aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErlang/OTP <[email protected]>2019-06-17 16:51:17 +0200
committerErlang/OTP <[email protected]>2019-06-17 16:51:17 +0200
commita3b1191abf3d5c0157f51d915053bcca6bec107c (patch)
tree986b47b93fe565e03e6a3f2f3fe3639f2a90a844
parentff0ac9ba35a5c8790c8cd3cda1b68fc59cc37449 (diff)
parent021607a213435344db07662bc79ea4895b6b94e6 (diff)
downloadotp-a3b1191abf3d5c0157f51d915053bcca6bec107c.tar.gz
otp-a3b1191abf3d5c0157f51d915053bcca6bec107c.tar.bz2
otp-a3b1191abf3d5c0157f51d915053bcca6bec107c.zip
Merge branch 'peterdmv/ssl/fix-handshake-hello/ERL-975/OTP-15888' into maint-22
* peterdmv/ssl/fix-handshake-hello/ERL-975/OTP-15888: ssl: Fix negative tests in ssl_basic_SUITE ssl: Fix run_client_error/1 in ssl_test_lib ssl: Fix ssl_handshake:extension_value/1
-rw-r--r--lib/ssl/src/ssl_handshake.erl11
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl68
-rw-r--r--lib/ssl/test/ssl_test_lib.erl10
3 files changed, 63 insertions, 26 deletions
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 5a6e6de819..fbed7258c6 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -1471,7 +1471,16 @@ extension_value(#next_protocol_negotiation{extension_data = Data}) ->
extension_value(#srp{username = Name}) ->
Name;
extension_value(#renegotiation_info{renegotiated_connection = Data}) ->
- Data.
+ Data;
+extension_value(#signature_algorithms{signature_scheme_list = Schemes}) ->
+ Schemes;
+extension_value(#signature_algorithms_cert{signature_scheme_list = Schemes}) ->
+ Schemes;
+extension_value(#key_share_client_hello{client_shares = ClientShares}) ->
+ ClientShares;
+extension_value(#client_hello_versions{versions = Versions}) ->
+ Versions.
+
%%--------------------------------------------------------------------
%%% Internal functions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 93c03daa45..4f6ea6c886 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -244,7 +244,8 @@ rizzo_tests() ->
%% For testing TLS 1.3 features and possible regressions
tls13_test_group() ->
- [tls13_enable_client_side,
+ [handshake_continue_tls13_client,
+ tls13_enable_client_side,
tls13_enable_server_side,
tls_record_1_3_encode_decode,
tls13_finished_verify_data,
@@ -672,6 +673,43 @@ handshake_continue(Config) when is_list(Config) ->
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+handshake_continue_tls13_client() ->
+ [{doc, "Test API function ssl:handshake_continue/3"}].
+handshake_continue_tls13_client(Config) when is_list(Config) ->
+ ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
+ ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
+
+ ClientOptsHello0 = ssl_test_lib:ssl_options([{handshake, hello}], Config),
+ ClientOptsHello = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOptsHello0],
+
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {ssl_test_lib, send_recv_result_active, []}},
+ {options, ssl_test_lib:ssl_options([{reuseaddr, true}, {handshake, hello}],
+ Config)},
+ {continue_options, proplists:delete(reuseaddr, ServerOpts)}
+ ]),
+
+ Port = ssl_test_lib:inet_port(Server),
+
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {ssl_test_lib, send_recv_result_active, []}},
+ {options, ClientOptsHello},
+ {continue_options, proplists:delete(reuseaddr, ClientOpts)}]),
+
+ ssl_test_lib:check_result(Server, ok, Client, ok),
+
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client).
+
+
%%------------------------------------------------------------------
handshake_continue_timeout() ->
[{doc, "Test API function ssl:handshake_continue/3 with short timeout"}].
@@ -5482,14 +5520,11 @@ tls13_client_auth_empty_cert_alert_ssl_server_openssl_client(Config) ->
Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
- ssl_test_lib:check_result(Server,
- {error,
- {tls_alert,
- {certificate_required,
- "received SERVER ALERT: Fatal - Certificate required - certificate_required"}}}),
+ ssl_test_lib:check_server_alert(Server, certificate_required),
ssl_test_lib:close(Server),
ssl_test_lib:close_port(Client).
+
tls13_client_auth_empty_cert_ssl_server_openssl_client() ->
[{doc,"TLS 1.3: Test client authentication when client sends an empty certificate and fail_if_no_peer_cert is set to false."}].
@@ -5571,11 +5606,7 @@ tls13_hrr_client_auth_empty_cert_alert_ssl_server_openssl_client(Config) ->
Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
- ssl_test_lib:check_result(Server,
- {error,
- {tls_alert,
- {certificate_required,
- "received SERVER ALERT: Fatal - Certificate required - certificate_required"}}}),
+ ssl_test_lib:check_server_alert(Server, certificate_required),
ssl_test_lib:close(Server),
ssl_test_lib:close_port(Client).
@@ -5662,13 +5693,7 @@ tls13_unsupported_sign_algo_client_auth_ssl_server_openssl_client(Config) ->
Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
- ssl_test_lib:check_result(
- Server,
- {error,
- {tls_alert,
- {insufficient_security,
- "received SERVER ALERT: Fatal - Insufficient Security - "
- "\"No suitable signature algorithm\""}}}),
+ ssl_test_lib:check_server_alert(Server, insufficient_security),
ssl_test_lib:close(Server),
ssl_test_lib:close_port(Client).
@@ -5701,12 +5726,7 @@ tls13_unsupported_sign_algo_cert_client_auth_ssl_server_openssl_client(Config) -
Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
- ssl_test_lib:check_result(
- Server,
- {error,
- {tls_alert,
- {illegal_parameter,
- "received CLIENT ALERT: Fatal - Illegal Parameter"}}}),
+ ssl_test_lib:check_server_alert(Server, certificate_required),
ssl_test_lib:close(Server),
ssl_test_lib:close_port(Client).
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 832f8494c6..d46ba1f787 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1103,7 +1103,15 @@ run_client_error(Opts) ->
Options = proplists:get_value(options, Opts),
ct:log("~p:~p~nssl:connect(~p, ~p, ~p)~n", [?MODULE,?LINE, Host, Port, Options]),
Error = Transport:connect(Host, Port, Options),
- Pid ! {self(), Error}.
+ case Error of
+ {error, _} ->
+ Pid ! {self(), Error};
+ {ok, _Socket} ->
+ receive
+ {ssl_error, _, {tls_alert, _}} = SslError ->
+ Pid ! {self(), SslError}
+ end
+ end.
accepters(N) ->
accepters([], N).