Bug 1572593 - Re-revert call to CheckCertReqAgainstDefaultCAs to avoid memory leak (filed as bug 1573945). r=jcj
authorKevin Jacobs <kjacobs@mozilla.com>
Wed, 14 Aug 2019 20:02:45 +0000
changeset 15256 bbfc55939d752ebf723bc32fc7eeccef726adb82
parent 15255 f8926908be71c3e1b4fd112e655d603fcf0fdb32
child 15257 660d7c210878aa4ec95123e76669a8fabc9c7d88
push id3467
push userjjones@mozilla.com
push dateWed, 14 Aug 2019 20:03:31 +0000
reviewersjcj
bugs1572593, 1573945
Bug 1572593 - Re-revert call to CheckCertReqAgainstDefaultCAs to avoid memory leak (filed as bug 1573945). r=jcj Revert back to the changes Franziskus had made. Updated the in-source bug number to point to the new memleak bug. Differential Revision: https://phabricator.services.mozilla.com/D42020
gtests/ssl_gtest/tls_agent.cc
--- a/gtests/ssl_gtest/tls_agent.cc
+++ b/gtests/ssl_gtest/tls_agent.cc
@@ -244,16 +244,20 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc
 
   SECStatus rv;
   if (!skip_version_checks_) {
     rv = SSL_VersionRangeSet(ssl_fd(), &vrange_);
     EXPECT_EQ(SECSuccess, rv);
     if (rv != SECSuccess) return false;
   }
 
+  ScopedCERTCertList anchors(CERT_NewCertList());
+  rv = SSL_SetTrustAnchors(ssl_fd(), anchors.get());
+  if (rv != SECSuccess) return false;
+
   if (role_ == SERVER) {
     EXPECT_TRUE(ConfigServerCert(name_, true));
 
     rv = SSL_SNISocketConfigHook(ssl_fd(), SniHook, this);
     EXPECT_EQ(SECSuccess, rv);
     if (rv != SECSuccess) return false;
 
     rv = SSL_SetMaxEarlyDataSize(ssl_fd(), 1024);
@@ -316,17 +320,17 @@ void TlsAgent::SetupClientAuth() {
   EXPECT_TRUE(EnsureTlsSetup());
   ASSERT_EQ(CLIENT, role_);
 
   EXPECT_EQ(SECSuccess,
             SSL_GetClientAuthDataHook(ssl_fd(), GetClientAuthDataHook,
                                       reinterpret_cast<void*>(this)));
 }
 
-static void CheckCertReqAgainstDefaultCAs(const CERTDistNames* caNames) {
+void CheckCertReqAgainstDefaultCAs(const CERTDistNames* caNames) {
   ScopedCERTDistNames expected(CERT_GetSSLCACerts(nullptr));
 
   ASSERT_EQ(expected->nnames, caNames->nnames);
 
   for (size_t i = 0; i < static_cast<size_t>(expected->nnames); ++i) {
     EXPECT_EQ(SECEqual,
               SECITEM_CompareItem(&(expected->names[i]), &(caNames->names[i])));
   }
@@ -335,17 +339,18 @@ static void CheckCertReqAgainstDefaultCA
 SECStatus TlsAgent::GetClientAuthDataHook(void* self, PRFileDesc* fd,
                                           CERTDistNames* caNames,
                                           CERTCertificate** clientCert,
                                           SECKEYPrivateKey** clientKey) {
   TlsAgent* agent = reinterpret_cast<TlsAgent*>(self);
   ScopedCERTCertificate peerCert(SSL_PeerCertificate(agent->ssl_fd()));
   EXPECT_TRUE(peerCert) << "Client should be able to see the server cert";
 
-  CheckCertReqAgainstDefaultCAs(caNames);
+  // See bug 1573945
+  // CheckCertReqAgainstDefaultCAs(caNames);
 
   ScopedCERTCertificate cert;
   ScopedSECKEYPrivateKey priv;
   if (!TlsAgent::LoadCertificate(agent->name(), &cert, &priv)) {
     return SECFailure;
   }
 
   *clientCert = cert.release();