diff options
| author | Loïc Hoguin <[email protected]> | 2024-03-14 15:41:30 +0100 |
|---|---|---|
| committer | Loïc Hoguin <[email protected]> | 2024-03-14 15:41:30 +0100 |
| commit | 8b5f1609faffcf1166ca54c08df4ca9216c51993 (patch) | |
| tree | 8360c67d59714c1641764debc2c074e4eaa90604 /test | |
| parent | 5e177270a2be530bbec55381d0fe66a252c3a998 (diff) | |
| download | gun-8b5f1609faffcf1166ca54c08df4ca9216c51993.tar.gz gun-8b5f1609faffcf1166ca54c08df4ca9216c51993.tar.bz2 gun-8b5f1609faffcf1166ca54c08df4ca9216c51993.zip | |
Use public_key:cacerts_get/0 when possible
Also "fix" many TLS test failures due to yet more changes
in the default options for TLS.
Also small changes to make Dialyzer happy.
Diffstat (limited to 'test')
| -rw-r--r-- | test/event_SUITE.erl | 4 | ||||
| -rw-r--r-- | test/gun_SUITE.erl | 10 | ||||
| -rw-r--r-- | test/gun_test.erl | 7 | ||||
| -rw-r--r-- | test/rfc7231_SUITE.erl | 3 | ||||
| -rw-r--r-- | test/rfc7540_SUITE.erl | 4 | ||||
| -rw-r--r-- | test/socks_SUITE.erl | 3 |
6 files changed, 22 insertions, 9 deletions
diff --git a/test/event_SUITE.erl b/test/event_SUITE.erl index e7def6e..81cdf09 100644 --- a/test/event_SUITE.erl +++ b/test/event_SUITE.erl @@ -55,7 +55,9 @@ init_per_suite(Config) -> }, {ok, _} = cowboy:start_clear({?MODULE, tcp}, [], ProtoOpts), TCPOriginPort = ranch:get_port({?MODULE, tcp}), - {ok, _} = cowboy:start_tls({?MODULE, tls}, ct_helper:get_certs_from_ets(), ProtoOpts), + {ok, _} = cowboy:start_tls({?MODULE, tls}, + [{fail_if_no_peer_cert, false}|ct_helper:get_certs_from_ets()], + ProtoOpts), TLSOriginPort = ranch:get_port({?MODULE, tls}), [{tcp_origin_port, TCPOriginPort}, {tls_origin_port, TLSOriginPort}|Config]. diff --git a/test/gun_SUITE.erl b/test/gun_SUITE.erl index 656158e..8b90774 100644 --- a/test/gun_SUITE.erl +++ b/test/gun_SUITE.erl @@ -462,13 +462,15 @@ server_name_indication_custom(_) -> do_server_name_indication("localhost", net_adm:localhost(), #{ tls_opts => [ {verify, verify_none}, {versions, ['tlsv1.2']}, + {fail_if_no_peer_cert, false}, {server_name_indication, net_adm:localhost()}] }). server_name_indication_default(_) -> doc("Ensure a default server_name_indication is accepted."), do_server_name_indication(net_adm:localhost(), net_adm:localhost(), #{ - tls_opts => [{verify, verify_none}, {versions, ['tlsv1.2']}] + tls_opts => [{verify, verify_none}, {versions, ['tlsv1.2']}, + {fail_if_no_peer_cert, false}] }). do_server_name_indication(Host, Expected, GunOpts) -> @@ -630,7 +632,8 @@ tls_handshake_error_gun_http2_init_retry_0(_) -> }}, protocols => [http2], retry => 0, - transport => tls + transport => tls, + tls_opts => [{verify, verify_none}] }), {error, {down, {shutdown, closed}}} = gun:await_up(ConnPid), gun:close(ConnPid). @@ -665,7 +668,8 @@ tls_handshake_error_gun_http2_init_retry_1(_) -> }}, protocols => [http2], retry => 1, - transport => tls + transport => tls, + tls_opts => [{verify, verify_none}] }), {error, {down, {shutdown, closed}}} = gun:await_up(ConnPid), gun:close(ConnPid). diff --git a/test/gun_test.erl b/test/gun_test.erl index 18fcfbf..cffeed5 100644 --- a/test/gun_test.erl +++ b/test/gun_test.erl @@ -24,7 +24,9 @@ init_cowboy_tcp(Ref, ProtoOpts, Config) -> init_cowboy_tls(Ref, ProtoOpts, Config) -> Opts = ct_helper:get_certs_from_ets(), - {ok, _} = cowboy:start_tls(Ref, Opts ++ [{port, 0}], ProtoOpts), + {ok, _} = cowboy:start_tls(Ref, + [{verify, verify_none}, {fail_if_no_peer_cert, false}] + ++ Opts ++ [{port, 0}], ProtoOpts), [{ref, Ref}, {port, ranch:get_port(Ref)}|Config]. %% Origin server helpers. @@ -64,7 +66,8 @@ init_origin(Parent, tls, Protocol, Fun) -> end, %% sni_hosts is necessary for SNI tests to succeed. Opts = [{sni_hosts, [{net_adm:localhost(), []}]}|Opts1], - {ok, ListenSocket} = ssl:listen(0, [binary, {active, false}|Opts]), + {ok, ListenSocket} = ssl:listen(0, [binary, {active, false}, + {fail_if_no_peer_cert, false}|Opts]), {ok, {_, Port}} = ssl:sockname(ListenSocket), Parent ! {self(), Port}, {ok, ClientSocket0} = ssl:transport_accept(ListenSocket, 5000), diff --git a/test/rfc7231_SUITE.erl b/test/rfc7231_SUITE.erl index a5e1fe5..f3a780e 100644 --- a/test/rfc7231_SUITE.erl +++ b/test/rfc7231_SUITE.erl @@ -55,7 +55,8 @@ do_proxy_init(Parent, Transport, Status, ConnectRespHeaders, Delay, ConnectRespV gen_tcp:listen(0, [binary, {active, false}]); gun_tls -> Opts = ct_helper:get_certs_from_ets(), - ssl:listen(0, [binary, {active, false}|Opts]) + ssl:listen(0, [binary, {active, false}, {verify, verify_none}, + {fail_if_no_peer_cert, false}|Opts]) end, {ok, {_, Port}} = Transport:sockname(ListenSocket), Parent ! {self(), Port}, diff --git a/test/rfc7540_SUITE.erl b/test/rfc7540_SUITE.erl index ac88469..79ae347 100644 --- a/test/rfc7540_SUITE.erl +++ b/test/rfc7540_SUITE.erl @@ -62,7 +62,9 @@ do_proxy_init(Proxy=#proxy{parent=Parent, transport=Transport}) -> gen_tcp:listen(0, [binary, {active, false}]); gun_tls -> Opts = ct_helper:get_certs_from_ets(), - ssl:listen(0, [binary, {active, false}, {alpn_preferred_protocols, [<<"h2">>]}|Opts]) + ssl:listen(0, [binary, {active, false}, {verify, verify_none}, + {fail_if_no_peer_cert, false}, + {alpn_preferred_protocols, [<<"h2">>]}|Opts]) end, {ok, {_, Port}} = Transport:sockname(ListenSocket), Parent ! {self(), Port}, diff --git a/test/socks_SUITE.erl b/test/socks_SUITE.erl index bd88cbb..19d15ca 100644 --- a/test/socks_SUITE.erl +++ b/test/socks_SUITE.erl @@ -50,7 +50,8 @@ do_proxy_init(Parent, Transport, Auth) -> gen_tcp:listen(0, [binary, {active, false}]); gun_tls -> Opts = ct_helper:get_certs_from_ets(), - ssl:listen(0, [binary, {active, false}|Opts]) + ssl:listen(0, [binary, {active, false}, {verify, verify_none}, + {fail_if_no_peer_cert, false}|Opts]) end, {ok, {_, Port}} = Transport:sockname(ListenSocket), Parent ! {self(), Port}, |