fix(SSLManager): Fixed regression introduced in PR #4103, fixes #4421

pocoproject · Jan 30, 2024 · e9c955e · e9c955e
1 parent 41ce8be
commit e9c955e
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 9 deletions.
diff --git a/NetSSL_OpenSSL/src/SSLManager.cpp b/NetSSL_OpenSSL/src/SSLManager.cpp
@@ -76,8 +76,8 @@ const bool        SSLManager::VAL_FIPS_MODE(false);
 
 
 SSLManager::SSLManager():
-	_contextIndex(SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL)),
-	_socketIndex(SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL))
+	_contextIndex(SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr)),
+	_socketIndex(SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr))
 {
 }
 
@@ -100,9 +100,8 @@ void SSLManager::shutdown()
 	PrivateKeyPassphraseRequired.clear();
 	ClientVerificationError.clear();
 	ServerVerificationError.clear();
-	_ptrDefaultServerContext = 0;
-	_ptrDefaultClientContext = 0;
-	_socketIndex = _contextIndex = -1;
+	_ptrDefaultServerContext = nullptr;
+	_ptrDefaultClientContext = nullptr;
 }
 
 
@@ -290,7 +289,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
 		return ocspVerifyFlag ? 0 : 1;
 	}
 
-	OCSP_RESPONSE* pOcspResp = d2i_OCSP_RESPONSE(NULL, &pResp, len);
+	OCSP_RESPONSE* pOcspResp = d2i_OCSP_RESPONSE(nullptr, &pResp, len);
 	if (!pOcspResp) return 0;
 
 	if (OCSP_response_status(pOcspResp) != OCSP_RESPONSE_STATUS_SUCCESSFUL)
@@ -314,7 +313,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
 		return 0;
 	}
 
-	X509* pPeerIssuerCert = NULL;
+	X509* pPeerIssuerCert = nullptr;
 	STACK_OF(X509)* pCertChain = SSL_get_peer_cert_chain(pSSL);
 	unsigned certChainLen = sk_X509_num(pCertChain);
 	for (int i= 0; i < certChainLen ; i++)
@@ -345,7 +344,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
 		{
 			X509_free(pCert);
 			sk_X509_free(pCerts);
-			pCerts = NULL;
+			pCerts = nullptr;
 		}
 	}
 
@@ -363,7 +362,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
 		return 0;
 	}
 
-	OCSP_CERTID* pCertId = OCSP_cert_to_id(NULL, pPeerCert, pPeerIssuerCert);
+	OCSP_CERTID* pCertId = OCSP_cert_to_id(nullptr, pPeerCert, pPeerIssuerCert);
 	if (!pCertId)
 	{
 		X509_free(pPeerCert);

diff --git a/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.cpp b/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.cpp
@@ -25,6 +25,8 @@
 #include "Poco/Net/Session.h"
 #include "Poco/Net/SSLManager.h"
 #include "Poco/Net/SSLException.h"
+#include "Poco/Net/AcceptCertificateHandler.h"
+#include "Poco/Net/PrivateKeyPassphraseHandler.h"
 #include "Poco/Util/Application.h"
 #include "Poco/Util/AbstractConfiguration.h"
 #include "Poco/StreamCopier.h"
@@ -285,6 +287,44 @@ void HTTPSClientSessionTest::testKeepAlive()
 }
 
 
+void HTTPSClientSessionTest::testMultipleSSLInit()
+{
+
+	auto initSSL = []()
+	{
+		initializeSSL();
+		Poco::SharedPtr<InvalidCertificateHandler> ptrCert = new AcceptCertificateHandler(false);
+		Context::Ptr context(new Context(Context::CLIENT_USE, "", "", "",
+				Context::VerificationMode::VERIFY_STRICT, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
+			)
+		);
+		SSLManager::instance().initializeClient(0, ptrCert, context);
+	};
+
+	auto deinitSSL = []()
+	{
+		uninitializeSSL();
+	};
+
+	try
+	{
+		initSSL();
+		deinitSSL();
+
+		initSSL();
+
+		HTTPSClientSession session("secure.appinf.com");
+		HTTPRequest request(HTTPRequest::HTTP_GET, "", HTTPMessage::HTTP_1_1);
+		std::ostream& os = session.sendRequest(request);
+		deinitSSL();
+	}
+	catch(...)
+	{
+		failmsg("Double SSL init failed");
+	}
+}
+
+
 void HTTPSClientSessionTest::testInterop()
 {
 	HTTPSClientSession s("secure.appinf.com");
@@ -459,6 +499,7 @@ CppUnit::Test* HTTPSClientSessionTest::suite()
 	CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostLargeChunked);
 	CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostLargeChunkedKeepAlive);
 	CppUnit_addTest(pSuite, HTTPSClientSessionTest, testKeepAlive);
+	CppUnit_addTest(pSuite, HTTPSClientSessionTest, testMultipleSSLInit);
 	CppUnit_addTest(pSuite, HTTPSClientSessionTest, testInterop);
 	CppUnit_addTest(pSuite, HTTPSClientSessionTest, testProxy);
 	CppUnit_addTest(pSuite, HTTPSClientSessionTest, testCachedSession);

diff --git a/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.h b/NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.h
@@ -34,6 +34,7 @@ class HTTPSClientSessionTest: public CppUnit::TestCase
 	void testPostLargeChunkedKeepAlive();
 	void testKeepAlive();
 	void testInterop();
+	void testMultipleSSLInit();
 	void testProxy();
 	void testCachedSession();
 	void testUnknownContentLength();