From b9d4e05be099c972f0fdfc097a2e26d489082402 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Wed, 29 Mar 2023 15:17:09 +0200 Subject: Fix tests for OTP-25+ --- test/cowboy_test.erl | 2 +- test/proxy_header_SUITE.erl | 5 +++-- test/rfc7540_SUITE.erl | 33 ++++++++++++++++++--------- test/sys_SUITE.erl | 54 ++++++++++++++++++++++++++++++--------------- 4 files changed, 62 insertions(+), 32 deletions(-) (limited to 'test') diff --git a/test/cowboy_test.erl b/test/cowboy_test.erl index 7ebe618..b703efa 100644 --- a/test/cowboy_test.erl +++ b/test/cowboy_test.erl @@ -115,7 +115,7 @@ gun_open(Config, Opts) -> {ok, ConnPid} = gun:open("localhost", config(port, Config), Opts#{ retry => 0, transport => config(type, Config), - tls_opts => proplists:get_value(tls_opts, Config, []), + tls_opts => [{versions, ['tlsv1.2']}|proplists:get_value(tls_opts, Config, [])], protocols => [config(protocol, Config)] }), ConnPid. diff --git a/test/proxy_header_SUITE.erl b/test/proxy_header_SUITE.erl index be6ab04..e6fe406 100644 --- a/test/proxy_header_SUITE.erl +++ b/test/proxy_header_SUITE.erl @@ -126,7 +126,7 @@ do_proxy_header_https(Config, ProxyInfo) -> {ok, Socket0} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}, {packet, raw}]), ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)), - {ok, Socket} = ssl:connect(Socket0, [], 1000), + {ok, Socket} = ssl:connect(Socket0, [{versions, ['tlsv1.2']}], 1000), do_proxy_header_http_common({raw_client, Socket, ssl}, ProxyInfo). do_proxy_header_http_common(Client, ProxyInfo) -> @@ -151,7 +151,8 @@ do_proxy_header_h2(Config, ProxyInfo) -> {ok, Socket0} = gen_tcp:connect("localhost", config(port, Config), [binary, {active, false}, {packet, raw}]), ok = gen_tcp:send(Socket0, ranch_proxy_header:header(ProxyInfo)), - {ok, Socket} = ssl:connect(Socket0, [{alpn_advertised_protocols, [<<"h2">>]}], 1000), + {ok, Socket} = ssl:connect(Socket0, + [{alpn_advertised_protocols, [<<"h2">>]}, {versions, ['tlsv1.2']}], 1000), do_proxy_header_h2_common({raw_client, Socket, ssl}, ProxyInfo). do_proxy_header_h2c(Config, ProxyInfo) -> diff --git a/test/rfc7540_SUITE.erl b/test/rfc7540_SUITE.erl index 6d8aa91..7db4a48 100644 --- a/test/rfc7540_SUITE.erl +++ b/test/rfc7540_SUITE.erl @@ -590,7 +590,8 @@ http_upgrade_response_half_closed(Config) -> alpn_ignore_h2c(Config) -> doc("An h2c ALPN protocol identifier must be ignored. (RFC7540 3.3)"), {ok, Socket} = ssl:connect("localhost", config(port, Config), - [{alpn_advertised_protocols, [<<"h2c">>, <<"http/1.1">>]}, binary, {active, false}]), + [{alpn_advertised_protocols, [<<"h2c">>, <<"http/1.1">>]}, + binary, {active, false}, {versions, ['tlsv1.2']}]), {ok, <<"http/1.1">>} = ssl:negotiated_protocol(Socket), ok. @@ -598,7 +599,8 @@ alpn_server_preface(Config) -> doc("The first frame must be a SETTINGS frame " "for the server connection preface. (RFC7540 3.3, RFC7540 3.5, RFC7540 6.5)"), {ok, Socket} = ssl:connect("localhost", config(port, Config), - [{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]), + [{alpn_advertised_protocols, [<<"h2">>]}, + binary, {active, false}, {versions, ['tlsv1.2']}]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Receive the server preface. {ok, << _:24, 4:8, 0:40 >>} = ssl:recv(Socket, 9, 1000), @@ -608,7 +610,8 @@ alpn_client_preface_timeout(Config) -> doc("Clients negotiating HTTP/2 and not sending a preface in " "a timely manner must be disconnected."), {ok, Socket} = ssl:connect("localhost", config(port, Config), - [{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]), + [{alpn_advertised_protocols, [<<"h2">>]}, + binary, {active, false}, {versions, ['tlsv1.2']}]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Receive the server preface. {ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000), @@ -621,7 +624,8 @@ alpn_reject_missing_client_preface(Config) -> doc("Servers must treat an invalid connection preface as a " "connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"), {ok, Socket} = ssl:connect("localhost", config(port, Config), - [{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]), + [{alpn_advertised_protocols, [<<"h2">>]}, + binary, {active, false}, {versions, ['tlsv1.2']}]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a SETTINGS frame directly instead of the proper preface. ok = ssl:send(Socket, cow_http2:settings(#{})), @@ -636,7 +640,8 @@ alpn_reject_invalid_client_preface(Config) -> doc("Servers must treat an invalid connection preface as a " "connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"), {ok, Socket} = ssl:connect("localhost", config(port, Config), - [{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]), + [{alpn_advertised_protocols, [<<"h2">>]}, + binary, {active, false}, {versions, ['tlsv1.2']}]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a slightly incorrect preface. ok = ssl:send(Socket, "PRI * HTTP/2.0\r\n\r\nSM: Value\r\n\r\n"), @@ -651,7 +656,8 @@ alpn_reject_missing_client_preface_settings(Config) -> doc("Servers must treat an invalid connection preface as a " "connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"), {ok, Socket} = ssl:connect("localhost", config(port, Config), - [{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]), + [{alpn_advertised_protocols, [<<"h2">>]}, + binary, {active, false}, {versions, ['tlsv1.2']}]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a valid preface sequence except followed by a PING instead of a SETTINGS frame. ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:ping(0)]), @@ -666,7 +672,8 @@ alpn_reject_invalid_client_preface_settings(Config) -> doc("Servers must treat an invalid connection preface as a " "connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"), {ok, Socket} = ssl:connect("localhost", config(port, Config), - [{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]), + [{alpn_advertised_protocols, [<<"h2">>]}, + binary, {active, false}, {versions, ['tlsv1.2']}]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a valid preface sequence except followed by a badly formed SETTINGS frame. ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", << 0:24, 4:8, 0:9, 1:31 >>]), @@ -680,7 +687,8 @@ alpn_reject_invalid_client_preface_settings(Config) -> alpn_accept_client_preface_empty_settings(Config) -> doc("The SETTINGS frame in the client preface may be empty. (RFC7540 3.3, RFC7540 3.5)"), {ok, Socket} = ssl:connect("localhost", config(port, Config), - [{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]), + [{alpn_advertised_protocols, [<<"h2">>]}, + binary, {active, false}, {versions, ['tlsv1.2']}]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a valid preface sequence except followed by an empty SETTINGS frame. ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]), @@ -695,7 +703,8 @@ alpn_client_preface_settings_ack_timeout(Config) -> doc("Failure to acknowledge the server's SETTINGS frame " "results in a SETTINGS_TIMEOUT connection error. (RFC7540 3.5, RFC7540 6.5.3)"), {ok, Socket} = ssl:connect("localhost", config(port, Config), - [{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]), + [{alpn_advertised_protocols, [<<"h2">>]}, + binary, {active, false}, {versions, ['tlsv1.2']}]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a valid preface. ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]), @@ -711,7 +720,8 @@ alpn_client_preface_settings_ack_timeout(Config) -> alpn(Config) -> doc("Successful ALPN negotiation. (RFC7540 3.3)"), {ok, Socket} = ssl:connect("localhost", config(port, Config), - [{alpn_advertised_protocols, [<<"h2">>]}, binary, {active, false}]), + [{alpn_advertised_protocols, [<<"h2">>]}, + binary, {active, false}, {versions, ['tlsv1.2']}]), {ok, <<"h2">>} = ssl:negotiated_protocol(Socket), %% Send a valid preface. %% @todo Use non-empty SETTINGS here. Just because. @@ -735,7 +745,8 @@ alpn(Config) -> prior_knowledge_reject_tls(Config) -> doc("Implementations that support HTTP/2 over TLS must use ALPN. (RFC7540 3.4)"), - {ok, Socket} = ssl:connect("localhost", config(port, Config), [binary, {active, false}]), + {ok, Socket} = ssl:connect("localhost", config(port, Config), + [binary, {active, false}, {versions, ['tlsv1.2']}]), %% Send a valid preface. ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]), %% We expect the server to send an HTTP 400 error diff --git a/test/sys_SUITE.erl b/test/sys_SUITE.erl index 175219c..d0cb5e2 100644 --- a/test/sys_SUITE.erl +++ b/test/sys_SUITE.erl @@ -109,7 +109,8 @@ bad_system_from_h1(Config) -> bad_system_from_h2(Config) -> doc("h2: Sending a system message with a bad From value results in a process crash."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), %% Skip the SETTINGS frame. {ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000), timer:sleep(100), @@ -176,7 +177,8 @@ bad_system_message_h1(Config) -> bad_system_message_h2(Config) -> doc("h2: Sending a system message with a bad Request value results in an error."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), %% Skip the SETTINGS frame. {ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000), timer:sleep(100), @@ -252,7 +254,8 @@ good_system_message_h1(Config) -> good_system_message_h2(Config) -> doc("h2: System messages are handled properly."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), %% Skip the SETTINGS frame. {ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000), timer:sleep(100), @@ -336,7 +339,8 @@ trap_exit_parent_exit_h2(Config) -> doc("h2: A process trapping exits must stop when receiving " "an 'EXIT' message from its parent."