diff options
author | Pauli <paul.dale@oracle.com> | 2018-08-06 07:31:49 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2018-08-06 07:36:08 +1000 |
commit | f96d3c1fc65fae4193bdda464819bb1180feba5a (patch) | |
tree | 3ae3b0f6e3122fefc9d93437d59414ed378cf7f5 /test | |
parent | e0a79ae63700051ddab9e091031dd37ae18182a5 (diff) |
Avoid errors when loading a cert multiple times.
Manual backport of #2830 to 1.1.0
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6861)
Diffstat (limited to 'test')
-rw-r--r-- | test/build.info | 6 | ||||
-rw-r--r-- | test/recipes/60-test_x509_dup_cert.t | 19 | ||||
-rw-r--r-- | test/x509_dup_cert_test.c | 70 |
3 files changed, 94 insertions, 1 deletions
diff --git a/test/build.info b/test/build.info index 87961bc834..d850b5229c 100644 --- a/test/build.info +++ b/test/build.info @@ -18,7 +18,7 @@ IF[{- !$disabled{tests} -}] dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ - ocspapitest fatalerrtest x509_time_test errtest + ocspapitest fatalerrtest x509_time_test x509_dup_cert_test errtest SOURCE[versions]=versions.c INCLUDE[versions]=../include @@ -301,6 +301,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[x509_time_test]=.. ../include DEPEND[x509_time_test]=../libcrypto + SOURCE[x509_dup_cert_test]=x509_dup_cert_test.c + INCLUDE[x509_dup_cert_test]=../include + DEPEND[x509_dup_cert_test]=../libcrypto + IF[{- !$disabled{shared} -}] PROGRAMS_NO_INST=shlibloadtest SOURCE[shlibloadtest]=shlibloadtest.c diff --git a/test/recipes/60-test_x509_dup_cert.t b/test/recipes/60-test_x509_dup_cert.t new file mode 100644 index 0000000000..8e1c313814 --- /dev/null +++ b/test/recipes/60-test_x509_dup_cert.t @@ -0,0 +1,19 @@ +#! /usr/bin/env perl +# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ====================================================================== +# Copyright (c) 2017 Oracle and/or its affiliates. All rights reserved. + + +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_x509_dup_cert"); + +plan tests => 1; + +ok(run(test(["x509_dup_cert_test", srctop_file("test", "certs", "leaf.pem")]))); diff --git a/test/x509_dup_cert_test.c b/test/x509_dup_cert_test.c new file mode 100644 index 0000000000..7f7adebbb0 --- /dev/null +++ b/test/x509_dup_cert_test.c @@ -0,0 +1,70 @@ +/* + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* ==================================================================== + * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved. + */ + +#include <stdio.h> +#include <openssl/err.h> +#include <openssl/x509_vfy.h> + +static int test_509_dup_cert(const char *cert_f) +{ + int ret = 0; + X509_STORE_CTX *sctx = NULL; + X509_STORE *store = NULL; + X509_LOOKUP *lookup = NULL; + + store = X509_STORE_new(); + if (store == NULL) + goto err; + + lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); + if (lookup == NULL) + goto err; + + if (!X509_load_cert_file(lookup, cert_f, X509_FILETYPE_PEM)) + goto err; + if (!X509_load_cert_file(lookup, cert_f, X509_FILETYPE_PEM)) + goto err; + + ret = 1; + + err: + X509_STORE_CTX_free(sctx); + X509_STORE_free(store); + if (ret != 1) + ERR_print_errors_fp(stderr); + return ret; +} + +int main(int argc, char **argv) +{ + CRYPTO_set_mem_debug(1); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + if (argc != 2) { + fprintf(stderr, "usage: x509_dup_cert_test cert.pem\n"); + return 1; + } + + if (!test_509_dup_cert(argv[1])) { + fprintf(stderr, "Test X509 duplicate cert failed\n"); + return 1; + } + +#ifndef OPENSSL_NO_CRYPTO_MDEBUG + if (CRYPTO_mem_leaks_fp(stderr) <= 0) + return 1; +#endif + + printf("PASS\n"); + return 0; +} |