diff options
author | Ingela Anderton Andin <[email protected]> | 2015-05-22 09:42:23 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2015-05-22 09:42:23 +0200 |
commit | cfb049920057b7cf93582f6d222156c93ca07db7 (patch) | |
tree | ee3085eab0553df90f4113c45159ea77a0b1f6c2 | |
parent | 709390cb5426d12b0651f134dce7232006a7c3c8 (diff) | |
parent | 718a7553c0f41971b1b6e5d7886851adb550b3b2 (diff) | |
download | otp-cfb049920057b7cf93582f6d222156c93ca07db7.tar.gz otp-cfb049920057b7cf93582f6d222156c93ca07db7.tar.bz2 otp-cfb049920057b7cf93582f6d222156c93ca07db7.zip |
Merge branch 'ia/ssl/SNI-cuddle'
* ia/ssl/SNI-cuddle:
ssl: Make test case timing independent
ssl: Use new API function connection_information in tests
ssl: Increase readability
ssl: Add cleanup to tests
-rw-r--r-- | lib/ssl/test/ssl_alpn_handshake_SUITE.erl | 6 | ||||
-rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 10 | ||||
-rw-r--r-- | lib/ssl/test/ssl_npn_handshake_SUITE.erl | 6 | ||||
-rw-r--r-- | lib/ssl/test/ssl_sni_SUITE.erl | 51 | ||||
-rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 3 | ||||
-rw-r--r-- | lib/ssl/test/ssl_to_openssl_SUITE.erl | 53 |
6 files changed, 73 insertions, 56 deletions
diff --git a/lib/ssl/test/ssl_alpn_handshake_SUITE.erl b/lib/ssl/test/ssl_alpn_handshake_SUITE.erl index ccd70fa605..ae76f5849e 100644 --- a/lib/ssl/test/ssl_alpn_handshake_SUITE.erl +++ b/lib/ssl/test/ssl_alpn_handshake_SUITE.erl @@ -384,7 +384,7 @@ ssl_receive_and_assert_alpn(Socket, Protocol, Data) -> ssl_send(Socket, Data) -> ct:log("Connection info: ~p~n", - [ssl:connection_info(Socket)]), + [ssl:connection_information(Socket)]), ssl:send(Socket, Data). ssl_receive(Socket, Data) -> @@ -392,7 +392,7 @@ ssl_receive(Socket, Data) -> ssl_receive(Socket, Data, Buffer) -> ct:log("Connection info: ~p~n", - [ssl:connection_info(Socket)]), + [ssl:connection_information(Socket)]), receive {ssl, Socket, MoreData} -> ct:log("Received ~p~n",[MoreData]), @@ -411,4 +411,4 @@ ssl_receive(Socket, Data, Buffer) -> end. connection_info_result(Socket) -> - ssl:connection_info(Socket). + ssl:connection_information(Socket). diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index 3495b978b7..e1a36dbbd4 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -384,7 +384,7 @@ new_options_in_accept(Config) when is_list(Config) -> %%-------------------------------------------------------------------- connection_info() -> - [{doc,"Test the API function ssl:connection_info/1"}]. + [{doc,"Test the API function ssl:connection_information/1"}]. connection_info(Config) when is_list(Config) -> ClientOpts = ?config(client_opts, Config), ServerOpts = ?config(server_opts, Config), @@ -2831,7 +2831,7 @@ listen_socket(Config) -> {error, enotconn} = ssl:send(ListenSocket, <<"data">>), {error, enotconn} = ssl:recv(ListenSocket, 0), - {error, enotconn} = ssl:connection_info(ListenSocket), + {error, enotconn} = ssl:connection_information(ListenSocket), {error, enotconn} = ssl:peername(ListenSocket), {error, enotconn} = ssl:peercert(ListenSocket), {error, enotconn} = ssl:session_info(ListenSocket), @@ -3836,10 +3836,10 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) -> end. connection_info_result(Socket) -> - ssl:connection_info(Socket). - + {ok, Info} = ssl:connection_information(Socket, [protocol, cipher_suite]), + {ok, {proplists:get_value(protocol, Info), proplists:get_value(cipher_suite, Info)}}. version_info_result(Socket) -> - {ok, {Version, _}} = ssl:connection_info(Socket), + {ok, [{version, Version}]} = ssl:connection_information(Socket, [version]), {ok, Version}. connect_dist_s(S) -> diff --git a/lib/ssl/test/ssl_npn_handshake_SUITE.erl b/lib/ssl/test/ssl_npn_handshake_SUITE.erl index 326f907e66..8e95679306 100644 --- a/lib/ssl/test/ssl_npn_handshake_SUITE.erl +++ b/lib/ssl/test/ssl_npn_handshake_SUITE.erl @@ -332,7 +332,7 @@ ssl_receive_and_assert_npn(Socket, Protocol, Data) -> ssl_send(Socket, Data) -> ct:log("Connection info: ~p~n", - [ssl:connection_info(Socket)]), + [ssl:connection_information(Socket)]), ssl:send(Socket, Data). ssl_receive(Socket, Data) -> @@ -340,7 +340,7 @@ ssl_receive(Socket, Data) -> ssl_receive(Socket, Data, Buffer) -> ct:log("Connection info: ~p~n", - [ssl:connection_info(Socket)]), + [ssl:connection_information(Socket)]), receive {ssl, Socket, MoreData} -> ct:log("Received ~p~n",[MoreData]), @@ -360,4 +360,4 @@ ssl_receive(Socket, Data, Buffer) -> connection_info_result(Socket) -> - ssl:connection_info(Socket). + ssl:connection_information(Socket). diff --git a/lib/ssl/test/ssl_sni_SUITE.erl b/lib/ssl/test/ssl_sni_SUITE.erl index 46cd644e4d..b059ff991b 100644 --- a/lib/ssl/test/ssl_sni_SUITE.erl +++ b/lib/ssl/test/ssl_sni_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% Copyright Ericsson AB 2015-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -16,7 +16,6 @@ %% %% %CopyrightEnd% %% - %% -module(ssl_sni_SUITE). @@ -31,7 +30,12 @@ %%-------------------------------------------------------------------- suite() -> [{ct_hooks,[ts_install_cth]}]. -all() -> [no_sni_header, sni_match, sni_no_match] ++ [no_sni_header_fun, sni_match_fun, sni_no_match_fun]. +all() -> [no_sni_header, + sni_match, + sni_no_match, + no_sni_header_fun, + sni_match_fun, + sni_no_match_fun]. init_per_suite(Config0) -> catch crypto:stop(), @@ -39,11 +43,11 @@ init_per_suite(Config0) -> ok -> ssl:start(), Result = - (catch make_certs:all(?config(data_dir, Config0), - ?config(priv_dir, Config0))), + (catch make_certs:all(?config(data_dir, Config0), + ?config(priv_dir, Config0))), ct:log("Make certs ~p~n", [Result]), ssl_test_lib:cert_options(Config0) - catch _:_ -> + catch _:_ -> {skip, "Crypto did not start"} end. @@ -76,8 +80,6 @@ sni_no_match_fun(Config) -> %%-------------------------------------------------------------------- %% Internal Functions ------------------------------------------------ %%-------------------------------------------------------------------- - - ssl_recv(SSLSocket, Expect) -> ssl_recv(SSLSocket, "", Expect). @@ -93,20 +95,21 @@ ssl_recv(SSLSocket, CurrentData, ExpectedData) -> end; Other -> ct:fail({unexpected_message, Other}) - after 4000 -> + after 4000 -> ct:fail({timeout, CurrentData, ExpectedData}) end. - - send_and_hostname(SSLSocket) -> ssl:send(SSLSocket, "OK"), {ok, [{sni_hostname, Hostname}]} = ssl:connection_information(SSLSocket, [sni_hostname]), Hostname. -rdnPart([[#'AttributeTypeAndValue'{type=Type, value=Value} | _] | _], Type) -> Value; -rdnPart([_ | Tail], Type) -> rdnPart(Tail, Type); -rdnPart([], _) -> unknown. +rdnPart([[#'AttributeTypeAndValue'{type=Type, value=Value} | _] | _], Type) -> + Value; +rdnPart([_ | Tail], Type) -> + rdnPart(Tail, Type); +rdnPart([], _) -> + unknown. rdn_to_string({utf8String, Binary}) -> erlang:binary_to_list(Binary); @@ -116,12 +119,15 @@ rdn_to_string({printableString, String}) -> recv_and_certificate(SSLSocket) -> ssl_recv(SSLSocket, "OK"), {ok, PeerCert} = ssl:peercert(SSLSocket), - #'OTPCertificate'{tbsCertificate = #'OTPTBSCertificate'{subject = {rdnSequence, Subject}}} = public_key:pkix_decode_cert(PeerCert, otp), + #'OTPCertificate'{tbsCertificate = #'OTPTBSCertificate'{subject = {rdnSequence, Subject}}} + = public_key:pkix_decode_cert(PeerCert, otp), ct:log("Subject of certificate received from server: ~p", [Subject]), rdn_to_string(rdnPart(Subject, ?'id-at-commonName')). run_sni_fun_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) -> - ct:log("Start running handshake for sni_fun, Config: ~p, SNIHostname: ~p, ExpectedSNIHostname: ~p, ExpectedCN: ~p", [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]), + ct:log("Start running handshake for sni_fun, Config: ~p, SNIHostname: ~p, " + "ExpectedSNIHostname: ~p, ExpectedCN: ~p", + [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]), [{sni_hosts, ServerSNIConf}] = ?config(sni_server_opts, Config), SNIFun = fun(Domain) -> proplists:get_value(Domain, ServerSNIConf, undefined) end, ServerOptions = ?config(server_opts, Config) ++ [{sni_fun, SNIFun}], @@ -142,11 +148,14 @@ run_sni_fun_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) -> {host, Hostname}, {from, self()}, {mfa, {?MODULE, recv_and_certificate, []}}, {options, ClientOptions}]), - ssl_test_lib:check_result(Server, ExpectedSNIHostname, Client, ExpectedCN). - + ssl_test_lib:check_result(Server, ExpectedSNIHostname, Client, ExpectedCN), + ssl_test_lib:close(Server), + ssl_test_lib:close(Client). run_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) -> - ct:log("Start running handshake, Config: ~p, SNIHostname: ~p, ExpectedSNIHostname: ~p, ExpectedCN: ~p", [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]), + ct:log("Start running handshake, Config: ~p, SNIHostname: ~p, " + "ExpectedSNIHostname: ~p, ExpectedCN: ~p", + [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]), ServerOptions = ?config(sni_server_opts, Config) ++ ?config(server_opts, Config), ClientOptions = case SNIHostname of @@ -165,4 +174,6 @@ run_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) -> {host, Hostname}, {from, self()}, {mfa, {?MODULE, recv_and_certificate, []}}, {options, ClientOptions}]), - ssl_test_lib:check_result(Server, ExpectedSNIHostname, Client, ExpectedCN). + ssl_test_lib:check_result(Server, ExpectedSNIHostname, Client, ExpectedCN), + ssl_test_lib:close(Server), + ssl_test_lib:close(Client). diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index 8b98e6f16b..a3bfdf8893 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -949,7 +949,8 @@ der_to_pem(File, Entries) -> file:write_file(File, PemBin). cipher_result(Socket, Result) -> - Result = ssl:connection_info(Socket), + {ok, Info} = ssl:connection_information(Socket), + Result = {ok, {proplists:get_value(protocol, Info), proplists:get_value(cipher_suite, Info)}}, ct:log("~p:~p~nSuccessfull connect: ~p~n", [?MODULE,?LINE, Result]), %% Importante to send two packets here %% to properly test "cipher state" handling diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl index 0413415e49..aca34cb6e9 100644 --- a/lib/ssl/test/ssl_to_openssl_SUITE.erl +++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl @@ -1243,15 +1243,16 @@ run_suites(Ciphers, Version, Config, Type) -> ct:fail(cipher_suite_failed_see_test_case_log) end. -client_read_check([], _NewData) -> ok; -client_read_check([Hd | T], NewData) -> - case