%%
%% %CopyrightBegin%
%%
%% Copyright Ericsson AB 2008-2012. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
%% compliance with the License. You should have received a copy of the
%% Erlang Public License along with this software. If not, it can be
%% retrieved online at http://www.erlang.org/.
%%
%% Software distributed under the License is distributed on an "AS IS"
%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
%% the License for the specific language governing rights and limitations
%% under the License.
%%
%% %CopyrightEnd%
%%
%%
-module(ssl_npn_handshake_SUITE).
%% Note: This directive should only be used in test suites.
-compile(export_all).
-include_lib("common_test/include/ct.hrl").
suite() -> [{ct_hooks,[ts_install_cth]}].
init_per_suite(Config) ->
catch crypto:stop(),
try crypto:start() of
ok ->
application:start(public_key),
ssl:start(),
Result =
(catch make_certs:all(?config(data_dir, Config),
?config(priv_dir, Config))),
test_server:format("Make certs ~p~n", [Result]),
ssl_test_lib:cert_options(Config)
catch _:_ ->
{skip, "Crypto did not start"}
end.
end_per_suite(_Config) ->
ssl:stop(),
application:stop(crypto).
all() ->
[validate_empty_protocols_are_not_allowed_test,
validate_empty_advertisement_list_is_allowed_test,
validate_advertisement_must_be_a_binary_list_test,
validate_client_protocols_must_be_a_tuple_test,
perform_normal_npn_handshake_server_preference_test,
perform_normal_npn_handshake_client_preference_test,
perform_fallback_npn_handshake_test,
perform_fallback_npn_handshake_server_preference_test,
perform_client_tries_to_negotiate_but_server_does_not_support_test,
perform_client_does_not_try_to_negotiate_but_server_supports_npn_test,
perform_renegotiate_from_client_after_npn_handshake].
connection_info_result(Socket) ->
ssl:connection_info(Socket).
validate_empty_protocols_are_not_allowed_test(_Config) ->
{error, {eoptions, {next_protocols_advertised, {invalid_protocol, <<>>}}}}
= (catch ssl:listen(9443,
[{next_protocols_advertised, [<<"foo/1">>, <<"">>]}])),
{error, {eoptions, {client_preferred_next_protocols, {invalid_protocol, <<>>}}}}
= (catch ssl:connect({127,0,0,1}, 9443,
[{client_preferred_next_protocols,
{client, [<<"foo/1">>, <<"">>], <<"foox/1">>}}], infinity)),
Option = {client_preferred_next_protocols, {invalid_protocol, <<"">>}},
{error, {eoptions, Option}} = (catch ssl:connect({127,0,0,1}, 9443, [Option], infinity)).
validate_empty_advertisement_list_is_allowed_test(_Config) ->
Option = {next_protocols_advertised, []},
{ok, Socket} = ssl:listen(0, [Option]),
ssl:close(Socket).
validate_advertisement_must_be_a_binary_list_test(_Config) ->
Option = {next_protocols_advertised, blah},
{error, {eoptions, Option}} = (catch ssl:listen(9443, [Option])).
validate_client_protocols_must_be_a_tuple_test(_Config) ->
Option = {client_preferred_next_protocols, [<<"foo/1">>]},
{error, {eoptions, Option}} = (catch ssl:connect({127,0,0,1}, 9443, [Option])).
perform_client_does_not_try_to_negotiate_but_server_supports_npn_test(Config) ->
run_npn_handshake_test(Config,
[],
[{next_protocols_advertised, [<<"spdy/1">>, <<"http/1.1">>, <<"http/1.0">>]}],
{error, next_protocol_not_negotiated}).
perform_client_tries_to_negotiate_but_server_does_not_support_test(Config) ->
run_npn_handshake_test(Config,
[{client_preferred_next_protocols, {client, [<<"spdy/2">>], <<"http/1.1">>}}],
[],
{error, next_protocol_not_negotiated}).
perform_fallback_npn_handshake_test(Config) ->
run_npn_handshake_test(Config,
[{client_preferred_next_protocols, {client, [<<"spdy/2">>], <<"http/1.1">>}}],
[{next_protocols_advertised, [<<"spdy/1">>, <<"http/1.1">>, <<"http/1.0">>]}],
{ok, <<"http/1.1">>}).
