aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2011-09-28 09:12:38 +0200
committerIngela Anderton Andin <[email protected]>2011-09-28 09:12:38 +0200
commitdf735da124c10ace126f49ab0153c905d0819a30 (patch)
treed30777f61025b4bfdfc9d1e26d6ee6e46859e4f3
parent6878e54486be7880b3c885b1903ed2093238a6b5 (diff)
parentcbb7313a14f83b3947c9d2067f5ebcabc0c0b3a0 (diff)
downloadotp-df735da124c10ace126f49ab0153c905d0819a30.tar.gz
otp-df735da124c10ace126f49ab0153c905d0819a30.tar.bz2
otp-df735da124c10ace126f49ab0153c905d0819a30.zip
Merge remote branch 'upstream/dev' into major
* upstream/dev: Both the SSLv3 and TLS 1.0/TLS 1.1 specifications require implementations to ignore data following the ClientHello (i.e., extensions) if they do not understand them. fix unknown ssl extension parsing by changing length from bits to bytes Temporary disable tests on MAC due to issus with the MAC ODBC drivers
-rw-r--r--lib/odbc/test/odbc_test_lib.erl29
-rw-r--r--lib/ssl/src/ssl_handshake.erl9
-rw-r--r--lib/ssl/test/Makefile5
-rw-r--r--lib/ssl/test/ssl_handshake_SUITE.erl67
4 files changed, 95 insertions, 15 deletions
diff --git a/lib/odbc/test/odbc_test_lib.erl b/lib/odbc/test/odbc_test_lib.erl
index 4d7d1ae2fa..a8439d5fb6 100644
--- a/lib/odbc/test/odbc_test_lib.erl
+++ b/lib/odbc/test/odbc_test_lib.erl
@@ -36,18 +36,25 @@ match_float(Float, Match, Delta) ->
(Float < Match + Delta) and (Float > Match - Delta).
odbc_check() ->
- case erlang:system_info({wordsize, external}) of
- 4 ->
- ok;
- Other ->
- case os:type() of
- {unix, linux} ->
+ case os:type() of
+ {unix,darwin} ->
+ lists:flatten(
+ io_lib:format("Currently we have no working drivers for MAC",
+ []));
+ _ ->
+ case erlang:system_info({wordsize, external}) of
+ 4 ->
ok;
- Platform ->
- lists:flatten(
- io_lib:format("Word on platform ~w size"
- " ~w not supported", [Other,
- Platform]))
+ Other ->
+ case os:type() of
+ {unix, linux} ->
+ ok;
+ Platform ->
+ lists:flatten(
+ io_lib:format("Word on platform ~w size"
+ " ~w not supported", [Other,
+ Platform]))
+ end
end
end.
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 453ea20f99..f873a6a913 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -39,6 +39,8 @@
encode_handshake/2, init_hashes/0, update_hashes/2,
decrypt_premaster_secret/2]).
+-export([dec_hello_extensions/2]).
+
-type tls_handshake() :: #client_hello{} | #server_hello{} |
#server_hello_done{} | #certificate{} | #certificate_request{} |
#client_key_exchange{} | #finished{} | #certificate_verify{} |
@@ -912,9 +914,12 @@ dec_hello_extensions(<<?UINT16(?RENEGOTIATION_EXT), ?UINT16(Len), Info:Len/binar
end,
dec_hello_extensions(Rest, [{renegotiation_info,
#renegotiation_info{renegotiated_connection = RenegotiateInfo}} | Acc]);
-dec_hello_extensions(<<?UINT16(_), ?UINT16(Len), _Unknown:Len, Rest/binary>>, Acc) ->
+
+%% Ignore data following the ClientHello (i.e.,
+%% extensions) if not understood.
+dec_hello_extensions(<<?UINT16(_), ?UINT16(Len), _Unknown:Len/binary, Rest/binary>>, Acc) ->
dec_hello_extensions(Rest, Acc);
-%% Need this clause?
