV5UiXis4cFAmtv+5K/G7eazNx0Y+ODo4 | ||
| 48 | fweh+xW+dOXuP1lzW4DzwhEf/8tgFgI0jIvscPgdgHY7t9SQRJPYQQ== | ||
| 49 | -----END CERTIFICATE----- | ||
diff --git a/Swiften/TLS/CertificateFactory.cpp b/Swiften/TLS/CertificateFactory.cpp index aaf27d9..d4db3f4 100644 --- a/Swiften/TLS/CertificateFactory.cpp +++ b/Swiften/TLS/CertificateFactory.cpp | |||
| @@ -23,9 +23,9 @@ namespace Swift { | |||
| 23 | CertificateFactory::~CertificateFactory() { | 23 | CertificateFactory::~CertificateFactory() { |
| 24 | } | 24 | } |
| 25 | 25 | ||
| 26 | std::vector<std::unique_ptr<Certificate>> CertificateFactory::createCertificateChain(const ByteArray& /* data */) { | 26 | std::vector<std::shared_ptr<Certificate>> CertificateFactory::createCertificateChain(const ByteArray& /* data */) { |
| 27 | assert(false); | 27 | assert(false); |
| 28 | return std::vector<std::unique_ptr<Certificate>>(); | 28 | return std::vector<std::shared_ptr<Certificate>>(); |
| 29 | } | 29 | } |
| 30 | 30 | ||
| 31 | PrivateKey::ref CertificateFactory::createPrivateKey(const SafeByteArray& data, boost::optional<SafeByteArray> password) { | 31 | PrivateKey::ref CertificateFactory::createPrivateKey(const SafeByteArray& data, boost::optional<SafeByteArray> password) { |
diff --git a/Swiften/TLS/CertificateFactory.h b/Swiften/TLS/CertificateFactory.h index 619031c..873c36b 100644 --- a/Swiften/TLS/CertificateFactory.h +++ b/Swiften/TLS/CertificateFactory.h | |||
| @@ -19,7 +19,7 @@ namespace Swift { | |||
| 19 | virtual ~CertificateFactory(); | 19 | virtual ~CertificateFactory(); |
| 20 | 20 | ||
| 21 | virtual Certificate* createCertificateFromDER(const ByteArray& der) = 0; | 21 | virtual Certificate* createCertificateFromDER(const ByteArray& der) = 0; |
| 22 | virtual std::vector<std::unique_ptr<Certificate>> createCertificateChain(const ByteArray& data); | 22 | virtual std::vector<std::shared_ptr<Certificate>> createCertificateChain(const ByteArray& data); |
| 23 | PrivateKey::ref createPrivateKey(const SafeByteArray& data, boost::optional<SafeByteArray> password = boost::optional<SafeByteArray>()); | 23 | PrivateKey::ref createPrivateKey(const SafeByteArray& data, boost::optional<SafeByteArray> password = boost::optional<SafeByteArray>()); |
| 24 | }; | 24 | }; |
| 25 | } | 25 | } |
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp index 8d2d965..bb51428 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.cpp | |||
| @@ -37,6 +37,14 @@ OpenSSLCertificate::OpenSSLCertificate(const ByteArray& der) { | |||
| 37 | parse(); | 37 | parse(); |
| 38 | } | 38 | } |
| 39 | 39 | ||
| 40 | void OpenSSLCertificate::incrementReferenceCount() const { | ||
| 41 | #if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||
| 42 | X509_up_ref(cert.get()); | ||
| 43 | #else | ||
| 44 | CRYPTO_add(&(cert.get()->references), 1, CRYPTO_LOCK_EVP_PKEY); | ||
| 45 | #endif | ||
| 46 | } | ||
| 47 | |||
| 40 | ByteArray OpenSSLCertificate::toDER() const { | 48 | ByteArray OpenSSLCertificate::toDER() const { |
| 41 | ByteArray result; | 49 | ByteArray result; |
| 42 | if (!cert) { | 50 | if (!cert) { |
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h index 186caea..64da82a 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificate.h +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificate.h | |||
| @@ -45,6 +45,8 @@ namespace Swift { | |||
| 45 | return cert; | 45 | return cert; |
| 46 | } | 46 | } |
| 47 | 47 | ||
| 48 | void incrementReferenceCount() const; | ||
| 49 | |||
| 48 | private: | 50 | private: |
| 49 | void parse(); | 51 | void parse(); |
| 50 | 52 | ||
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp index 5eb626b..fd94ec8 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.cpp | |||
| @@ -20,8 +20,8 @@ Certificate* OpenSSLCertificateFactory::createCertificateFromDER(const ByteArray | |||
| 20 | return new OpenSSLCertificate(der); | 20 | return new OpenSSLCertificate(der); |
| 21 | } | 21 | } |
