diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2020-10-08 14:38:10 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-10-08 14:38:10 +0000 |
commit | e56e706a085acf671057306b01e1d92bca86092a (patch) | |
tree | 51ca169f02f1a3b21fd713052d10f80ae576bd8e /regress | |
parent | cdf55429777fca0da2484706356606902453ba04 (diff) |
Read cert.pem once and reuse it instead of reading it twice per test cert
chain. It only takes a few dozens of ms to read it, but doing this 7290
times adds up to a few minutes run time. This way, the test completes in
a handful of seconds.
Diagnosed by jsing, ok beck
Diffstat (limited to 'regress')
-rw-r--r-- | regress/lib/libcrypto/x509/bettertls/verify.c | 28 |
1 files changed, 10 insertions, 18 deletions
diff --git a/regress/lib/libcrypto/x509/bettertls/verify.c b/regress/lib/libcrypto/x509/bettertls/verify.c index ba76cc20fdc..c139c183e51 100644 --- a/regress/lib/libcrypto/x509/bettertls/verify.c +++ b/regress/lib/libcrypto/x509/bettertls/verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: verify.c,v 1.6 2020/10/03 15:19:47 tb Exp $ */ +/* $OpenBSD: verify.c,v 1.7 2020/10/08 14:38:09 tb Exp $ */ /* * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -98,14 +98,12 @@ verify_cert_cb(int ok, X509_STORE_CTX *xsc) } static void -verify_cert(const char *roots_file, const char *bundle_file, +verify_cert(X509_STORE *store, const char *roots_file, const char *bundle_file, const char *cert_file, int *ip, int *dns) { STACK_OF(X509) *roots = NULL, *bundle = NULL, *cert = NULL; X509_STORE_CTX *xsc = NULL; - X509_STORE *store = NULL; X509_STORE_CTX *xscip = NULL; - X509_STORE *storeip = NULL; X509_VERIFY_PARAM *param, *paramip; X509 *leaf = NULL; unsigned long flags, flagsip; @@ -125,16 +123,11 @@ verify_cert(const char *roots_file, const char *bundle_file, if ((xsc = X509_STORE_CTX_new()) == NULL) errx(1, "X509_STORE_CTX"); - if ((store = X509_STORE_new()) == NULL) - errx(1, "X509_STORE"); - if (!X509_STORE_CTX_init(xsc, store, leaf, bundle)) { ERR_print_errors_fp(stderr); errx(1, "failed to init store context"); } - X509_STORE_set_default_paths(store); - if (verbose) X509_STORE_CTX_set_verify_cb(xsc, verify_cert_cb); @@ -156,16 +149,11 @@ verify_cert(const char *roots_file, const char *bundle_file, if ((xscip = X509_STORE_CTX_new()) == NULL) errx(1, "X509_STORE_CTX"); - if ((storeip = X509_STORE_new()) == NULL) - errx(1, "X509_STORE"); - - if (!X509_STORE_CTX_init(xscip, storeip, leaf, bundle)) { + if (!X509_STORE_CTX_init(xscip, store, leaf, bundle)) { ERR_print_errors_fp(stderr); errx(1, "failed to init store context"); } - X509_STORE_set_default_paths(storeip); - if (verbose) X509_STORE_CTX_set_verify_cb(xscip, verify_cert_cb); @@ -186,8 +174,6 @@ verify_cert(const char *roots_file, const char *bundle_file, sk_X509_pop_free(roots, X509_free); sk_X509_pop_free(bundle, X509_free); sk_X509_pop_free(cert, X509_free); - X509_STORE_free(store); - X509_STORE_free(storeip); X509_STORE_CTX_free(xsc); X509_STORE_CTX_free(xscip); X509_free(leaf); @@ -196,9 +182,14 @@ verify_cert(const char *roots_file, const char *bundle_file, static void bettertls_cert_test(const char *certs_path) { + X509_STORE *store; char *roots_file, *bundle_file, *cert_file; int i; + if ((store = X509_STORE_new()) == NULL) + errx(1, "X509_STORE_new"); + + X509_STORE_set_default_paths(store); if (asprintf(&roots_file, "%s/root.crt", certs_path) == -1) errx(1, "asprintf"); @@ -214,7 +205,7 @@ bettertls_cert_test(const char *certs_path) break; if (stat(bundle_file, &sb) == -1) break; - verify_cert(roots_file, bundle_file, cert_file, &ip, &dns); + verify_cert(store, roots_file, bundle_file, cert_file, &ip, &dns); /* Mmm. json. with my avocado toast */ if (i > 1 && json) fprintf(stdout, ","); @@ -229,6 +220,7 @@ bettertls_cert_test(const char *certs_path) free(cert_file); } free(roots_file); + X509_STORE_free(store); } int |