From 8b74d215626fa9e5db85751846b74d87ed0c978c Mon Sep 17 00:00:00 2001 From: Johannes Weiss Date: Wed, 10 Jan 2018 17:19:02 +0000 Subject: [PATCH] more robust tempfiles for SSL trust bundle --- Sources/NIO/System.swift | 17 ++++++++++++++--- .../OpenSSLIntegrationTest.swift | 17 ++++++++++++----- Tests/NIOOpenSSLTests/SSLCertificateTest.swift | 2 +- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/Sources/NIO/System.swift b/Sources/NIO/System.swift index 04e53504..218900f3 100644 --- a/Sources/NIO/System.swift +++ b/Sources/NIO/System.swift @@ -219,12 +219,23 @@ internal enum Posix { } @inline(never) - public static func open(file: UnsafePointer, oFlag: Int32) throws -> Int { + public static func open(file: UnsafePointer, oFlag: Int32, mode: mode_t) throws -> CInt { return try wrapSyscall({ #if os(Linux) - return Int(Glibc.open(file, oFlag)) + return Glibc.open(file, oFlag, mode) #else - return Int(Darwin.open(file, oFlag)) + return Darwin.open(file, oFlag, mode) + #endif + }) + } + + @inline(never) + public static func open(file: UnsafePointer, oFlag: Int32) throws -> CInt { + return try wrapSyscall({ + #if os(Linux) + return Glibc.open(file, oFlag) + #else + return Darwin.open(file, oFlag) #endif }) } diff --git a/Tests/NIOOpenSSLTests/OpenSSLIntegrationTest.swift b/Tests/NIOOpenSSLTests/OpenSSLIntegrationTest.swift index c950f9d9..16519deb 100644 --- a/Tests/NIOOpenSSLTests/OpenSSLIntegrationTest.swift +++ b/Tests/NIOOpenSSLTests/OpenSSLIntegrationTest.swift @@ -292,10 +292,13 @@ class OpenSSLIntegrationTest: XCTestCase { return try assertNoThrowWithValue(SSLContext(configuration: config), file: file, line: line) } - func withTrustBundleInFile(fn: (String) throws -> T) rethrows -> T { - let fileName = "/tmp/niocacerts.pem" - let tempFile: Int32 = fileName.withCString { ptr in - return open(ptr, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, 0o644) + func withTrustBundleInFile(tempFile fileName: inout String?, fn: (String) throws -> T) throws -> T { + fileName = makeTemporaryFile() + guard let fileName = fileName else { + fatalError("couldn't make temp file") + } + let tempFile = try fileName.withCString { ptr in + return try Posix.open(file: ptr, oFlag: O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, mode: 0o644) } precondition(tempFile > 1, String(cString: strerror(errno))) let fileBio = BIO_new_fp(fdopen(tempFile, "w+"), BIO_CLOSE) @@ -766,13 +769,17 @@ class OpenSSLIntegrationTest: XCTestCase { } func testTrustStoreOnDisk() throws { + var tempFile: String? = nil let serverCtx = try configuredSSLContext() - let config = withTrustBundleInFile { + let config = try withTrustBundleInFile(tempFile: &tempFile) { return TLSConfiguration.forClient(certificateVerification: .noHostnameVerification, trustRoots: .file($0), certificateChain: [.certificate(OpenSSLIntegrationTest.cert)], privateKey: .privateKey(OpenSSLIntegrationTest.key)) } + defer { + precondition(.some(0) == tempFile.map { unlink($0) }, "couldn't remove temp file \(tempFile.debugDescription)") + } let clientCtx = try assertNoThrowWithValue(SSLContext(configuration: config)) let group = MultiThreadedEventLoopGroup(numThreads: 1) diff --git a/Tests/NIOOpenSSLTests/SSLCertificateTest.swift b/Tests/NIOOpenSSLTests/SSLCertificateTest.swift index 28ab6915..e6da0350 100644 --- a/Tests/NIOOpenSSLTests/SSLCertificateTest.swift +++ b/Tests/NIOOpenSSLTests/SSLCertificateTest.swift @@ -103,7 +103,7 @@ i5PCcPYi39q101UIxV/WokS0mqHx/XuTYTwhWYd/C49OnM8MLZOUJd8w0VvS0ItY -----END CERTIFICATE----- """ -private func makeTemporaryFile() -> String { +func makeTemporaryFile() -> String { let template = "/tmp/niotestXXXXXXX" var templateBytes = template.utf8 + [0] let templateBytesCount = templateBytes.count