END_TEST START_TEST(cache_tgcrt_04) { cert_t *c1, *c2; c1 = cert_new_load(TESTCERT); fail_unless(!!c1, "loading certificate failed"); fail_unless(c1->references == 1, "refcount != 1"); cachemgr_tgcrt_set("daniel.roe.ch", c1); fail_unless(c1->references == 2, "refcount != 2"); c2 = cachemgr_tgcrt_get("daniel.roe.ch"); fail_unless(c1->references == 3, "refcount != 3"); cachemgr_tgcrt_set("daniel.roe.ch", c1); fail_unless(c1->references == 3, "refcount != 3"); cachemgr_tgcrt_del("daniel.roe.ch"); fail_unless(c1->references == 2, "refcount != 2"); cachemgr_tgcrt_set("daniel.roe.ch", c1); fail_unless(c1->references == 3, "refcount != 3"); cert_free(c1); fail_unless(c1->references == 2, "refcount != 2"); cachemgr_fini(); fail_unless(c1->references == 1, "refcount != 1"); cert_free(c2); /* deliberate access of free'd cert_t* */ fail_unless(c1->references == 0, "refcount != 0"); fail_unless(cachemgr_preinit() != -1, "reinit"); }
END_TEST START_TEST(cache_tgcrt_03) { cert_t *c1, *c2; c1 = cert_new_load(TESTCERT); fail_unless(!!c1, "loading certificate failed"); cachemgr_tgcrt_set("daniel.roe.ch", c1); cachemgr_tgcrt_del("daniel.roe.ch"); c2 = cachemgr_tgcrt_get("daniel.roe.ch"); fail_unless(c2 == NULL, "cache returned deleted certificate"); cert_free(c1); }
/* * Callback to load a cert/chain/key combo from a single PEM file. */ static void main_loadtgcrt(const char *filename, void *arg) { opts_t *opts = arg; cert_t *cert; char **names; cert = cert_new_load(filename); if (!cert) { log_err_printf("Failed to load cert and key from PEM file " "'%s'\n", filename); log_fini(); exit(EXIT_FAILURE); /* XXX */ } if (X509_check_private_key(cert->crt, cert->key) != 1) { log_err_printf("Cert does not match key in PEM file " "'%s':\n", filename); ERR_print_errors_fp(stderr); log_fini(); exit(EXIT_FAILURE); /* XXX */ } #ifdef DEBUG_CERTIFICATE log_dbg_printf("Loaded '%s':\n", filename); log_dbg_print_free(ssl_x509_to_str(cert->crt)); log_dbg_print_free(ssl_x509_to_pem(cert->crt)); #endif /* DEBUG_CERTIFICATE */ if (OPTS_DEBUG(opts)) { log_dbg_printf("Targets for '%s':", filename); } names = ssl_x509_names(cert->crt); for (char **p = names; *p; p++) { /* be deliberately vulnerable to NULL prefix attacks */ char *sep; if ((sep = strchr(*p, '!'))) { *sep = '\0'; } if (OPTS_DEBUG(opts)) { log_dbg_printf(" '%s'", *p); } cachemgr_tgcrt_set(*p, cert); free(*p); } if (OPTS_DEBUG(opts)) { log_dbg_printf("\n"); } free(names); cert_free(cert); }