|Age||Commit message (Collapse)||Author|
When parsing a PEM string containing a chain of
certificates, createCertificateChain calls
PEM_read_bio_X509 until it returns NULL (end of chain). But
this will have set OpenSSL's internal error chain. Creating
a new OpenSSL context has the side effect of clearing this chain,
but if you are using a context which has already been created,
the context sees that the error chain is set and fails.
All that is needed is for createCertificateChain to clear the
OpenSSL error chain before returning.
Actual implementation is in OpenSSL subclass. This allows a permanent
vector of shared certificates to be used when creating multiple OpenSSL
contexts. This replaces the existing use of a vector of unique pointers
to certificates which handed over responsibility for the underlying
OpenSSL certs to the OpenSSL context. To enable this to work, a
new method is added to the OpenSSLCertificate class which enables
the reference count on the the contained OpenSSL certificate to
be incremented - this stops the OpenSSL certificate being deleted
when the OpenSSL context is freed.
Use of conditional compilation was necessary to get the reference
counting to build with the different versions of OpenSSL in use.
Modify the method in OpenSSLCertificateFactory (and stub in CertificateFactory)
which generates a vector of certificates, so that it generates a vector
of shared_ptrs rather than unique_ptrs.
Add test of CreateCertificateChain to Swiften CertificateTest
class, together with sample certificate file in PEM form.
Tested via development version of Mystique - created multiple
TLS sessions using single certificate chain.
Swift unit tests now build and run again.
New Swiften TLS unit test builds and runs.
OpenSSL TLS contexts assume ownership of any additional certificate
passed into it. The CertificateFactory now returns a vector of
unique_ptrs, and OpenSSLContext will do the needful with releasing
ownership at the right moment.
A unit test has been added that uses a chained certificate in
client/server context. Before the fix, this test would either fail, or
result in a segmentation fault, depending on the mood of OpenSSL.
Unit tests pass on Debian 9
Ran manual tests with server test code, tested both chained and single
certificates, and no longer observed crashes when accepting a
Add PrivateKey class to simply encapsulate arbitrary private
key data and the corresponding password.
This enables easy unit testing by loading the certificate and
key from within a test case.
Added unit tests for certificate and key generated by OpenSSL.
Tested on macOS 10.13.2 with OpenSSL.