| 22 | 22 | ||
| 23 | std::vector<std::unique_ptr<Certificate>> OpenSSLCertificateFactory::createCertificateChain(const ByteArray& data) { | 23 | std::vector<std::shared_ptr<Certificate>> OpenSSLCertificateFactory::createCertificateChain(const ByteArray& data) { |
| 24 | std::vector<std::unique_ptr<Certificate>> certificateChain; | 24 | std::vector<std::shared_ptr<Certificate>> certificateChain; |
| 25 | 25 | ||
| 26 | if (data.size() > std::numeric_limits<int>::max()) { | 26 | if (data.size() > std::numeric_limits<int>::max()) { |
| 27 | return certificateChain; | 27 | return certificateChain; |
| @@ -35,11 +35,11 @@ std::vector<std::unique_ptr<Certificate>> OpenSSLCertificateFactory::createCerti | |||
| 35 | auto x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr); | 35 | auto x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr); |
| 36 | if (x509certFromPEM && openSSLCert) { | 36 | if (x509certFromPEM && openSSLCert) { |
| 37 | std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); | 37 | std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); |
| 38 | certificateChain.emplace_back(std::make_unique<OpenSSLCertificate>(x509Cert)); | 38 | certificateChain.emplace_back(std::make_shared<OpenSSLCertificate>(x509Cert)); |
| 39 | openSSLCert = nullptr; | 39 | openSSLCert = nullptr; |
| 40 | while ((x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr)) != nullptr) { | 40 | while ((x509certFromPEM = PEM_read_bio_X509(bio.get(), &openSSLCert, nullptr, nullptr)) != nullptr) { |
| 41 | std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); | 41 | std::shared_ptr<X509> x509Cert(openSSLCert, X509_free); |
| 42 | certificateChain.emplace_back(std::make_unique<OpenSSLCertificate>(x509Cert)); | 42 | certificateChain.emplace_back(std::make_shared<OpenSSLCertificate>(x509Cert)); |
| 43 | openSSLCert = nullptr; | 43 | openSSLCert = nullptr; |
| 44 | } | 44 | } |
| 45 | } | 45 | } |
diff --git a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h index 48e9b2c..a6974c8 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h +++ b/Swiften/TLS/OpenSSL/OpenSSLCertificateFactory.h | |||
| @@ -16,6 +16,6 @@ namespace Swift { | |||
| 16 | virtual ~OpenSSLCertificateFactory() override final; | 16 | virtual ~OpenSSLCertificateFactory() override final; |
| 17 | 17 | ||
| 18 | virtual Certificate* createCertificateFromDER(const ByteArray& der) override final; | 18 | virtual Certificate* createCertificateFromDER(const ByteArray& der) override final; |
| 19 | virtual std::vector<std::unique_ptr<Certificate>> createCertificateChain(const ByteArray& data) override final; | 19 | virtual std::vector<std::shared_ptr<Certificate>> createCertificateChain(const ByteArray& data) override final; |
| 20 | }; | 20 | }; |
| 21 | } | 21 | } |
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp index 5c80976..32d6470 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp | |||
| @@ -567,7 +567,7 @@ void OpenSSLContext::sendPendingDataToApplication() { | |||
| 567 | } | 567 | } |
| 568 | } | 568 | } |
| 569 | 569 | ||
| 570 | bool OpenSSLContext::setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& certificateChain) { | 570 | bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& certificateChain) { |
| 571 | if (certificateChain.size() == 0) { | 571 | if (certificateChain.size() == 0) { |
| 572 | SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; | 572 | SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; |
| 573 | return false; | 573 | return false; |
| @@ -583,17 +583,22 @@ bool OpenSSLContext::setCertificateChain(std::vector<std::unique_ptr<Certificate | |||
| 583 | return false; | 583 | return false; |
| 584 | } | 584 | } |
| 585 | 585 | ||
| 586 | // Increment reference count on certificate so that it does not get freed when the SSL context is destroyed | ||
| 587 | openSSLCert->incrementReferenceCount(); | ||
| 588 | |||
