Add test forcing caTable cleanup during active connections

tests/api.c

@@ -70017,9 +70017,9 @@ static word32 test_tls_cert_store_unchanged_HashCaTable(Signer** caTable)
 }
 
 static word32 test_tls_cert_store_unchanged_before_hashes[2];
-static size_t test_tls_cert_store_unchanged_before_hashes_idx = 0;
+static size_t test_tls_cert_store_unchanged_before_hashes_idx;
 static word32 test_tls_cert_store_unchanged_after_hashes[2];
-static size_t test_tls_cert_store_unchanged_after_hashes_idx = 0;
+static size_t test_tls_cert_store_unchanged_after_hashes_idx;
 
 static int test_tls_cert_store_unchanged_ctx_ready(WOLFSSL_CTX* ctx)
 {
@@ -70046,19 +70046,25 @@ static int test_tls_cert_store_unchanged_ctx_cleanup(WOLFSSL_CTX* ctx)
     return EXPECT_RESULT();
 }
 
-/*
 static int test_tls_cert_store_unchanged_on_hs(WOLFSSL_CTX **ctx, WOLFSSL **ssl)
 {
     EXPECT_DECLS;
+    WOLFSSL_CERT_MANAGER* cm;
 
     (void)ssl;
+    /* WARNING: this approach bypasses the reference counter check in
+     * wolfSSL_CTX_UnloadIntermediateCerts. It is not recommended as it may
+     * cause unexpected behaviour when other active connections try accessing
+     * the caTable. */
+    ExpectNotNull(cm = wolfSSL_CTX_GetCertManager(*ctx));
+    ExpectIntEQ(wolfSSL_CertManagerUnloadIntermediateCerts(cm),
+            WOLFSSL_SUCCESS);
     ExpectIntNE(test_tls_cert_store_unchanged_after_hashes
         [test_tls_cert_store_unchanged_after_hashes_idx++] =
             test_tls_cert_store_unchanged_HashCaTable((*ctx)->cm->caTable), 0);
 
     return EXPECT_RESULT();
 }
-*/
 
 static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl)
 {
@@ -70077,12 +70083,16 @@ static int test_tls_cert_store_unchanged(void)
 #if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
     test_ssl_cbf client_cbf;
     test_ssl_cbf server_cbf;
+    int i;
 
+    for (i = 0; i < 2; i++) {
         XMEMSET(&client_cbf, 0, sizeof(client_cbf));
         XMEMSET(&server_cbf, 0, sizeof(server_cbf));
 
+        test_tls_cert_store_unchanged_before_hashes_idx = 0;
         XMEMSET(test_tls_cert_store_unchanged_before_hashes, 0,
                 sizeof(test_tls_cert_store_unchanged_before_hashes));
+        test_tls_cert_store_unchanged_after_hashes_idx = 0;
         XMEMSET(test_tls_cert_store_unchanged_after_hashes, 0,
                 sizeof(test_tls_cert_store_unchanged_after_hashes));
 
@@ -70092,14 +70102,21 @@ static int test_tls_cert_store_unchanged(void)
         client_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready;
         server_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready;
 
-    /* TODO add API to allow clearing/not storing certs while connections are
+        switch (i) {
-     * still active.
+            case 0:
+                client_cbf.on_ctx_cleanup =
+                        test_tls_cert_store_unchanged_ctx_cleanup;
+                server_cbf.on_ctx_cleanup =
+                        test_tls_cert_store_unchanged_ctx_cleanup;
+                break;
+            case 1:
                 client_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs;
                 server_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs;
-    */
+                break;
+            default:
+                Fail(("Should not enter here"), ("Entered here"));
+        }
 
-    client_cbf.on_ctx_cleanup = test_tls_cert_store_unchanged_ctx_cleanup;
-    server_cbf.on_ctx_cleanup = test_tls_cert_store_unchanged_ctx_cleanup;
 
         client_cbf.certPemFile = "certs/intermediate/client-chain.pem";
         server_cbf.certPemFile = "certs/intermediate/server-chain.pem";
@@ -70112,6 +70129,7 @@ static int test_tls_cert_store_unchanged(void)
         ExpectBufEQ(test_tls_cert_store_unchanged_before_hashes,
                 test_tls_cert_store_unchanged_after_hashes,
                 sizeof(test_tls_cert_store_unchanged_after_hashes));
+    }
 #endif
     return EXPECT_RESULT();
 }