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), %% Skip the SETTINGS frame. {ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000), timer:sleep(100), @@ -408,7 +412,8 @@ trap_exit_other_exit_h2(Config) -> doc("h2: A process trapping exits must ignore " "'EXIT' messages from unknown processes."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), do_http2_handshake(Socket), Pid = get_remote_pid_tls(Socket), Pid ! {'EXIT', self(), {shutdown, ?MODULE}}, @@ -526,7 +531,8 @@ sys_change_code_h1(Config) -> sys_change_code_h2(Config) -> doc("h2: The sys:change_code/4 function works as expected."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), do_http2_handshake(Socket), Pid = get_remote_pid_tls(Socket), %% Suspend the process and try to get a request in. The @@ -609,7 +615,8 @@ sys_get_state_h1(Config) -> sys_get_state_h2(Config) -> doc("h2: The sys:get_state/1 function works as expected."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), %% Skip the SETTINGS frame. {ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000), timer:sleep(100), @@ -671,7 +678,8 @@ sys_get_status_h1(Config) -> sys_get_status_h2(Config) -> doc("h2: The sys:get_status/1 function works as expected."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), %% Skip the SETTINGS frame. {ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000), timer:sleep(100), @@ -732,7 +740,8 @@ sys_replace_state_h1(Config) -> sys_replace_state_h2(Config) -> doc("h2: The sys:replace_state/2 function works as expected."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), %% Skip the SETTINGS frame. {ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000), timer:sleep(100), @@ -801,7 +810,8 @@ sys_suspend_and_resume_h1(Config) -> sys_suspend_and_resume_h2(Config) -> doc("h2: The sys:suspend/1 and sys:resume/1 functions work as expected."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), do_http2_handshake(Socket), Pid = get_remote_pid_tls(Socket), %% Suspend the process and try to get a request in. The @@ -880,7 +890,8 @@ sys_terminate_h1(Config) -> sys_terminate_h2(Config) -> doc("h2: The sys:terminate/2,3 function works as expected."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), %% Skip the SETTINGS frame. {ok, <<_,_,_,4,_/bits>>} = ssl:recv(Socket, 0, 1000), timer:sleep(100), @@ -983,7 +994,8 @@ supervisor_count_children_h1(Config) -> supervisor_count_children_h2(Config) -> doc("h2: The function supervisor:count_children/1 must work."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), do_http2_handshake(Socket), Pid = get_remote_pid_tls(Socket), %% No request was sent so there's no children. @@ -1055,7 +1067,8 @@ supervisor_delete_child_not_found_h1(Config) -> supervisor_delete_child_not_found_h2(Config) -> doc("h2: The function supervisor:delete_child/2 must return {error, not_found}."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), do_http2_handshake(Socket), Pid = get_remote_pid_tls(Socket), %% When no children exist. @@ -1114,7 +1127,8 @@ supervisor_get_childspec_not_found_h1(Config) -> supervisor_get_childspec_not_found_h2(Config) -> doc("h2: The function supervisor:get_childspec/2 must return {error, not_found}."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), do_http2_handshake(Socket), Pid = get_remote_pid_tls(Socket), %% When no children exist. @@ -1173,7 +1187,8 @@ supervisor_restart_child_not_found_h1(Config) -> supervisor_restart_child_not_found_h2(Config) -> doc("h2: The function supervisor:restart_child/2 must return {error, not_found}."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), do_http2_handshake(Socket), Pid = get_remote_pid_tls(Socket), %% When no children exist. @@ -1227,7 +1242,8 @@ supervisor_start_child_not_found_h1(Config) -> supervisor_start_child_not_found_h2(Config) -> doc("h2: The function supervisor:start_child/2 must return {error, start_child_disabled}."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), do_http2_handshake(Socket), Pid = get_remote_pid_tls(Socket), {error, start_child_disabled} = supervisor:start_child(Pid, #{ @@ -1281,7 +1297,8 @@ supervisor_terminate_child_not_found_h1(Config) -> supervisor_terminate_child_not_found_h2(Config) -> doc("h2: The function supervisor:terminate_child/2 must return {error, not_found}."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), do_http2_handshake(Socket), Pid = get_remote_pid_tls(Socket), %% When no children exist. @@ -1344,7 +1361,8 @@ supervisor_which_children_h1(Config) -> supervisor_which_children_h2(Config) -> doc("h2: The function supervisor:which_children/1 must work."), {ok, Socket} = ssl:connect("localhost", config(tls_port, Config), - [{active, false}, binary, {alpn_advertised_protocols, [<<"h2">>]}]), + [{active, false}, binary, {versions, ['tlsv1.2']}, + {alpn_advertised_protocols, [<<"h2">>]}]), do_http2_handshake(Socket), Pid = get_remote_pid_tls(Socket), %% No request was sent so there's no children. -- cgit v1.2.3