more robust tempfiles for SSL trust bundle
This commit is contained in:
parent
7996d12bed
commit
8b74d21562
|
@ -219,12 +219,23 @@ internal enum Posix {
|
||||||
}
|
}
|
||||||
|
|
||||||
@inline(never)
|
@inline(never)
|
||||||
public static func open(file: UnsafePointer<CChar>, oFlag: Int32) throws -> Int {
|
public static func open(file: UnsafePointer<CChar>, oFlag: Int32, mode: mode_t) throws -> CInt {
|
||||||
return try wrapSyscall({
|
return try wrapSyscall({
|
||||||
#if os(Linux)
|
#if os(Linux)
|
||||||
return Int(Glibc.open(file, oFlag))
|
return Glibc.open(file, oFlag, mode)
|
||||||
#else
|
#else
|
||||||
return Int(Darwin.open(file, oFlag))
|
return Darwin.open(file, oFlag, mode)
|
||||||
|
#endif
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
@inline(never)
|
||||||
|
public static func open(file: UnsafePointer<CChar>, oFlag: Int32) throws -> CInt {
|
||||||
|
return try wrapSyscall({
|
||||||
|
#if os(Linux)
|
||||||
|
return Glibc.open(file, oFlag)
|
||||||
|
#else
|
||||||
|
return Darwin.open(file, oFlag)
|
||||||
#endif
|
#endif
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
@ -292,10 +292,13 @@ class OpenSSLIntegrationTest: XCTestCase {
|
||||||
return try assertNoThrowWithValue(SSLContext(configuration: config), file: file, line: line)
|
return try assertNoThrowWithValue(SSLContext(configuration: config), file: file, line: line)
|
||||||
}
|
}
|
||||||
|
|
||||||
func withTrustBundleInFile<T>(fn: (String) throws -> T) rethrows -> T {
|
func withTrustBundleInFile<T>(tempFile fileName: inout String?, fn: (String) throws -> T) throws -> T {
|
||||||
let fileName = "/tmp/niocacerts.pem"
|
fileName = makeTemporaryFile()
|
||||||
let tempFile: Int32 = fileName.withCString { ptr in
|
guard let fileName = fileName else {
|
||||||
return open(ptr, O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, 0o644)
|
fatalError("couldn't make temp file")
|
||||||
|
}
|
||||||
|
let tempFile = try fileName.withCString { ptr in
|
||||||
|
return try Posix.open(file: ptr, oFlag: O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, mode: 0o644)
|
||||||
}
|
}
|
||||||
precondition(tempFile > 1, String(cString: strerror(errno)))
|
precondition(tempFile > 1, String(cString: strerror(errno)))
|
||||||
let fileBio = BIO_new_fp(fdopen(tempFile, "w+"), BIO_CLOSE)
|
let fileBio = BIO_new_fp(fdopen(tempFile, "w+"), BIO_CLOSE)
|
||||||
|
@ -766,13 +769,17 @@ class OpenSSLIntegrationTest: XCTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
func testTrustStoreOnDisk() throws {
|
func testTrustStoreOnDisk() throws {
|
||||||
|
var tempFile: String? = nil
|
||||||
let serverCtx = try configuredSSLContext()
|
let serverCtx = try configuredSSLContext()
|
||||||
let config = withTrustBundleInFile {
|
let config = try withTrustBundleInFile(tempFile: &tempFile) {
|
||||||
return TLSConfiguration.forClient(certificateVerification: .noHostnameVerification,
|
return TLSConfiguration.forClient(certificateVerification: .noHostnameVerification,
|
||||||
trustRoots: .file($0),
|
trustRoots: .file($0),
|
||||||
certificateChain: [.certificate(OpenSSLIntegrationTest.cert)],
|
certificateChain: [.certificate(OpenSSLIntegrationTest.cert)],
|
||||||
privateKey: .privateKey(OpenSSLIntegrationTest.key))
|
privateKey: .privateKey(OpenSSLIntegrationTest.key))
|
||||||
}
|
}
|
||||||
|
defer {
|
||||||
|
precondition(.some(0) == tempFile.map { unlink($0) }, "couldn't remove temp file \(tempFile.debugDescription)")
|
||||||
|
}
|
||||||
let clientCtx = try assertNoThrowWithValue(SSLContext(configuration: config))
|
let clientCtx = try assertNoThrowWithValue(SSLContext(configuration: config))
|
||||||
|
|
||||||
let group = MultiThreadedEventLoopGroup(numThreads: 1)
|
let group = MultiThreadedEventLoopGroup(numThreads: 1)
|
||||||
|
|
|
@ -103,7 +103,7 @@ i5PCcPYi39q101UIxV/WokS0mqHx/XuTYTwhWYd/C49OnM8MLZOUJd8w0VvS0ItY
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
"""
|
"""
|
||||||
|
|
||||||
private func makeTemporaryFile() -> String {
|
func makeTemporaryFile() -> String {
|
||||||
let template = "/tmp/niotestXXXXXXX"
|
let template = "/tmp/niotestXXXXXXX"
|
||||||
var templateBytes = template.utf8 + [0]
|
var templateBytes = template.utf8 + [0]
|
||||||
let templateBytesCount = templateBytes.count
|
let templateBytesCount = templateBytes.count
|
||||||
|
|
Loading…
Reference in New Issue