diff options
author | Loïc Hoguin <[email protected]> | 2023-03-30 15:38:29 +0200 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2023-03-30 15:38:29 +0200 |
commit | 12108ab66831e86b197d291073ed5ab538b7e91b (patch) | |
tree | e4f35e01ae9fa6cf24b7def43b6ab585b55c5e3d /test/rfc7540_SUITE.erl | |
parent | 251e70b219aa12752a75c442581ae9ed8ce7461f (diff) | |
download | cowboy-12108ab66831e86b197d291073ed5ab538b7e91b.tar.gz cowboy-12108ab66831e86b197d291073ed5ab538b7e91b.tar.bz2 cowboy-12108ab66831e86b197d291073ed5ab538b7e91b.zip |
Fix TLS tests for OTP-26+
ct_helper now uses the test certificates generated by
public_key. A few adjustments had to be made as a result.
Diffstat (limited to 'test/rfc7540_SUITE.erl')
-rw-r--r-- | test/rfc7540_SUITE.erl | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/test/rfc7540_SUITE.erl b/test/rfc7540_SUITE.erl index 7db4a48..de0017c 100644 --- a/test/rfc7540_SUITE.erl +++ b/test/rfc7540_SUITE.erl @@ -589,18 +589,20 @@ http_upgrade_response_half_closed(Config) -> alpn_ignore_h2c(Config) -> doc("An h2c ALPN protocol identifier must be ignored. (RFC7540 3.3)"), + TlsOpts = ct_helper:get_certs_from_ets(), {ok, Socket} = ssl:connect("localhost", config(port, Config), [{alpn_advertised_protocols, [<<"h2c">>, <<"http/1.1">>]}, - binary, {active, false}, {versions, ['tlsv1.2']}]), + binary, {active, false}|TlsOpts]), {ok, <<"http/1.1">>} = ssl:negotiated_protocol(Socket), ok. alpn_server_preface(Config) -> doc("The first frame must be a SETTINGS frame " "for the server connection preface. (RFC7540 3.3, RFC7540 3.5, RFC7540 6.5)"), + TlsOpts = ct_helper:get_certs_from_ets(), {ok, Socket} = ssl:connect("localhost", config(port, Config), [{alpn_advertised_protocols, [<<"h2">>]}, - binary, {active, false}, {versions, ['tlsv1.2']}]), + binary, {active, false}|TlsOpts]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Receive the server preface. {ok, << _:24, 4:8, 0:40 >>} = ssl:recv(Socket, 9, 1000), @@ -609,9 +611,10 @@ alpn_server_preface(Config) -> alpn_client_preface_timeout(Config) -> doc("Clients negotiating HTTP/2 and not sending a preface in " "a timely manner must be disconnected."), + TlsOpts = ct_helper:get_certs_from_ets(), {ok, Socket} = ssl:connect("localhost", config(port, Config), [{alpn_advertised_protocols, [<<"h2">>]}, - binary, {active, false}, {versions, ['tlsv1.2']}]), + binary, {active, false}|TlsOpts]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Receive the server preface. {ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000), @@ -623,9 +626,10 @@ alpn_client_preface_timeout(Config) -> alpn_reject_missing_client_preface(Config) -> doc("Servers must treat an invalid connection preface as a " "connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"), + TlsOpts = ct_helper:get_certs_from_ets(), {ok, Socket} = ssl:connect("localhost", config(port, Config), [{alpn_advertised_protocols, [<<"h2">>]}, - binary, {active, false}, {versions, ['tlsv1.2']}]), + binary, {active, false}|TlsOpts]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a SETTINGS frame directly instead of the proper preface. ok = ssl:send(Socket, cow_http2:settings(#{})), @@ -639,9 +643,10 @@ alpn_reject_missing_client_preface(Config) -> alpn_reject_invalid_client_preface(Config) -> doc("Servers must treat an invalid connection preface as a " "connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"), + TlsOpts = ct_helper:get_certs_from_ets(), {ok, Socket} = ssl:connect("localhost", config(port, Config), [{alpn_advertised_protocols, [<<"h2">>]}, - binary, {active, false}, {versions, ['tlsv1.2']}]), + binary, {active, false}|TlsOpts]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a slightly incorrect