| 586 | if (certificateChain.size() > 1) { | 589 | if (certificateChain.size() > 1) { |
| 587 | for (auto certificate = certificateChain.begin() + 1; certificate != certificateChain.end(); ++certificate) { | 590 | for (auto certificate = certificateChain.begin() + 1; certificate != certificateChain.end(); ++certificate) { |
| 588 | auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificate->get()); | 591 | auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificate->get()); |
| 589 | if (!openSSLCert) { | 592 | if (!openSSLCert) { |
| 590 | return false; | 593 | return false; |
| 591 | } | 594 | } |
| 595 | |||
| 592 | if (SSL_CTX_add_extra_chain_cert(context_.get(), openSSLCert->getInternalX509().get()) != 1) { | 596 | if (SSL_CTX_add_extra_chain_cert(context_.get(), openSSLCert->getInternalX509().get()) != 1) { |
| 593 | SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; | 597 | SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl; |
| 594 | return false; | 598 | return false; |
| 595 | } | 599 | } |
| 596 | certificate->release(); | 600 | |
| 601 | openSSLCert->incrementReferenceCount(); | ||
| 597 | } | 602 | } |
| 598 | } | 603 | } |
| 599 | 604 | ||
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.h b/Swiften/TLS/OpenSSL/OpenSSLContext.h index 885b1fe..8eb5758 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.h +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.h | |||
| @@ -46,7 +46,7 @@ namespace Swift { | |||
| 46 | void connect() override final; | 46 | void connect() override final; |
| 47 | void connect(const std::string& requestHostname) override final; | 47 | void connect(const std::string& requestHostname) override final; |
| 48 | 48 | ||
| 49 | bool setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& certificateChain) override final; | 49 | bool setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& certificateChain) override final; |
| 50 | bool setPrivateKey(const PrivateKey::ref& privateKey) override final; | 50 | bool setPrivateKey(const PrivateKey::ref& privateKey) override final; |
| 51 | bool setClientCertificate(CertificateWithKey::ref cert) override final; | 51 | bool setClientCertificate(CertificateWithKey::ref cert) override final; |
| 52 | void setAbortTLSHandshake(bool abort) override final; | 52 | void setAbortTLSHandshake(bool abort) override final; |
diff --git a/Swiften/TLS/TLSContext.cpp b/Swiften/TLS/TLSContext.cpp index 666ea7f..fd31c2d 100644 --- a/Swiften/TLS/TLSContext.cpp +++ b/Swiften/TLS/TLSContext.cpp | |||
| @@ -21,7 +21,7 @@ void TLSContext::connect(const std::string& /* serverName */) { | |||
| 21 | assert(false); | 21 | assert(false); |
| 22 | } | 22 | } |
| 23 | 23 | ||
| 24 | bool TLSContext::setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& /* certificateChain */) { | 24 | bool TLSContext::setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& /* certificateChain */) { |
| 25 | assert(false); | 25 | assert(false); |
| 26 | return false; | 26 | return false; |
| 27 | } | 27 | } |
diff --git a/Swiften/TLS/TLSContext.h b/Swiften/TLS/TLSContext.h index 85776d8..f2dbdce 100644 --- a/Swiften/TLS/TLSContext.h +++ b/Swiften/TLS/TLSContext.h | |||
| @@ -28,7 +28,7 @@ namespace Swift { | |||
| 28 | virtual void connect() = 0; | 28 | virtual void connect() = 0; |
| 29 | virtual void connect(const std::string& serverName); | 29 | virtual void connect(const std::string& serverName); |
| 30 | 30 | ||
| 31 | virtual bool setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& /* certificateChain */); | 31 | virtual bool setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& /* certificateChain */); |
| 32 | virtual bool setPrivateKey(const PrivateKey::ref& /* privateKey */); | 32 | virtual bool setPrivateKey(const PrivateKey::ref& /* privateKey */); |
| 33 | 33 | ||
| 34 | virtual bool setClientCertificate(CertificateWithKey::ref cert) = 0; | 34 | virtual bool setClientCertificate(CertificateWithKey::ref cert) = 0; |