Merge branch 'peterdmv/ssl/fix-handshake-hello/ERL-975/OTP-15888' into maint-22

* peterdmv/ssl/fix-handshake-hello/ERL-975/OTP-15888: ssl: Fix negative tests in ssl_basic_SUITE ssl: Fix run_client_error/1 in ssl_test_lib ssl: Fix ssl_handshake:extension_value/1
author: Erlang/OTP <[email protected]> 2019-06-17 16:51:17 +0200
committer: Erlang/OTP <[email protected]> 2019-06-17 16:51:17 +0200
commit: a3b1191abf3d5c0157f51d915053bcca6bec107c (patch)
tree: 986b47b93fe565e03e6a3f2f3fe3639f2a90a844
parent: ff0ac9ba35a5c8790c8cd3cda1b68fc59cc37449 (diff)
parent: 021607a213435344db07662bc79ea4895b6b94e6 (diff)
download: otp-a3b1191abf3d5c0157f51d915053bcca6bec107c.tar.gz
otp-a3b1191abf3d5c0157f51d915053bcca6bec107c.tar.bz2
otp-a3b1191abf3d5c0157f51d915053bcca6bec107c.zip
3 files changed, 63 insertions, 26 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 5a6e6de819..fbed7258c6 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1471,7 +1471,16 @@ extension_value(#next_protocol_negotiation{extension_data = Data}) ->
 extension_value(#srp{username = Name}) ->
     Name;
 extension_value(#renegotiation_info{renegotiated_connection = Data}) ->
-    Data.
+    Data;
+extension_value(#signature_algorithms{signature_scheme_list = Schemes}) ->
+    Schemes;
+extension_value(#signature_algorithms_cert{signature_scheme_list = Schemes}) ->
+    Schemes;
+extension_value(#key_share_client_hello{client_shares = ClientShares}) ->
+    ClientShares;
+extension_value(#client_hello_versions{versions = Versions}) ->
+    Versions.
+
 
 %%--------------------------------------------------------------------
 %%% Internal functions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 93c03daa45..4f6ea6c886 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -244,7 +244,8 @@ rizzo_tests() ->
 
 %% For testing TLS 1.3 features and possible regressions
 tls13_test_group() ->
-    [tls13_enable_client_side,
+    [handshake_continue_tls13_client,
+     tls13_enable_client_side,
      tls13_enable_server_side,
      tls_record_1_3_encode_decode,
      tls13_finished_verify_data,
@@ -672,6 +673,43 @@ handshake_continue(Config) when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
+
+%%--------------------------------------------------------------------
+handshake_continue_tls13_client() ->
+    [{doc, "Test API function ssl:handshake_continue/3"}].
+handshake_continue_tls13_client(Config) when is_list(Config) ->
+    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
+    ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
+    ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
+
+    ClientOptsHello0 = ssl_test_lib:ssl_options([{handshake, hello}], Config),
+    ClientOptsHello = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOptsHello0],
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+					{from, self()},
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+                                        {options, ssl_test_lib:ssl_options([{reuseaddr, true}, {handshake, hello}],
+                                                                           Config)},
+                                        {continue_options, proplists:delete(reuseaddr, ServerOpts)}
+                                       ]),
+
+    Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+					{host, Hostname},
+                                        {from, self()},
+                                        {mfa, {ssl_test_lib, send_recv_result_active, []}},
+                                        {options, ClientOptsHello},
+                                        {continue_options,  proplists:delete(reuseaddr, ClientOpts)}]),
+
+    ssl_test_lib:check_result(Server, ok, Client, ok),
+
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
+
+
 %%------------------------------------------------------------------
 handshake_continue_timeout() ->
     [{doc, "Test API function ssl:handshake_continue/3 with short timeout"}].
@@ -5482,14 +5520,11 @@ tls13_client_auth_empty_cert_alert_ssl_server_openssl_client(Config) ->
 
     Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
 
-    ssl_test_lib:check_result(Server,
-                              {error,
-                               {tls_alert,
-                                {certificate_required,
-                                 "received SERVER ALERT: Fatal - Certificate required - certificate_required"}}}),
+    ssl_test_lib:check_server_alert(Server, certificate_required),
     ssl_test_lib:close(Server),
     ssl_test_lib:close_port(Client).
 
+
 tls13_client_auth_empty_cert_ssl_server_openssl_client() ->
      [{doc,"TLS 1.3: Test client authentication when client sends an empty certificate and fail_if_no_peer_cert is set to false."}].
 
@@ -5571,11 +5606,7 @@ tls13_hrr_client_auth_empty_cert_alert_ssl_server_openssl_client(Config) ->
 
     Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
 
-    ssl_test_lib:check_result(Server,
-                              {error,
-                               {tls_alert,
-                                {certificate_required,
-                                 "received SERVER ALERT: Fatal - Certificate required - certificate_required"}}}),
+    ssl_test_lib:check_server_alert(Server, certificate_required),
     ssl_test_lib:close(Server),
     ssl_test_lib:close_port(Client).
 
@@ -5662,13 +5693,7 @@ tls13_unsupported_sign_algo_client_auth_ssl_server_openssl_client(Config) ->
 
     Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
 
-    ssl_test_lib:check_result(
-      Server,
-      {error,
-       {tls_alert,
-        {insufficient_security,
-         "received SERVER ALERT: Fatal - Insufficient Security - "
-         "\"No suitable signature algorithm\""}}}),
+    ssl_test_lib:check_server_alert(Server, insufficient_security),
     ssl_test_lib:close(Server),
     ssl_test_lib:close_port(Client).
 
@@ -5701,12 +5726,7 @@ tls13_unsupported_sign_algo_cert_client_auth_ssl_server_openssl_client(Config) -
 
     Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
 
-    ssl_test_lib:check_result(
-      Server,
-      {error,
-       {tls_alert,
-        {illegal_parameter,
-         "received CLIENT ALERT: Fatal - Illegal Parameter"}}}),
+    ssl_test_lib:check_server_alert(Server, certificate_required),
     ssl_test_lib:close(Server),
     ssl_test_lib:close_port(Client).
 
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 832f8494c6..d46ba1f787 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1103,7 +1103,15 @@ run_client_error(Opts) ->
     Options = proplists:get_value(options, Opts),
     ct:log("~p:~p~nssl:connect(~p, ~p, ~p)~n", [?MODULE,?LINE, Host, Port, Options]),
     Error = Transport:connect(Host, Port, Options),
-    Pid ! {self(), Error}.
+    case Error of
+        {error, _} ->
+            Pid ! {self(), Error};
+        {ok, _Socket} ->
+            receive
+                {ssl_error, _, {tls_alert, _}} = SslError ->
+                                Pid ! {self(), SslError}
+            end
+    end.
 
 accepters(N) ->
     accepters([], N).
author	Erlang/OTP <[email protected]>	2019-06-17 16:51:17 +0200
committer	Erlang/OTP <[email protected]>	2019-06-17 16:51:17 +0200
commit	a3b1191abf3d5c0157f51d915053bcca6bec107c (patch)
tree	986b47b93fe565e03e6a3f2f3fe3639f2a90a844
parent	ff0ac9ba35a5c8790c8cd3cda1b68fc59cc37449 (diff)
parent	021607a213435344db07662bc79ea4895b6b94e6 (diff)
download	otp-a3b1191abf3d5c0157f51d915053bcca6bec107c.tar.gz otp-a3b1191abf3d5c0157f51d915053bcca6bec107c.tar.bz2 otp-a3b1191abf3d5c0157f51d915053bcca6bec107c.zip