in bindings/rust/extended/s2n-tls/src/cert_chain.rs [499:563]
fn default_selection() -> Result<(), crate::error::Error> {
let alligator_cert = SniTestCerts::AlligatorRsa.get().into_certificate_chain();
let beaver_cert = SniTestCerts::BeaverRsa.get().into_certificate_chain();
// when no default is explicitly set, the first loaded cert is the default
{
let mut test_pair = sni_test_pair(
vec![alligator_cert.clone(), beaver_cert.clone()],
None,
&[SniTestCerts::AlligatorRsa, SniTestCerts::BeaverRsa],
)?;
assert!(test_pair.handshake().is_ok());
assert!(cert_chains_are_equal(
&alligator_cert,
&test_pair.client.peer_cert_chain().unwrap()
));
assert_eq!(Arc::strong_count(&alligator_cert.cert_handle), 2);
assert_eq!(Arc::strong_count(&beaver_cert.cert_handle), 2);
}
// set an explicit default
{
let mut test_pair = sni_test_pair(
vec![alligator_cert.clone(), beaver_cert.clone()],
Some(vec![beaver_cert.clone()]),
&[SniTestCerts::AlligatorRsa, SniTestCerts::BeaverRsa],
)?;
assert!(test_pair.handshake().is_ok());
assert!(cert_chains_are_equal(
&beaver_cert,
&test_pair.client.peer_cert_chain().unwrap()
));
assert_eq!(Arc::strong_count(&alligator_cert.cert_handle), 2);
// beaver has an additional reference because it was used in multiple
// calls
assert_eq!(Arc::strong_count(&beaver_cert.cert_handle), 3);
}
// set a default without adding it to the store
{
let mut test_pair = sni_test_pair(
vec![alligator_cert.clone()],
Some(vec![beaver_cert.clone()]),
&[SniTestCerts::AlligatorRsa, SniTestCerts::BeaverRsa],
)?;
assert!(test_pair.handshake().is_ok());
assert!(cert_chains_are_equal(
&beaver_cert,
&test_pair.client.peer_cert_chain().unwrap()
));
assert_eq!(Arc::strong_count(&alligator_cert.cert_handle), 2);
assert_eq!(Arc::strong_count(&beaver_cert.cert_handle), 2);
}
Ok(())
}