aboutsummaryrefslogblamecommitdiffstats
path: root/lib/ssl/test/old_ssl_peer_cert_SUITE.erl
blob: f0b8db2607ad8c10caa1dcd3579c4d4756090686 (plain) (tree)



















































































































































































                                                                           
%%
%% %CopyrightBegin%
%% 
%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
%% 
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
%% compliance with the License. You should have received a copy of the
%% Erlang Public License along with this software. If not, it can be
%% retrieved online at http://www.erlang.org/.
%% 
%% Software distributed under the License is distributed on an "AS IS"
%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
%% the License for the specific language governing rights and limitations
%% under the License.
%% 
%% %CopyrightEnd%
%%

%%
-module(old_ssl_peer_cert_SUITE).

-export([all/1,
	 init_per_testcase/2,
	 fin_per_testcase/2,
	 config/1,
	 finish/1,
	 cinit_plain/1,
	 cinit_both_verify/1,
	 cinit_cnocert/1
	 ]).

-import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
			   test_server_only/6]).
-include("test_server.hrl").
-include("ssl_test_MACHINE.hrl").


init_per_testcase(_Case, Config) ->
    WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
    [{watchdog, WatchDog}| Config].

fin_per_testcase(_Case, Config) ->
    WatchDog = ?config(watchdog, Config),
    test_server:timetrap_cancel(WatchDog).

all(doc) ->
    "Test of ssl verification and peer certificate retrieval.";
all(suite) ->
    {conf,
     config,
     [cinit_plain,
      cinit_both_verify,
      cinit_cnocert],
     finish}.

config(doc) ->
    "Want to se what Config contains.";
config(suite) ->
    [];
config(Config) ->
    io:format("Config: ~p~n", [Config]),

    %% Check if SSL exists. If this case fails, all other cases are skipped
    case ssl:start() of
	ok -> ssl:stop();
	{error, {already_started, _}} -> ssl:stop();
	Error -> ?t:fail({failed_starting_ssl,Error})
    end,
    Config.

finish(doc) ->
    "This test case has no mission other than closing the conf case";
finish(suite) ->
    [];
finish(Config) ->
    Config.

cinit_plain(doc) ->
    "Server closes after accept, Client waits for close. Both have certs "
	"but both use the defaults for verify and depth, but still tries "
	"to retreive each others certificates.";
cinit_plain(suite) ->
    [];
cinit_plain(Config) when list(Config) ->
    process_flag(trap_exit, true),
    DataSize = 1000, LPort = 3456,
    Timeout = 40000, NConns = 1,

    ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),

    ?line {ok, Host} = inet:gethostname(),

    LCmds = [{sockopts, [{backlog, NConns}]},
	     {sslopts, SsslOpts},
	     {listen, LPort}, 
	     wait_sync,
	     lclose],
    ACmds = [{timeout, Timeout}, 
	     accept,
	     nopeercert,
	     {recv, DataSize},
	     close],
    CCmds = [{timeout, Timeout}, 
	     {sslopts, CsslOpts},
	     {connect, {Host, LPort}},
	     peercert,
	     {send, DataSize},
	     await_close],
    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, 
			    ?MODULE, Config).

cinit_both_verify(doc) ->
    "Server closes after accept, Client waits for close. Both have certs "
	"and both verify each other.";
cinit_both_verify(suite) ->
    [];
cinit_both_verify(Config) when list(Config) ->
    process_flag(trap_exit, true),
    DataSize = 1000, LPort = 3456,
    Timeout = 40000, NConns = 1,

    ?line {ok, {CsslOpts0, SsslOpts0}} = mk_ssl_cert_opts(Config),
    ?line CsslOpts = [{verify, 2}, {depth, 2} | CsslOpts0],
    ?line SsslOpts = [{verify, 2}, {depth, 3} | SsslOpts0],

    ?line {ok, Host} = inet:gethostname(),

    LCmds = [{sockopts, [{backlog, NConns}]},
	     {sslopts, SsslOpts},
	     {listen, LPort}, 
	     wait_sync,
	     lclose],
    ACmds = [{timeout, Timeout}, 
	     accept,
	     peercert,
	     {recv, DataSize},
	     close],
    CCmds = [{timeout, Timeout}, 
	     {sslopts, CsslOpts},
	     {connect, {Host, LPort}},
	     peercert,
	     {send, DataSize},
	     await_close],
    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, 
			    ?MODULE, Config).

cinit_cnocert(doc) ->
    "Client has no cert. Nor the client, nor the server is verifying its "
	"peer. Server closes, client waits for close.";
cinit_cnocert(suite) ->
    [];
cinit_cnocert(Config) when list(Config) ->
    process_flag(trap_exit, true),
    DataSize = 1000, LPort = 3457,
    Timeout = 40000, NConns = 1,

    ?line {ok, {_, SsslOpts0}} = mk_ssl_cert_opts(Config),
    ?line SsslOpts = [{verify, 0}, {depth, 2} | SsslOpts0],

    ?line {ok, Host} = inet:gethostname(),

    LCmds = [{sockopts, [{backlog, NConns}]},
	     {sslopts, SsslOpts},
	     {listen, LPort}, 
	     wait_sync,
	     lclose],
    ACmds = [{timeout, Timeout}, 
	     accept,
	     {recv, DataSize},
	     close],
    CCmds = [{timeout, Timeout}, 
	     {connect, {Host, LPort}},
	     peercert,
	     {send, DataSize},
	     await_close],
    ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout,
			    ?MODULE, Config).