END_TEST START_TEST(cache_tgcrt_04) { cert_t *c1, *c2; c1 = cert_new_load(TESTCERT); fail_unless(!!c1, "loading certificate failed"); fail_unless(c1->references == 1, "refcount != 1"); cachemgr_tgcrt_set("daniel.roe.ch", c1); fail_unless(c1->references == 2, "refcount != 2"); c2 = cachemgr_tgcrt_get("daniel.roe.ch"); fail_unless(c1->references == 3, "refcount != 3"); cachemgr_tgcrt_set("daniel.roe.ch", c1); fail_unless(c1->references == 3, "refcount != 3"); cachemgr_tgcrt_del("daniel.roe.ch"); fail_unless(c1->references == 2, "refcount != 2"); cachemgr_tgcrt_set("daniel.roe.ch", c1); fail_unless(c1->references == 3, "refcount != 3"); cert_free(c1); fail_unless(c1->references == 2, "refcount != 2"); cachemgr_fini(); fail_unless(c1->references == 1, "refcount != 1"); cert_free(c2); /* deliberate access of free'd cert_t* */ fail_unless(c1->references == 0, "refcount != 0"); fail_unless(cachemgr_preinit() != -1, "reinit"); }
/** * Load a certificate */ static cert_t *builder_load_cert(certificate_type_t type, va_list args) { x509_flag_t flags = 0; chunk_t blob = chunk_empty; bool pgp = FALSE; while (TRUE) { switch (va_arg(args, builder_part_t)) { case BUILD_BLOB_PGP: pgp = TRUE; /* FALL */ case BUILD_BLOB_ASN1_DER: blob = va_arg(args, chunk_t); continue; case BUILD_X509_FLAG: flags |= va_arg(args, x509_flag_t); continue; case BUILD_END: break; default: return NULL; } break; } if (blob.ptr) { cert_t *cert = malloc_thing(cert_t); *cert = cert_empty; if (pgp) { cert->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_GPG, BUILD_BLOB_PGP, blob, BUILD_END); } else { cert->cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, blob, BUILD_X509_FLAG, flags, BUILD_END); } if (cert->cert) { return cert; } plog(" error in X.509 certificate"); cert_free(cert); } return NULL; }
END_TEST START_TEST(cache_tgcrt_03) { cert_t *c1, *c2; c1 = cert_new_load(TESTCERT); fail_unless(!!c1, "loading certificate failed"); cachemgr_tgcrt_set("daniel.roe.ch", c1); cachemgr_tgcrt_del("daniel.roe.ch"); c2 = cachemgr_tgcrt_get("daniel.roe.ch"); fail_unless(c2 == NULL, "cache returned deleted certificate"); cert_free(c1); }
/* * Callback to load a cert/chain/key combo from a single PEM file. */ static void main_loadtgcrt(const char *filename, void *arg) { opts_t *opts = arg; cert_t *cert; char **names; cert = cert_new_load(filename); if (!cert) { log_err_printf("Failed to load cert and key from PEM file " "'%s'\n", filename); log_fini(); exit(EXIT_FAILURE); /* XXX */ } if (X509_check_private_key(cert->crt, cert->key) != 1) { log_err_printf("Cert does not match key in PEM file " "'%s':\n", filename); ERR_print_errors_fp(stderr); log_fini(); exit(EXIT_FAILURE); /* XXX */ } #ifdef DEBUG_CERTIFICATE log_dbg_printf("Loaded '%s':\n", filename); log_dbg_print_free(ssl_x509_to_str(cert->crt)); log_dbg_print_free(ssl_x509_to_pem(cert->crt)); #endif /* DEBUG_CERTIFICATE */ if (OPTS_DEBUG(opts)) { log_dbg_printf("Targets for '%s':", filename); } names = ssl_x509_names(cert->crt); for (char **p = names; *p; p++) { /* be deliberately vulnerable to NULL prefix attacks */ char *sep; if ((sep = strchr(*p, '!'))) { *sep = '\0'; } if (OPTS_DEBUG(opts)) { log_dbg_printf(" '%s'", *p); } cachemgr_tgcrt_set(*p, cert); free(*p); } if (OPTS_DEBUG(opts)) { log_dbg_printf("\n"); } free(names); cert_free(cert); }
static void cachetgcrt_free_val_cb(cache_val_t val) { cert_free(val); }