preface. ok = ssl:send(Socket, "PRI * HTTP/2.0\r\n\r\nSM: Value\r\n\r\n"), @@ -655,9 +660,10 @@ alpn_reject_invalid_client_preface(Config) -> alpn_reject_missing_client_preface_settings(Config) -> doc("Servers must treat an invalid connection preface as a " "connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"), + TlsOpts = ct_helper:get_certs_from_ets(), {ok, Socket} = ssl:connect("localhost", config(port, Config), [{alpn_advertised_protocols, [<<"h2">>]}, - binary, {active, false}, {versions, ['tlsv1.2']}]), + binary, {active, false}|TlsOpts]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a valid preface sequence except followed by a PING instead of a SETTINGS frame. ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:ping(0)]), @@ -671,9 +677,10 @@ alpn_reject_missing_client_preface_settings(Config) -> alpn_reject_invalid_client_preface_settings(Config) -> doc("Servers must treat an invalid connection preface as a " "connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"), + TlsOpts = ct_helper:get_certs_from_ets(), {ok, Socket} = ssl:connect("localhost", config(port, Config), [{alpn_advertised_protocols, [<<"h2">>]}, - binary, {active, false}, {versions, ['tlsv1.2']}]), + binary, {active, false}|TlsOpts]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a valid preface sequence except followed by a badly formed SETTINGS frame. ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", << 0:24, 4:8, 0:9, 1:31 >>]), @@ -686,9 +693,10 @@ alpn_reject_invalid_client_preface_settings(Config) -> alpn_accept_client_preface_empty_settings(Config) -> doc("The SETTINGS frame in the client preface may be empty. (RFC7540 3.3, RFC7540 3.5)"), + TlsOpts = ct_helper:get_certs_from_ets(), {ok, Socket} = ssl:connect("localhost", config(port, Config), [{alpn_advertised_protocols, [<<"h2">>]}, - binary, {active, false}, {versions, ['tlsv1.2']}]), + binary, {active, false}|TlsOpts]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a valid preface sequence except followed by an empty SETTINGS frame. ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]), @@ -702,9 +710,10 @@ alpn_accept_client_preface_empty_settings(Config) -> alpn_client_preface_settings_ack_timeout(Config) -> doc("Failure to acknowledge the server's SETTINGS frame " "results in a SETTINGS_TIMEOUT connection error. (RFC7540 3.5, RFC7540 6.5.3)"), + TlsOpts = ct_helper:get_certs_from_ets(), {ok, Socket} = ssl:connect("localhost", config(port, Config), [{alpn_advertised_protocols, [<<"h2">>]}, - binary, {active, false}, {versions, ['tlsv1.2']}]), + binary, {active, false}|TlsOpts]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a valid preface. ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]), @@ -719,9 +728,10 @@ alpn_client_preface_settings_ack_timeout(Config) -> alpn(Config) -> doc("Successful ALPN negotiation. (RFC7540 3.3)"), + TlsOpts = ct_helper:get_certs_from_ets(), {ok, Socket} = ssl:connect("localhost", config(port, Config), [{alpn_advertised_protocols, [<<"h2">>]}, - binary, {active, false}, {versions, ['tlsv1.2']}]), + binary, {active, false}|TlsOpts]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a valid preface. %% @todo Use non-empty SETTINGS here. Just because. @@ -745,8 +755,9 @@ alpn(Config) -> prior_knowledge_reject_tls(Config) -> doc("Implementations that support HTTP/2 over TLS must use ALPN. (RFC7540 3.4)"), + TlsOpts = ct_helper:get_certs_from_ets(), {ok, Socket} = ssl:connect("localhost", config(port, Config), - [binary, {active, false}, {versions, ['tlsv1.2']}]), + [binary, {active, false}|TlsOpts]), %% Send a valid preface. ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]), %% We expect the server to send an HTTP 400 error |