mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add test forcing caTable cleanup during active connections

Browse Source
This commit is contained in:
Juliusz Sosinowicz 2024-02-19 14:39:27 +01:00
parent 4caef93346
commit aa19d8221e
1 changed files with 47 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
tests/api.c
View File

@ -70017,9 +70017,9 @@ static word32 test_tls_cert_store_unchanged_HashCaTable(Signer** caTable)
} }
static word32 test_tls_cert_store_unchanged_before_hashes[2]; static word32 test_tls_cert_store_unchanged_before_hashes[2];
static size_t test_tls_cert_store_unchanged_before_hashes_idx = 0; static size_t test_tls_cert_store_unchanged_before_hashes_idx;
static word32 test_tls_cert_store_unchanged_after_hashes[2]; static word32 test_tls_cert_store_unchanged_after_hashes[2];
static size_t test_tls_cert_store_unchanged_after_hashes_idx = 0; static size_t test_tls_cert_store_unchanged_after_hashes_idx;
static int test_tls_cert_store_unchanged_ctx_ready(WOLFSSL_CTX* ctx) static int test_tls_cert_store_unchanged_ctx_ready(WOLFSSL_CTX* ctx)
{ {
@ -70046,19 +70046,25 @@ static int test_tls_cert_store_unchanged_ctx_cleanup(WOLFSSL_CTX* ctx)
return EXPECT_RESULT(); return EXPECT_RESULT();
} }
/*
static int test_tls_cert_store_unchanged_on_hs(WOLFSSL_CTX **ctx, WOLFSSL **ssl) static int test_tls_cert_store_unchanged_on_hs(WOLFSSL_CTX **ctx, WOLFSSL **ssl)
{ {
EXPECT_DECLS; EXPECT_DECLS;
WOLFSSL_CERT_MANAGER* cm;
(void)ssl; (void)ssl;
/* WARNING: this approach bypasses the reference counter check in
* wolfSSL_CTX_UnloadIntermediateCerts. It is not recommended as it may
* cause unexpected behaviour when other active connections try accessing
* the caTable. */
ExpectNotNull(cm = wolfSSL_CTX_GetCertManager(*ctx));
ExpectIntEQ(wolfSSL_CertManagerUnloadIntermediateCerts(cm),
WOLFSSL_SUCCESS);
ExpectIntNE(test_tls_cert_store_unchanged_after_hashes ExpectIntNE(test_tls_cert_store_unchanged_after_hashes
[test_tls_cert_store_unchanged_after_hashes_idx++] = [test_tls_cert_store_unchanged_after_hashes_idx++] =
test_tls_cert_store_unchanged_HashCaTable((*ctx)->cm->caTable), 0); test_tls_cert_store_unchanged_HashCaTable((*ctx)->cm->caTable), 0);
return EXPECT_RESULT(); return EXPECT_RESULT();
} }
*/
static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl) static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl)
{ {
@ -70077,41 +70083,53 @@ static int test_tls_cert_store_unchanged(void)
#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) #if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
test_ssl_cbf client_cbf; test_ssl_cbf client_cbf;
test_ssl_cbf server_cbf; test_ssl_cbf server_cbf;
int i;
XMEMSET(&client_cbf, 0, sizeof(client_cbf)); for (i = 0; i < 2; i++) {
XMEMSET(&server_cbf, 0, sizeof(server_cbf)); XMEMSET(&client_cbf, 0, sizeof(client_cbf));
XMEMSET(&server_cbf, 0, sizeof(server_cbf));
XMEMSET(test_tls_cert_store_unchanged_before_hashes, 0, test_tls_cert_store_unchanged_before_hashes_idx = 0;
sizeof(test_tls_cert_store_unchanged_before_hashes)); XMEMSET(test_tls_cert_store_unchanged_before_hashes, 0,
XMEMSET(test_tls_cert_store_unchanged_after_hashes, 0, sizeof(test_tls_cert_store_unchanged_before_hashes));
sizeof(test_tls_cert_store_unchanged_after_hashes)); test_tls_cert_store_unchanged_after_hashes_idx = 0;
XMEMSET(test_tls_cert_store_unchanged_after_hashes, 0,
sizeof(test_tls_cert_store_unchanged_after_hashes));
client_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready; client_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready;
server_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready; server_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready;
client_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready; client_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready;
server_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready; server_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready;
/* TODO add API to allow clearing/not storing certs while connections are switch (i) {
* still active. case 0:
client_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs; client_cbf.on_ctx_cleanup =
server_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs; test_tls_cert_store_unchanged_ctx_cleanup;
*/ server_cbf.on_ctx_cleanup =
test_tls_cert_store_unchanged_ctx_cleanup;
break;
case 1:
client_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs;
server_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs;
break;
default:
Fail(("Should not enter here"), ("Entered here"));
}
client_cbf.on_ctx_cleanup = test_tls_cert_store_unchanged_ctx_cleanup;
server_cbf.on_ctx_cleanup = test_tls_cert_store_unchanged_ctx_cleanup;
client_cbf.certPemFile = "certs/intermediate/client-chain.pem"; client_cbf.certPemFile = "certs/intermediate/client-chain.pem";
server_cbf.certPemFile = "certs/intermediate/server-chain.pem"; server_cbf.certPemFile = "certs/intermediate/server-chain.pem";
server_cbf.caPemFile = caCertFile; server_cbf.caPemFile = caCertFile;
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
&server_cbf, NULL), TEST_SUCCESS); &server_cbf, NULL), TEST_SUCCESS);
ExpectBufEQ(test_tls_cert_store_unchanged_before_hashes, ExpectBufEQ(test_tls_cert_store_unchanged_before_hashes,
test_tls_cert_store_unchanged_after_hashes, test_tls_cert_store_unchanged_after_hashes,
sizeof(test_tls_cert_store_unchanged_after_hashes)); sizeof(test_tls_cert_store_unchanged_after_hashes));
}
#endif #endif
return EXPECT_RESULT(); return EXPECT_RESULT();
} }