nts: free client cert credentials when not used

Destroy the client cert credentials when destroying the last NKC instance instead of NKC_Finalise(). This allows the client to reload the trusted cert file between NTS-KE sessions.
2020-05-21 10:49:26 +02:00 · 2020-05-21 10:49:26 +02:00 · a3fda9f992
commit a3fda9f992
parent cd34b377aa
5 changed files with 10 additions and 39 deletions
--- a/main.c
+++ b/main.c
@ -38,7 +38,6 @@
 #include "ntp_signd.h"
 #include "ntp_sources.h"
 #include "ntp_core.h"
 #include "nts_ke_client.h"
 #include "nts_ke_server.h"
 #include "nts_ntp_server.h"
 #include "socket.h"
@ -114,7 +113,6 @@ MAI_CleanupAndExit(void)
  TMC_Finalise();
  MNL_Finalise();
  CLG_Finalise();
  NKC_Finalise();
  NKS_Finalise();
  NNS_Finalise();
  NSD_Finalise();
@ -589,7 +587,6 @@ int main
  NSD_Initialise();
  NNS_Initialise();
  NKS_Initialise(scfilter_level);
  NKC_Initialise();
  CLG_Initialise();
  MNL_Initialise();
  TMC_Initialise();
--- a/nts_ke_client.c
+++ b/nts_ke_client.c
@ -58,7 +58,8 @@ struct NKC_Instance_Record {
 /* ================================================== */
-static void *client_credentials;
+static void *client_credentials = NULL;
 static int client_credentials_refs = 0;
 /* ================================================== */
@ -256,23 +257,6 @@ handle_message(void *arg)
 /* ================================================== */
 void
 NKC_Initialise(void)
 {
  client_credentials = NULL;
 }
 /* ================================================== */
 void
 NKC_Finalise(void)
 {
  if (client_credentials)
    NKSN_DestroyCertCredentials(client_credentials);
 }
 /* ================================================== */
 NKC_Instance
 NKC_CreateInstance(IPSockAddr *address, const char *name)
 {
@ -287,10 +271,10 @@ NKC_CreateInstance(IPSockAddr *address, const char *name)
  inst->destroying = 0;
  inst->got_response = 0;
-  /* Create the credentials with the first client instance and share them
+  /* Share the credentials with other client instances */
     with other instances */
  if (!client_credentials)
    client_credentials = NKSN_CreateCertCredentials(NULL, NULL, CNF_GetNtsTrustedCertFile());
  client_credentials_refs++;
  return inst;
 }
@ -310,6 +294,12 @@ NKC_DestroyInstance(NKC_Instance inst)
  Free(inst->name);
  Free(inst);
  client_credentials_refs--;
  if (client_credentials_refs <= 0 && client_credentials) {
    NKSN_DestroyCertCredentials(client_credentials);
    client_credentials = NULL;
  }
 }
 /* ================================================== */
--- a/nts_ke_client.h
+++ b/nts_ke_client.h
@ -32,10 +32,6 @@
 typedef struct NKC_Instance_Record *NKC_Instance;
 /* Init and fini functions */
 extern void NKC_Initialise(void);
 extern void NKC_Finalise(void);
 /* Create a client NTS-KE instance */
 extern NKC_Instance NKC_CreateInstance(IPSockAddr *address, const char *name);
--- a/stubs.c
+++ b/stubs.c
@ -536,16 +536,6 @@ NNC_GetReport(NNC_Instance inst, RPT_AuthReport *report)
 {
 }
 void
 NKC_Initialise(void)
 {
 }
 void
 NKC_Finalise(void)
 {
 }
 void
 NKS_Initialise(int scfilter_level)
 {
--- a/test/unit/nts_ke_client.c
+++ b/test/unit/nts_ke_client.c
@ -112,7 +112,6 @@ test_unit(void)
    CNF_ParseLine(NULL, i + 1, conf[i]);
  LCL_Initialise();
  NKC_Initialise();
  SCK_GetLoopbackIPAddress(AF_INET, &addr.ip_addr);
  addr.port = 0;
@ -129,7 +128,6 @@ test_unit(void)
  NKC_DestroyInstance(inst);
  NKC_Finalise();
  LCL_Finalise();
  CNF_Finalise();
 }