ssl: Extend tests

author: Péter Dimitrov <[email protected]> 2019-07-29 13:16:19 +0200
committer: Ingela Anderton Andin <[email protected]> 2019-07-31 10:51:10 +0200
commit: 674e88190b5b47ca04e179ecb314f21a707f25a0 (patch)
tree: 611f6e0ba91d24d718cbfa4844db287bf69e39ec
parent: e1cd299f617d3303f8addcca37d9e35c12c468e9 (diff)
download: otp-674e88190b5b47ca04e179ecb314f21a707f25a0.tar.gz
otp-674e88190b5b47ca04e179ecb314f21a707f25a0.tar.bz2
otp-674e88190b5b47ca04e179ecb314f21a707f25a0.zip
4 files changed, 57 insertions, 14 deletions
diff --git a/lib/ssl/test/openssl_client_cert_SUITE.erl b/lib/ssl/test/openssl_client_cert_SUITE.erl
index d40abd277b..b327988744 100644
--- a/lib/ssl/test/openssl_client_cert_SUITE.erl
+++ b/lib/ssl/test/openssl_client_cert_SUITE.erl
@@ -47,7 +47,8 @@ groups() ->
      {rsa, [], all_version_tests()},
      {ecdsa, [], all_version_tests()},
      {dsa, [], all_version_tests()},
-     {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests() ++ [unsupported_sign_algo_cert_client_auth]},
+     {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests() ++ [unsupported_sign_algo_client_auth,
+                                                              unsupported_sign_algo_cert_client_auth]},
      {ecdsa_1_3, [], all_version_tests() ++ tls_1_3_tests()}
     ].
 
@@ -328,6 +329,10 @@ unsupported_sign_algo_cert_client_auth() ->
  ssl_cert_tests:unsupported_sign_algo_cert_client_auth().
 unsupported_sign_algo_cert_client_auth(Config) ->
     ssl_cert_tests:unsupported_sign_algo_cert_client_auth(Config).
+unsupported_sign_algo_client_auth() ->
+ ssl_cert_tests:unsupported_sign_algo_client_auth().
+unsupported_sign_algo_client_auth(Config) ->
+    ssl_cert_tests:unsupported_sign_algo_client_auth(Config).
 %%--------------------------------------------------------------------
 hello_retry_client_auth() ->
  ssl_cert_tests:hello_retry_client_auth().
diff --git a/lib/ssl/test/openssl_server_cert_SUITE.erl b/lib/ssl/test/openssl_server_cert_SUITE.erl
index c5c29d85d1..c2af864a92 100644
--- a/lib/ssl/test/openssl_server_cert_SUITE.erl
+++ b/lib/ssl/test/openssl_server_cert_SUITE.erl
@@ -46,8 +46,10 @@ groups() ->
      {rsa, [], all_version_tests()},
      {ecdsa, [], all_version_tests()},
      {dsa, [], all_version_tests()},
-     {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests()}, 
-      %%++ [unsupported_sign_algo_cert_client_auth]},
+     {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests()},
+      %% TODO: Create proper conf of openssl server
+      %%++ [unsupported_sign_algo_client_auth,
+      %% unsupported_sign_algo_cert_client_auth]},
      {ecdsa_1_3, [], all_version_tests() ++ tls_1_3_tests()}
     ].
 
@@ -343,18 +345,22 @@ hello_retry_request(Config) ->
     ssl_cert_tests:hello_retry_request(Config).
 %%--------------------------------------------------------------------
 custom_groups() ->
- ssl_cert_tests:custom_groups().
+    ssl_cert_tests:custom_groups().
 custom_groups(Config) ->
-  ssl_cert_tests:custom_groups(Config).
+    ssl_cert_tests:custom_groups(Config).
 unsupported_sign_algo_cert_client_auth() ->
- ssl_cert_tests:unsupported_sign_algo_cert_client_auth().
+    ssl_cert_tests:unsupported_sign_algo_cert_client_auth().
 unsupported_sign_algo_cert_client_auth(Config) ->
     ssl_cert_tests:unsupported_sign_algo_cert_client_auth(Config).
+unsupported_sign_algo_client_auth() ->
+    ssl_cert_tests:unsupported_sign_algo_client_auth().
+unsupported_sign_algo_client_auth(Config) ->
+    ssl_cert_tests:unsupported_sign_algo_client_auth(Config).
 %%--------------------------------------------------------------------
 hello_retry_client_auth() ->
- ssl_cert_tests:hello_retry_client_auth().
+    ssl_cert_tests:hello_retry_client_auth().
 hello_retry_client_auth(Config) ->
-  ssl_cert_tests:hello_retry_client_auth(Config).
+    ssl_cert_tests:hello_retry_client_auth(Config).
 %%--------------------------------------------------------------------
 hello_retry_client_auth_empty_cert_accepted() ->
     ssl_cert_tests:hello_retry_client_auth_empty_cert_accepted().
@@ -364,4 +370,4 @@ hello_retry_client_auth_empty_cert_accepted(Config) ->
 hello_retry_client_auth_empty_cert_rejected() ->
     ssl_cert_tests:hello_retry_client_auth_empty_cert_rejected().
 hello_retry_client_auth_empty_cert_rejected(Config) ->
-   ssl_cert_tests:hello_retry_client_auth_empty_cert_rejected(Config).
+    ssl_cert_tests:hello_retry_client_auth_empty_cert_rejected(Config).
diff --git a/lib/ssl/test/ssl_cert_SUITE.erl b/lib/ssl/test/ssl_cert_SUITE.erl
index 4ce3d47b2c..fb1695f38a 100644
--- a/lib/ssl/test/ssl_cert_SUITE.erl
+++ b/lib/ssl/test/ssl_cert_SUITE.erl
@@ -53,7 +53,8 @@ groups() ->
      {rsa, [], all_version_tests()},
      {ecdsa, [], all_version_tests()},
      {dsa, [], all_version_tests()},
-     {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests() ++ [unsupported_sign_algo_cert_client_auth]},
+     {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests() ++ [unsupported_sign_algo_client_auth,
+                                                              unsupported_sign_algo_cert_client_auth]},
      {ecdsa_1_3, [], all_version_tests() ++ tls_1_3_tests()}
     ].
 
