generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2024-12-14 02:57:45 +01:00
Code Issues Projects Releases Wiki Activity

fix(SSLManager): Fixed regression introduced in PR #4103, fixes #4421

Browse Source
This commit is contained in:
Matej Kenda 2024-01-30 23:01:48 +01:00
parent 41ce8be229
commit db5a8a7112
3 changed files with 50 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
NetSSL_OpenSSL/src/SSLManager.cpp
View File

@ -76,8 +76,8 @@ const bool SSLManager::VAL_FIPS_MODE(false);
SSLManager::SSLManager(): SSLManager::SSLManager():
_contextIndex(SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL)), _contextIndex(SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr)),
_socketIndex(SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL)) _socketIndex(SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr))
{ {
} }
@ -100,9 +100,8 @@ void SSLManager::shutdown()
PrivateKeyPassphraseRequired.clear(); PrivateKeyPassphraseRequired.clear();
ClientVerificationError.clear(); ClientVerificationError.clear();
ServerVerificationError.clear(); ServerVerificationError.clear();
_ptrDefaultServerContext = 0; _ptrDefaultServerContext = nullptr;
_ptrDefaultClientContext = 0; _ptrDefaultClientContext = nullptr;
_socketIndex = _contextIndex = -1;
} }
@ -290,7 +289,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
return ocspVerifyFlag ? 0 : 1; return ocspVerifyFlag ? 0 : 1;
} }
OCSP_RESPONSE* pOcspResp = d2i_OCSP_RESPONSE(NULL, &pResp, len); OCSP_RESPONSE* pOcspResp = d2i_OCSP_RESPONSE(nullptr, &pResp, len);
if (!pOcspResp) return 0; if (!pOcspResp) return 0;
if (OCSP_response_status(pOcspResp) != OCSP_RESPONSE_STATUS_SUCCESSFUL) if (OCSP_response_status(pOcspResp) != OCSP_RESPONSE_STATUS_SUCCESSFUL)
@ -314,7 +313,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
return 0; return 0;
} }
X509* pPeerIssuerCert = NULL; X509* pPeerIssuerCert = nullptr;
STACK_OF(X509)* pCertChain = SSL_get_peer_cert_chain(pSSL); STACK_OF(X509)* pCertChain = SSL_get_peer_cert_chain(pSSL);
unsigned certChainLen = sk_X509_num(pCertChain); unsigned certChainLen = sk_X509_num(pCertChain);
for (int i= 0; i < certChainLen ; i++) for (int i= 0; i < certChainLen ; i++)
@ -345,7 +344,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
{ {
X509_free(pCert); X509_free(pCert);
sk_X509_free(pCerts); sk_X509_free(pCerts);
pCerts = NULL; pCerts = nullptr;
} }
} }
@ -363,7 +362,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
return 0; return 0;
} }
OCSP_CERTID* pCertId = OCSP_cert_to_id(NULL, pPeerCert, pPeerIssuerCert); OCSP_CERTID* pCertId = OCSP_cert_to_id(nullptr, pPeerCert, pPeerIssuerCert);
if (!pCertId) if (!pCertId)
{ {
X509_free(pPeerCert); X509_free(pPeerCert);

41
NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.cpp
View File

@ -25,6 +25,8 @@
#include "Poco/Net/Session.h" #include "Poco/Net/Session.h"
#include "Poco/Net/SSLManager.h" #include "Poco/Net/SSLManager.h"
#include "Poco/Net/SSLException.h" #include "Poco/Net/SSLException.h"
#include "Poco/Net/AcceptCertificateHandler.h"
#include "Poco/Net/PrivateKeyPassphraseHandler.h"
#include "Poco/Util/Application.h" #include "Poco/Util/Application.h"
#include "Poco/Util/AbstractConfiguration.h" #include "Poco/Util/AbstractConfiguration.h"
#include "Poco/StreamCopier.h" #include "Poco/StreamCopier.h"
@ -285,6 +287,44 @@ void HTTPSClientSessionTest::testKeepAlive()
} }
void HTTPSClientSessionTest::testMultipleSSLInit()
{
auto initSSL = []()
{
initializeSSL();
Poco::SharedPtr<InvalidCertificateHandler> ptrCert = new AcceptCertificateHandler(false);
Context::Ptr context(new Context(Context::CLIENT_USE, "", "", "",
Context::VerificationMode::VERIFY_STRICT, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
)
);
SSLManager::instance().initializeClient(0, ptrCert, context);
};
auto deinitSSL = []()
{
uninitializeSSL();
};
try
{
initSSL();
deinitSSL();
initSSL();
HTTPSClientSession session("secure.appinf.com");
HTTPRequest request(HTTPRequest::HTTP_GET, "", HTTPMessage::HTTP_1_1);
(void)session.sendRequest(request);
deinitSSL();
}
catch(...)
{
failmsg("Double SSL init failed");
}
}
void HTTPSClientSessionTest::testInterop() void HTTPSClientSessionTest::testInterop()
{ {
HTTPSClientSession s("secure.appinf.com"); HTTPSClientSession s("secure.appinf.com");
@ -459,6 +499,7 @@ CppUnit::Test* HTTPSClientSessionTest::suite()
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostLargeChunked); CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostLargeChunked);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostLargeChunkedKeepAlive); CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostLargeChunkedKeepAlive);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testKeepAlive); CppUnit_addTest(pSuite, HTTPSClientSessionTest, testKeepAlive);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testMultipleSSLInit);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testInterop); CppUnit_addTest(pSuite, HTTPSClientSessionTest, testInterop);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testProxy); CppUnit_addTest(pSuite, HTTPSClientSessionTest, testProxy);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testCachedSession); CppUnit_addTest(pSuite, HTTPSClientSessionTest, testCachedSession);

1
NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.h
View File

@ -34,6 +34,7 @@ public:
void testPostLargeChunkedKeepAlive(); void testPostLargeChunkedKeepAlive();
void testKeepAlive(); void testKeepAlive();
void testInterop(); void testInterop();
void testMultipleSSLInit();
void testProxy(); void testProxy();
void testCachedSession(); void testCachedSession();
void testUnknownContentLength(); void testUnknownContentLength();