perform_fallback_npn_handshake_server_preference_test(Config) ->
run_npn_handshake_test(Config,
[{client_preferred_next_protocols, {server, [<<"spdy/2">>], <<"http/1.1">>}}],
[{next_protocols_advertised, [<<"spdy/1">>, <<"http/1.1">>, <<"http/1.0">>]}],
{ok, <<"http/1.1">>}).
perform_normal_npn_handshake_client_preference_test(Config) ->
run_npn_handshake_test(Config,
[{client_preferred_next_protocols,
{client, [<<"http/1.0">>, <<"http/1.1">>], <<"http/1.1">>}}],
[{next_protocols_advertised, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}],
{ok, <<"http/1.0">>}).
perform_normal_npn_handshake_server_preference_test(Config) ->
run_npn_handshake_test(Config,
[{client_preferred_next_protocols,
{server, [<<"http/1.0">>, <<"http/1.1">>], <<"http/1.1">>}}],
[{next_protocols_advertised, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}],
{ok, <<"http/1.1">>}).
perform_renegotiate_from_client_after_npn_handshake(Config) ->
Data = "hello world",
ClientOpts0 = ?config(client_opts, Config),
ClientOpts = [{client_preferred_next_protocols,
{client, [<<"http/1.0">>], <<"http/1.1">>}}] ++ ClientOpts0,
ServerOpts0 = ?config(server_opts, Config),
ServerOpts = [{next_protocols_advertised,
[<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}] ++ ServerOpts0,
ExpectedProtocol = {ok, <<"http/1.0">>},
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
{mfa, {?MODULE, ssl_receive_and_assert_npn, [ExpectedProtocol, Data]}},
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
{mfa, {?MODULE, assert_npn_and_renegotiate_and_send_data, [ExpectedProtocol, Data]}},
{options, ClientOpts}]),
ssl_test_lib:check_result(Server, ok, Client, ok).
%--------------------------------------------------------------------------------
run_npn_handshake_test(Config, ClientExtraOpts, ServerExtraOpts, ExpectedProtocol) ->
Data = "hello world",
ClientOpts0 = ?config(client_opts, Config),
ClientOpts = ClientExtraOpts ++ ClientOpts0,
ServerOpts0 = ?config(server_opts, Config),
ServerOpts = ServerExtraOpts ++ ServerOpts0,
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
{mfa, {?MODULE, ssl_receive_and_assert_npn, [ExpectedProtocol, Data]}},
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
{mfa, {?MODULE, ssl_send_and_assert_npn, [ExpectedProtocol, Data]}},
{options, ClientOpts}]),
ssl_test_lib:check_result(Server, ok, Client, ok).
assert_npn(Socket, Protocol) ->
test_server:format("Negotiated Protocol ~p, Expecting: ~p ~n",
[ssl:negotiated_next_protocol(Socket), Protocol]),
Protocol = ssl:negotiated_next_protocol(Socket).
assert_npn_and_renegotiate_and_send_data(Socket, Protocol, Data) ->
assert_npn(Socket, Protocol),
test_server:format("Renegotiating ~n", []),
ok = ssl:renegotiate(Socket),
ssl:send(Socket, Data),
assert_npn(Socket, Protocol),
ok.
ssl_send_and_assert_npn(Socket, Protocol, Data) ->
assert_npn(Socket, Protocol),
ssl_send(Socket, Data).
ssl_receive_and_assert_npn(Socket, Protocol, Data) ->
assert_npn(Socket, Protocol),
ssl_receive(Socket, Data).
ssl_send(Socket, Data) ->
test_server:format("Connection info: ~p~n",
[ssl:connection_info(Socket)]),
ssl:send(Socket, Data).
ssl_receive(Socket, Data) ->
ssl_receive(Socket, Data, []).
ssl_receive(Socket, Data, Buffer) ->
test_server:format("Connection info: ~p~n",
[ssl:connection_info(Socket)]),
receive
{ssl, Socket, MoreData} ->
test_server:format("Received ~p~n",[MoreData]),
NewBuffer = Buffer ++ MoreData,
case NewBuffer of
Data ->
ssl:send(Socket, "Got it"),
ok;
_ ->
ssl_receive(Socket, Data, NewBuffer)
end;
Other ->
test_server:fail({unexpected_message, Other})
after 4000 ->
test_server:fail({did_not_get, Data})
end.