@@ -483,11 +484,27 @@ unsupported_sign_algo_cert_client_auth(Config) ->
     ServerOpts0 = ssl_test_lib:ssl_options(server_cert_opts, Config),
     ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
                   {verify, verify_peer},
+                  {signature_algs, [rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pss_rsae_sha256]},
                   %% Skip rsa_pkcs1_sha256!
-                  {signature_algs, [rsa_pkcs1_sha384, rsa_pss_rsae_sha256]},
+                  {signature_algs_cert, [rsa_pkcs1_sha384, rsa_pkcs1_sha512]},
                   {fail_if_no_peer_cert, true}|ServerOpts0],
     ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
-    ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, handshake_failure).
+    ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, certificate_required).
+
+%%--------------------------------------------------------------------
+unsupported_sign_algo_client_auth() ->
+     [{doc,"TLS 1.3: Test client authentication with unsupported signature_algorithm"}].
+
+unsupported_sign_algo_client_auth(Config) ->
+    ClientOpts0 = ssl_test_lib:ssl_options(client_cert_opts, Config),
+    ServerOpts0 = ssl_test_lib:ssl_options(server_cert_opts, Config),
+    ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
+                  {verify, verify_peer},
+                  %% Skip rsa_pkcs1_sha256!
+                  {signature_algs, [rsa_pkcs1_sha384, rsa_pkcs1_sha512]},
+                  {fail_if_no_peer_cert, true}|ServerOpts0],
+    ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
+    ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, insufficient_security).
 %%--------------------------------------------------------------------
 hello_retry_client_auth() ->
     [{doc, "TLS 1.3 (HelloRetryRequest): Test client authentication."}].
diff --git a/lib/ssl/test/ssl_cert_tests.erl b/lib/ssl/test/ssl_cert_tests.erl
index 1c73dac3f9..c88daa2185 100644
--- a/lib/ssl/test/ssl_cert_tests.erl
+++ b/lib/ssl/test/ssl_cert_tests.erl
@@ -262,11 +262,26 @@ unsupported_sign_algo_cert_client_auth(Config) ->
     ServerOpts0 = ssl_test_lib:ssl_options(server_cert_opts, Config),
     ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
                   {verify, verify_peer},
+                  {signature_algs, [rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pss_rsae_sha256]},
                   %% Skip rsa_pkcs1_sha256!
-                  {signature_algs, [rsa_pkcs1_sha384, rsa_pss_rsae_sha256]},
+                  {signature_algs_cert, [rsa_pkcs1_sha384, rsa_pkcs1_sha512]},
                   {fail_if_no_peer_cert, true}|ServerOpts0],
     ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
-    ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, handshake_failure).
+    ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, certificate_required).
+%%--------------------------------------------------------------------
+unsupported_sign_algo_client_auth() ->
+     [{doc,"TLS 1.3: Test client authentication with unsupported signature_algorithm"}].
+
+unsupported_sign_algo_client_auth(Config) ->
+    ClientOpts0 = ssl_test_lib:ssl_options(client_cert_opts, Config),
+    ServerOpts0 = ssl_test_lib:ssl_options(server_cert_opts, Config),
+    ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
+                  {verify, verify_peer},
+                  %% Skip rsa_pkcs1_sha256!
+                  {signature_algs, [rsa_pkcs1_sha384, rsa_pkcs1_sha512]},
+                  {fail_if_no_peer_cert, true}|ServerOpts0],
+    ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
+    ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, insufficient_security).
 %%--------------------------------------------------------------------
 hello_retry_client_auth() ->
     [{doc, "TLS 1.3 (HelloRetryRequest): Test client authentication."}].
author	Péter Dimitrov <[email protected]>	2019-07-29 13:16:19 +0200
committer	Ingela Anderton Andin <[email protected]>	2019-07-31 10:51:10 +0200
commit	674e88190b5b47ca04e179ecb314f21a707f25a0 (patch)
tree	611f6e0ba91d24d718cbfa4844db287bf69e39ec
parent	e1cd299f617d3303f8addcca37d9e35c12c468e9 (diff)
download	otp-674e88190b5b47ca04e179ecb314f21a707f25a0.tar.gz otp-674e88190b5b47ca04e179ecb314f21a707f25a0.tar.bz2 otp-674e88190b5b47ca04e179ecb314f21a707f25a0.zip