Merge pull request #1168 from dgarske/ctx_get_cm

Add method to get WOLFSSL_CTX certificate manager
2017-10-13 09:13:54 -07:00 · 2017-10-13 09:13:54 -07:00 · b79b816276
parent 6fd53d31c2 19ea4716f3
commit b79b816276
3 changed files with 41 additions and 2 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -2957,6 +2957,13 @@ void FreeDer(DerBuffer** pDer)
    }
 }

+WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX* ctx)
+{
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+    if (ctx)
+        cm = ctx->cm;
+    return cm;
+}

 WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
 {
@ -7554,7 +7561,7 @@ int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx)
    return CM_GetCertCacheMemSize(ctx->cm);
 }

-#endif /* PERSISTE_CERT_CACHE */
+#endif /* PERSIST_CERT_CACHE */
 #endif /* !NO_CERTS */


--- a/tests/api.c
+++ b/tests/api.c
@ -451,6 +451,10 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
 {
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX *ctx;
+    WOLFSSL_CERT_MANAGER* cm;
+#ifdef PERSIST_CERT_CACHE
+    int cacheSz;
+#endif

    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));

@ -468,9 +472,35 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
    /* AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, bogusFile)); */
 #endif

-    /* success */
+    /* load ca cert */
    AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));

+#ifdef PERSIST_CERT_CACHE
+    /* Get cert cache size */
+    cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx);
+#endif
+    /* Test unloading CA's */
+    AssertIntEQ(SSL_SUCCESS, wolfSSL_CTX_UnloadCAs(ctx));
+
+#ifdef PERSIST_CERT_CACHE
+    /* Verify no certs (result is less than cacheSz) */
+    AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
+#endif
+
+    /* load ca cert again */
+    AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
+
+    /* Test getting CERT_MANAGER */
+    AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx));
+
+    /* Test unloading CA's using CM */
+    AssertIntEQ(SSL_SUCCESS, wolfSSL_CertManagerUnloadCAs(cm));
+
+#ifdef PERSIST_CERT_CACHE
+    /* Verify no certs (result is less than cacheSz) */
+    AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
+#endif
+
    wolfSSL_CTX_free(ctx);
 #endif
 }
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -1744,6 +1744,8 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
 #ifndef NO_CERTS
    WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache);

+    WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX*);
+
    WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap);
    WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void);
    WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*);