nts: free client cert credentials when not used

Destroy the client cert credentials when destroying the last NKC
instance instead of NKC_Finalise(). This allows the client to reload the
trusted cert file between NTS-KE sessions.

diff --git a/main.c b/main.c
index 5701d410cfe876fe9f717c976552b0cdafca1210..48a19483ca8888a248e12d76197e20cabd20db70 100644 (file)
--- a/main.c
+++ b/main.c
@@ -38,7 +38,6 @@
 #include "ntp_signd.h"
 #include "ntp_sources.h"
 #include "ntp_core.h"
-#include "nts_ke_client.h"
 #include "nts_ke_server.h"
 #include "nts_ntp_server.h"
 #include "socket.h"
@@ -114,7 +113,6 @@ MAI_CleanupAndExit(void)
   TMC_Finalise();
   MNL_Finalise();
   CLG_Finalise();
-  NKC_Finalise();
   NKS_Finalise();
   NNS_Finalise();
   NSD_Finalise();
@@ -589,7 +587,6 @@ int main
   NSD_Initialise();
   NNS_Initialise();
   NKS_Initialise(scfilter_level);
-  NKC_Initialise();
   CLG_Initialise();
   MNL_Initialise();
   TMC_Initialise();

diff --git a/nts_ke_client.c b/nts_ke_client.c
index 58c3f31833d45a1b8af383274283ac4adeacc850..f37d76828e67a94e11141f3fe79929321ade70ed 100644 (file)
--- a/nts_ke_client.c
+++ b/nts_ke_client.c
@@ -58,7 +58,8 @@ struct NKC_Instance_Record {
 
 /* ================================================== */
 
-static void *client_credentials;
+static void *client_credentials = NULL;
+static int client_credentials_refs = 0;
 
 /* ================================================== */
 
@@ -256,23 +257,6 @@ handle_message(void *arg)
 
 /* ================================================== */
 
-void
-NKC_Initialise(void)
-{
-  client_credentials = NULL;
-}
-
-/* ================================================== */
-
-void
-NKC_Finalise(void)
-{
-  if (client_credentials)
-    NKSN_DestroyCertCredentials(client_credentials);
-}
-
-/* ================================================== */
-
 NKC_Instance
 NKC_CreateInstance(IPSockAddr *address, const char *name)
 {
@@ -287,10 +271,10 @@ NKC_CreateInstance(IPSockAddr *address, const char *name)
   inst->destroying = 0;
   inst->got_response = 0;
 
-  /* Create the credentials with the first client instance and share them
-     with other instances */
+  /* Share the credentials with other client instances */
   if (!client_credentials)
     client_credentials = NKSN_CreateCertCredentials(NULL, NULL, CNF_GetNtsTrustedCertFile());
+  client_credentials_refs++;
 
   return inst;
 }
@@ -310,6 +294,12 @@ NKC_DestroyInstance(NKC_Instance inst)
 
   Free(inst->name);
   Free(inst);
+
+  client_credentials_refs--;
+  if (client_credentials_refs <= 0 && client_credentials) {
+    NKSN_DestroyCertCredentials(client_credentials);
+    client_credentials = NULL;
+  }
 }
 
 /* ================================================== */

diff --git a/nts_ke_client.h b/nts_ke_client.h
index b800ac283d4ef74b188487a9c41d06c86b938e6c..9738b104958a00bb3635e45385236469adafc2a8 100644 (file)
--- a/nts_ke_client.h
+++ b/nts_ke_client.h
@@ -32,10 +32,6 @@
 
 typedef struct NKC_Instance_Record *NKC_Instance;
 
-/* Init and fini functions */
-extern void NKC_Initialise(void);
-extern void NKC_Finalise(void);
-
 /* Create a client NTS-KE instance */
 extern NKC_Instance NKC_CreateInstance(IPSockAddr *address, const char *name);
 

diff --git a/stubs.c b/stubs.c
index e011995808ea2a36da5b6ef3eb27bc40a6250740..dece36ff84edefb0da2b4e322c1967ba480ba32d 100644 (file)
--- a/stubs.c
+++ b/stubs.c
@@ -536,16 +536,6 @@ NNC_GetReport(NNC_Instance inst, RPT_AuthReport *report)
 {
 }
 
-void
-NKC_Initialise(void)
-{
-}
-
-void
-NKC_Finalise(void)
-{
-}
-
 void
 NKS_Initialise(int scfilter_level)
 {

diff --git a/test/unit/nts_ke_client.c b/test/unit/nts_ke_client.c
index 80d523284237b88b12a0f1db1550874ba8f41871..99161a861438722d5f77a1d9fcf2af7880bd9c53 100644 (file)
--- a/test/unit/nts_ke_client.c
+++ b/test/unit/nts_ke_client.c
@@ -112,7 +112,6 @@ test_unit(void)
     CNF_ParseLine(NULL, i + 1, conf[i]);
 
   LCL_Initialise();
-  NKC_Initialise();
 
   SCK_GetLoopbackIPAddress(AF_INET, &addr.ip_addr);
   addr.port = 0;
@@ -129,7 +128,6 @@ test_unit(void)
 
   NKC_DestroyInstance(inst);
 
-  NKC_Finalise();
   LCL_Finalise();
   CNF_Finalise();
 }