more robust tempfiles for SSL trust bundle
This commit is contained in:
parent
7996d12bed
commit
8b74d21562
|
@ -219,12 +219,23 @@ internal enum Posix {
|
|||
}
|
||||
|
||||
@inline(never)
|
||||
public static func open(file: UnsafePointer<CChar>, oFlag: Int32) throws -> Int {
|
||||
public static func open(file: UnsafePointer<CChar>, oFlag: Int32, mode: mode_t) throws -> CInt {
|
||||
return try wrapSyscall({
|
||||
#if os(Linux)
|
||||
return Int(Glibc.open(file, oFlag))
|
||||
return Glibc.open(file, oFlag, mode)
|
||||
#else
|
||||
return Int(Darwin.open(file, oFlag))
|
||||
return Darwin.open(file, oFlag, mode)
|
||||
#endif
|
||||
})
|
||||
}
|
||||
|
||||
@inline(never)
|
||||
public static func open(file: UnsafePointer<CChar>, oFlag: Int32) throws -> CInt {
|
||||
return try wrapSyscall({
|
||||
#if os(Linux)
|
||||
return Glibc.open(file, oFlag)
|
||||
#else
|
||||
return Darwin.open(file, oFlag)
|
||||
#endif
|
||||
})
|
||||
}
|
||||
|
|
|
@ -292,10 +292,13 @@ class OpenSSLIntegrationTest: XCTestCase {
|
|||
return try assertNoThrowWithValue(SSLContext(configuration: config), file: file, line: line)
|
||||
}
|
||||
|
||||
func withTrustBundleInFile<T>(fn: (String) throws -> T) rethrows -> T {
|
||||
let fileName = "/tmp/niocacerts.pem"
|
||||
let tempFile: Int32 = fileName.withCString { ptr in
|
||||
return open(ptr, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, 0o644)
|
||||
func withTrustBundleInFile<T>(tempFile fileName: inout String?, fn: (String) throws -> T) throws -> T {
|
||||
fileName = makeTemporaryFile()
|
||||
guard let fileName = fileName else {
|
||||
fatalError("couldn't make temp file")
|
||||
}
|
||||
let tempFile = try fileName.withCString { ptr in
|
||||
return try Posix.open(file: ptr, oFlag: O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, mode: 0o644)
|
||||
}
|
||||
precondition(tempFile > 1, String(cString: strerror(errno)))
|
||||
let fileBio = BIO_new_fp(fdopen(tempFile, "w+"), BIO_CLOSE)
|
||||
|
@ -766,13 +769,17 @@ class OpenSSLIntegrationTest: XCTestCase {
|
|||
}
|
||||
|
||||
func testTrustStoreOnDisk() throws {
|
||||
var tempFile: String? = nil
|
||||
let serverCtx = try configuredSSLContext()
|
||||
let config = withTrustBundleInFile {
|
||||
let config = try withTrustBundleInFile(tempFile: &tempFile) {
|
||||
return TLSConfiguration.forClient(certificateVerification: .noHostnameVerification,
|
||||
trustRoots: .file($0),
|
||||
certificateChain: [.certificate(OpenSSLIntegrationTest.cert)],
|
||||
privateKey: .privateKey(OpenSSLIntegrationTest.key))
|
||||
}
|
||||
defer {
|
||||
precondition(.some(0) == tempFile.map { unlink($0) }, "couldn't remove temp file \(tempFile.debugDescription)")
|
||||
}
|
||||
let clientCtx = try assertNoThrowWithValue(SSLContext(configuration: config))
|
||||
|
||||
let group = MultiThreadedEventLoopGroup(numThreads: 1)
|
||||
|
|
|
@ -103,7 +103,7 @@ i5PCcPYi39q101UIxV/WokS0mqHx/XuTYTwhWYd/C49OnM8MLZOUJd8w0VvS0ItY
|
|||
-----END CERTIFICATE-----
|
||||
"""
|
||||
|
||||
private func makeTemporaryFile() -> String {
|
||||
func makeTemporaryFile() -> String {
|
||||
let template = "/tmp/niotestXXXXXXX"
|
||||
var templateBytes = template.utf8 + [0]
|
||||
let templateBytesCount = templateBytes.count
|
||||
|
|
Loading…
Reference in New Issue