Chiebot-Mirror
/
grpc
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #17664 from yihuazhang/SSL_ROOT_DUPLICATE

Browse Source 
Allow duplicates in ssl root certificate list.
pull/17916/head
yihuaz 6 years ago committed by GitHub
parent 37c7c1217d 09cd07cfa0
commit ec7dfe41f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      src/core/tsi/ssl_transport_security.cc
  2. 17
      test/core/tsi/ssl_transport_security_test.cc

12
src/core/tsi/ssl_transport_security.cc
Unescape View File

@ -619,15 +619,19 @@ static tsi_result x509_store_load_certs(X509_STORE* cert_store,
sk_X509_NAME_push(*root_names, root_name); sk_X509_NAME_push(*root_names, root_name);
root_name = nullptr; root_name = nullptr;
} }
ERR_clear_error();
if (!X509_STORE_add_cert(cert_store, root)) { if (!X509_STORE_add_cert(cert_store, root)) {
gpr_log(GPR_ERROR, "Could not add root certificate to ssl context."); unsigned long error = ERR_get_error();
result = TSI_INTERNAL_ERROR; if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
break; ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
gpr_log(GPR_ERROR, "Could not add root certificate to ssl context.");
result = TSI_INTERNAL_ERROR;
break;
}
} }
X509_free(root); X509_free(root);
num_roots++; num_roots++;
} }
if (num_roots == 0) { if (num_roots == 0) {
gpr_log(GPR_ERROR, "Could not load any root certificate."); gpr_log(GPR_ERROR, "Could not load any root certificate.");
result = TSI_INVALID_ARGUMENT; result = TSI_INVALID_ARGUMENT;

17
test/core/tsi/ssl_transport_security_test.cc
Unescape View File

@ -776,10 +776,24 @@ void ssl_tsi_test_handshaker_factory_internals() {
test_tsi_ssl_client_handshaker_factory_bad_params(); test_tsi_ssl_client_handshaker_factory_bad_params();
} }
void ssl_tsi_test_duplicate_root_certificates() {
char* root_cert = load_file(SSL_TSI_TEST_CREDENTIALS_DIR, "ca.pem");
char* dup_root_cert = static_cast<char*>(
gpr_zalloc(sizeof(char) * (strlen(root_cert) * 2 + 1)));
memcpy(dup_root_cert, root_cert, strlen(root_cert));
memcpy(dup_root_cert + strlen(root_cert), root_cert, strlen(root_cert));
tsi_ssl_root_certs_store* root_store =
tsi_ssl_root_certs_store_create(dup_root_cert);
GPR_ASSERT(root_store != nullptr);
// Free memory.
tsi_ssl_root_certs_store_destroy(root_store);
gpr_free(root_cert);
gpr_free(dup_root_cert);
}
int main(int argc, char** argv) { int main(int argc, char** argv) {
grpc::testing::TestEnvironment env(argc, argv); grpc::testing::TestEnvironment env(argc, argv);
grpc_init(); grpc_init();
ssl_tsi_test_do_handshake_tiny_handshake_buffer(); ssl_tsi_test_do_handshake_tiny_handshake_buffer();
ssl_tsi_test_do_handshake_small_handshake_buffer(); ssl_tsi_test_do_handshake_small_handshake_buffer();
ssl_tsi_test_do_handshake(); ssl_tsi_test_do_handshake();
@ -801,6 +815,7 @@ int main(int argc, char** argv) {
ssl_tsi_test_do_round_trip_for_all_configs(); ssl_tsi_test_do_round_trip_for_all_configs();
ssl_tsi_test_do_round_trip_odd_buffer_size(); ssl_tsi_test_do_round_trip_odd_buffer_size();
ssl_tsi_test_handshaker_factory_internals(); ssl_tsi_test_handshaker_factory_internals();
ssl_tsi_test_duplicate_root_certificates();
grpc_shutdown(); grpc_shutdown();
return 0; return 0;
} }

Write Preview
Loading…
Cancel
Save