+%% This theoretically should not happen if the protocol is followed, but if it does it is ignored.
dec_hello_extensions(_, Acc) ->
Acc.
diff --git a/lib/ssl/test/Makefile b/lib/ssl/test/Makefile
index 45a401aa68..38bc529445 100644
--- a/lib/ssl/test/Makefile
+++ b/lib/ssl/test/Makefile
@@ -35,8 +35,9 @@ VSN=$(GS_VSN)
# ----------------------------------------------------
MODULES = \
- ssl_test_lib \
+ ssl_test_lib \
ssl_basic_SUITE \
+ ssl_handshake_SUITE \
ssl_packet_SUITE \
ssl_payload_SUITE \
ssl_to_openssl_SUITE \
@@ -46,7 +47,7 @@ MODULES = \
old_ssl_active_SUITE \
old_ssl_active_once_SUITE \
old_ssl_passive_SUITE \
- old_ssl_verify_SUITE \
+ old_ssl_verify_SUITE \
old_ssl_peer_cert_SUITE \
old_ssl_misc_SUITE \
old_ssl_protocol_SUITE \
diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl
new file mode 100644
index 0000000000..08c23b2d47
--- /dev/null
+++ b/lib/ssl/test/ssl_handshake_SUITE.erl
@@ -0,0 +1,67 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+
+-module(ssl_handshake_SUITE).
+
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+-include("ssl_internal.hrl").
+-include("ssl_handshake.hrl").
+
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() -> [
+ decode_hello_handshake,
+ decode_single_hello_extension_correctly,
+ decode_unknown_hello_extension_correctly].
+
+decode_hello_handshake(_Config) ->
+ HelloPacket = <<16#02, 16#00, 16#00,
+ 16#44, 16#03, 16#03, 16#4e, 16#7f, 16#c1, 16#03, 16#35,
+ 16#c2, 16#07, 16#b9, 16#4a, 16#58, 16#af, 16#34, 16#07,
+ 16#a6, 16#7e, 16#ef, 16#52, 16#cb, 16#e0, 16#ea, 16#b7,
+ 16#aa, 16#47, 16#c8, 16#c2, 16#2c, 16#66, 16#fa, 16#f8,
+ 16#09, 16#42, 16#cf, 16#00, 16#c0, 16#30, 16#00, 16#00,
+ 16#1c,
+ 16#00, 16#0b, 16#00, 16#04, 16#03, 16#00, 16#01, 16#02, % ec_point_formats
+ 16#ff, 16#01, 16#00, 16#01, 16#00, %% renegotiate
+ 16#00, 16#23,
+ 16#00, 16#00, 16#33, 16#74, 16#00, 16#07, 16#06, 16#73,
+ 16#70, 16#64, 16#79, 16#2f, 16#32>>,
+
+ {Records, _Buffer} = ssl_handshake:get_tls_handshake(HelloPacket, <<>>),
+
+ {Hello, _Data} = hd(Records),
+ #renegotiation_info{renegotiated_connection = <<0>>} = Hello#server_hello.renegotiation_info.
+
+decode_single_hello_extension_correctly(_Config) ->
+ Renegotiation = <<?UINT16(?RENEGOTIATION_EXT), ?UINT16(1), 0>>,
+ Extensions = ssl_handshake:dec_hello_extensions(Renegotiation, []),
+ [{renegotiation_info,#renegotiation_info{renegotiated_connection = <<0>>}}] = Extensions.
+
+
+decode_unknown_hello_extension_correctly(_Config) ->
+ FourByteUnknown = <<16#CA,16#FE, ?UINT16(4), 3, 0, 1, 2>>,
+ Renegotiation = <<?UINT16(?RENEGOTIATION_EXT), ?UINT16(1), 0>>,
+ Extensions = ssl_handshake:dec_hello_extensions(<<FourByteUnknown/binary, Renegotiation/binary>>, []),
+ [{renegotiation_info,#renegotiation_info{renegotiated_connection = <<0>>}}] = Extensions.
+