binary:match(NewData, list_to_binary(Hd)) of +client_read_check([], _Data) -> + ok; +client_read_check([Hd | T], Data) -> + case binary:match(Data, list_to_binary(Hd)) of nomatch -> nomatch; _ -> - client_read_check(T, NewData) + client_read_check(T, Data) end. -client_read_bulk(Port, DataExpected, DataReceived) -> +client_check_result(Port, DataExpected, DataReceived) -> receive {Port, {data, TheData}} -> Data = list_to_binary(TheData), @@ -1261,15 +1262,14 @@ client_read_bulk(Port, DataExpected, DataReceived) -> ok -> ok; _ -> - client_read_bulk(Port, DataExpected, NewData) - end; - _ -> - ct:fail("unexpected_message") - after 4000 -> - ct:fail("timeout") + client_check_result(Port, DataExpected, NewData) + end + after 3000 -> + ct:fail({"Time out on opensssl Client", {expected, DataExpected}, + {got, DataReceived}}) end. -client_read_bulk(Port, DataExpected) -> - client_read_bulk(Port, DataExpected, <<"">>). +client_check_result(Port, DataExpected) -> + client_check_result(Port, DataExpected, <<"">>). send_and_hostname(SSLSocket) -> ssl:send(SSLSocket, "OK"), @@ -1292,9 +1292,12 @@ erlang_server_openssl_client_sni_test(Config, SNIHostname, ExpectedSNIHostname, end, ct:log("Options: ~p", [[ServerOptions, ClientCommand]]), ClientPort = open_port({spawn, ClientCommand}, [stderr_to_stdout]), - ssl_test_lib:check_result(Server, ExpectedSNIHostname), + + %% Client check needs to be done befor server check, + %% or server check might consume client messages ExpectedClientOutput = ["OK", "/CN=" ++ ExpectedCN ++ "/"], - ok = client_read_bulk(ClientPort, ExpectedClientOutput), + client_check_result(ClientPort, ExpectedClientOutput), + ssl_test_lib:check_result(Server, ExpectedSNIHostname), ssl_test_lib:close_port(ClientPort), ssl_test_lib:close(Server), ok. @@ -1318,12 +1321,14 @@ erlang_server_openssl_client_sni_test_sni_fun(Config, SNIHostname, ExpectedSNIHo end, ct:log("Options: ~p", [[ServerOptions, ClientCommand]]), ClientPort = open_port({spawn, ClientCommand}, [stderr_to_stdout]), - ssl_test_lib:check_result(Server, ExpectedSNIHostname), + + %% Client check needs to be done befor server check, + %% or server check might consume client messages ExpectedClientOutput = ["OK", "/CN=" ++ ExpectedCN ++ "/"], - ok = client_read_bulk(ClientPort, ExpectedClientOutput), + client_check_result(ClientPort, ExpectedClientOutput), + ssl_test_lib:check_result(Server, ExpectedSNIHostname), ssl_test_lib:close_port(ClientPort), - ssl_test_lib:close(Server), - ok. + ssl_test_lib:close(Server). cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) -> @@ -1664,7 +1669,7 @@ erlang_ssl_receive_and_assert_negotiated_protocol(Socket, Protocol, Data) -> erlang_ssl_receive(Socket, Data) -> ct:log("Connection info: ~p~n", - [ssl:connection_info(Socket)]), + [ssl:connection_information(Socket)]), receive {ssl, Socket, Data} -> io:format("Received ~p~n",[Data]), @@ -1683,16 +1688,16 @@ erlang_ssl_receive(Socket, Data) -> end. connection_info(Socket, Version) -> - case ssl:connection_info(Socket) of - {ok, {Version, _} = Info} -> + case ssl:connection_information(Socket, [version]) of + {ok, [{version, Version}] = Info} -> ct:log("Connection info: ~p~n", [Info]), ok; - {ok, {OtherVersion, _}} -> + {ok, [{version, OtherVersion}]} -> {wrong_version, OtherVersion} end. connection_info_result(Socket) -> - ssl:connection_info(Socket). + ssl:connection_information(Socket). delayed_send(Socket, [ErlData, OpenSslData]) -> |