Fix certificate checker callback lifetime.
OpenSSL's SSL_CTX_set_verify() function allows us to set a callback
called after certificate validation but doesn't provide a way to pass
private data to this callback. CL:183832 was passing the pointer to the
CertificateChecker instance using a global pointer, nevertheless the
lifetime of this pointer was wrong since libcurl can trigger this
callback asynchronously when the SSL certificates are downloaded.
This patch converts the CertificateChecker into a singleton class and
uses the same trick previously used to pass the ServerToCheck value
using different callbacks.
Bug: 25818567
Test: Run an update on edison-userdebug; FEATURES=test emerge-link update_engine
Change-Id: I84cdb2f8c5ac86d1463634e73e867f213f7a2f5a
diff --git a/common/certificate_checker_unittest.cc b/common/certificate_checker_unittest.cc
index 15811c0..c30acc5 100644
--- a/common/certificate_checker_unittest.cc
+++ b/common/certificate_checker_unittest.cc
@@ -50,6 +50,7 @@
cert_key_prefix_.c_str(),
static_cast<int>(server_to_check_),
depth_);
+ cert_checker.Init();
cert_checker.SetObserver(&observer_);
}
@@ -70,7 +71,7 @@
string cert_key_;
testing::StrictMock<MockCertificateCheckObserver> observer_;
- CertificateChecker cert_checker{&prefs_, &openssl_wrapper_, server_to_check_};
+ CertificateChecker cert_checker{&prefs_, &openssl_wrapper_};
};
// check certificate change, new
@@ -86,7 +87,8 @@
EXPECT_CALL(observer_,
CertificateChecked(server_to_check_,
CertificateCheckResult::kValid));
- ASSERT_TRUE(cert_checker.CheckCertificateChange(1, nullptr));
+ ASSERT_TRUE(
+ cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
}
// check certificate change, unchanged
@@ -103,7 +105,8 @@
EXPECT_CALL(observer_,
CertificateChecked(server_to_check_,
CertificateCheckResult::kValid));
- ASSERT_TRUE(cert_checker.CheckCertificateChange(1, nullptr));
+ ASSERT_TRUE(
+ cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
}
// check certificate change, changed
@@ -120,7 +123,8 @@
CertificateChecked(server_to_check_,
CertificateCheckResult::kValidChanged));
EXPECT_CALL(prefs_, SetString(cert_key_, digest_hex_)).WillOnce(Return(true));
- ASSERT_TRUE(cert_checker.CheckCertificateChange(1, nullptr));
+ ASSERT_TRUE(
+ cert_checker.CheckCertificateChange(1, nullptr, server_to_check_));
}
// check certificate change, failed
@@ -129,7 +133,8 @@
CertificateCheckResult::kFailed));
EXPECT_CALL(prefs_, GetString(_, _)).Times(0);
EXPECT_CALL(openssl_wrapper_, GetCertificateDigest(_, _, _, _)).Times(0);
- ASSERT_FALSE(cert_checker.CheckCertificateChange(0, nullptr));
+ ASSERT_FALSE(
+ cert_checker.CheckCertificateChange(0, nullptr, server_to_check_));
}
} // namespace chromeos_update_engine