diff options
author | Péter Dimitrov <[email protected]> | 2019-07-29 13:16:19 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2019-07-31 10:51:10 +0200 |
commit | 674e88190b5b47ca04e179ecb314f21a707f25a0 (patch) | |
tree | 611f6e0ba91d24d718cbfa4844db287bf69e39ec | |
parent | e1cd299f617d3303f8addcca37d9e35c12c468e9 (diff) | |
download | otp-674e88190b5b47ca04e179ecb314f21a707f25a0.tar.gz otp-674e88190b5b47ca04e179ecb314f21a707f25a0.tar.bz2 otp-674e88190b5b47ca04e179ecb314f21a707f25a0.zip |
ssl: Extend tests
-rw-r--r-- | lib/ssl/test/openssl_client_cert_SUITE.erl | 7 | ||||
-rw-r--r-- | lib/ssl/test/openssl_server_cert_SUITE.erl | 22 | ||||
-rw-r--r-- | lib/ssl/test/ssl_cert_SUITE.erl | 23 | ||||
-rw-r--r-- | lib/ssl/test/ssl_cert_tests.erl | 19 |
4 files changed, 57 insertions, 14 deletions
diff --git a/lib/ssl/test/openssl_client_cert_SUITE.erl b/lib/ssl/test/openssl_client_cert_SUITE.erl index d40abd277b..b327988744 100644 --- a/lib/ssl/test/openssl_client_cert_SUITE.erl +++ b/lib/ssl/test/openssl_client_cert_SUITE.erl @@ -47,7 +47,8 @@ groups() -> {rsa, [], all_version_tests()}, {ecdsa, [], all_version_tests()}, {dsa, [], all_version_tests()}, - {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests() ++ [unsupported_sign_algo_cert_client_auth]}, + {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests() ++ [unsupported_sign_algo_client_auth, + unsupported_sign_algo_cert_client_auth]}, {ecdsa_1_3, [], all_version_tests() ++ tls_1_3_tests()} ]. @@ -328,6 +329,10 @@ unsupported_sign_algo_cert_client_auth() -> ssl_cert_tests:unsupported_sign_algo_cert_client_auth(). unsupported_sign_algo_cert_client_auth(Config) -> ssl_cert_tests:unsupported_sign_algo_cert_client_auth(Config). +unsupported_sign_algo_client_auth() -> + ssl_cert_tests:unsupported_sign_algo_client_auth(). +unsupported_sign_algo_client_auth(Config) -> + ssl_cert_tests:unsupported_sign_algo_client_auth(Config). %%-------------------------------------------------------------------- hello_retry_client_auth() -> ssl_cert_tests:hello_retry_client_auth(). diff --git a/lib/ssl/test/openssl_server_cert_SUITE.erl b/lib/ssl/test/openssl_server_cert_SUITE.erl index c5c29d85d1..c2af864a92 100644 --- a/lib/ssl/test/openssl_server_cert_SUITE.erl +++ b/lib/ssl/test/openssl_server_cert_SUITE.erl @@ -46,8 +46,10 @@ groups() -> {rsa, [], all_version_tests()}, {ecdsa, [], all_version_tests()}, {dsa, [], all_version_tests()}, - {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests()}, - %%++ [unsupported_sign_algo_cert_client_auth]}, + {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests()}, + %% TODO: Create proper conf of openssl server + %%++ [unsupported_sign_algo_client_auth, + %% unsupported_sign_algo_cert_client_auth]}, {ecdsa_1_3, [], all_version_tests() ++ tls_1_3_tests()} ]. @@ -343,18 +345,22 @@ hello_retry_request(Config) -> ssl_cert_tests:hello_retry_request(Config). %%-------------------------------------------------------------------- custom_groups() -> - ssl_cert_tests:custom_groups(). + ssl_cert_tests:custom_groups(). custom_groups(Config) -> - ssl_cert_tests:custom_groups(Config). + ssl_cert_tests:custom_groups(Config). unsupported_sign_algo_cert_client_auth() -> - ssl_cert_tests:unsupported_sign_algo_cert_client_auth(). + ssl_cert_tests:unsupported_sign_algo_cert_client_auth(). unsupported_sign_algo_cert_client_auth(Config) -> ssl_cert_tests:unsupported_sign_algo_cert_client_auth(Config). +unsupported_sign_algo_client_auth() -> + ssl_cert_tests:unsupported_sign_algo_client_auth(). +unsupported_sign_algo_client_auth(Config) -> + ssl_cert_tests:unsupported_sign_algo_client_auth(Config). %%-------------------------------------------------------------------- hello_retry_client_auth() -> - ssl_cert_tests:hello_retry_client_auth(). + ssl_cert_tests:hello_retry_client_auth(). hello_retry_client_auth(Config) -> - ssl_cert_tests:hello_retry_client_auth(Config). + ssl_cert_tests:hello_retry_client_auth(Config). %%-------------------------------------------------------------------- hello_retry_client_auth_empty_cert_accepted() -> ssl_cert_tests:hello_retry_client_auth_empty_cert_accepted(). @@ -364,4 +370,4 @@ hello_retry_client_auth_empty_cert_accepted(Config) -> hello_retry_client_auth_empty_cert_rejected() -> ssl_cert_tests:hello_retry_client_auth_empty_cert_rejected(). hello_retry_client_auth_empty_cert_rejected(Config) -> - ssl_cert_tests:hello_retry_client_auth_empty_cert_rejected(Config). + ssl_cert_tests:hello_retry_client_auth_empty_cert_rejected(Config). diff --git a/lib/ssl/test/ssl_cert_SUITE.erl b/lib/ssl/test/ssl_cert_SUITE.erl index 4ce3d47b2c..fb1695f38a 100644 --- a/lib/ssl/test/ssl_cert_SUITE.erl +++ b/lib/ssl/test/ssl_cert_SUITE.erl @@ -53,7 +53,8 @@ groups() -> {rsa, [], all_version_tests()}, {ecdsa, [], all_version_tests()}, {dsa, [], all_version_tests()}, - {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests() ++ [unsupported_sign_algo_cert_client_auth]}, + {rsa_1_3, [], all_version_tests() ++ tls_1_3_tests() ++ [unsupported_sign_algo_client_auth, + unsupported_sign_algo_cert_client_auth]}, {ecdsa_1_3, [], all_version_tests() ++ tls_1_3_tests()} ]. @@ -483,11 +484,27 @@ unsupported_sign_algo_cert_client_auth(Config) -> ServerOpts0 = ssl_test_lib:ssl_options(server_cert_opts, Config), ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']}, {verify, verify_peer}, + {signature_algs, [rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pss_rsae_sha256]}, %% Skip rsa_pkcs1_sha256! - {signature_algs, [rsa_pkcs1_sha384, rsa_pss_rsae_sha256]}, + {signature_algs_cert, [rsa_pkcs1_sha384, rsa_pkcs1_sha512]}, {fail_if_no_peer_cert, true}|ServerOpts0], ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0], - ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, handshake_failure). + ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, certificate_required). + +%%-------------------------------------------------------------------- +unsupported_sign_algo_client_auth() -> + [{doc,"TLS 1.3: Test client authentication with unsupported signature_algorithm"}]. + +unsupported_sign_algo_client_auth(Config) -> + ClientOpts0 = ssl_test_lib:ssl_options(client_cert_opts, Config), + ServerOpts0 = ssl_test_lib:ssl_options(server_cert_opts, Config), + ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']}, + {verify, verify_peer}, + %% Skip rsa_pkcs1_sha256! + {signature_algs, [rsa_pkcs1_sha384, rsa_pkcs1_sha512]}, + {fail_if_no_peer_cert, true}|ServerOpts0], + ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0], + ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, insufficient_security). %%-------------------------------------------------------------------- hello_retry_client_auth() -> [{doc, "TLS 1.3 (HelloRetryRequest): Test client authentication."}]. diff --git a/lib/ssl/test/ssl_cert_tests.erl b/lib/ssl/test/ssl_cert_tests.erl index 1c73dac3f9..c88daa2185 100644 --- a/lib/ssl/test/ssl_cert_tests.erl +++ b/lib/ssl/test/ssl_cert_tests.erl @@ -262,11 +262,26 @@ unsupported_sign_algo_cert_client_auth(Config) -> ServerOpts0 = ssl_test_lib:ssl_options(server_cert_opts, Config), ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']}, {verify, verify_peer}, + {signature_algs, [rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pss_rsae_sha256]}, %% Skip rsa_pkcs1_sha256! - {signature_algs, [rsa_pkcs1_sha384, rsa_pss_rsae_sha256]}, + {signature_algs_cert, [rsa_pkcs1_sha384, rsa_pkcs1_sha512]}, {fail_if_no_peer_cert, true}|ServerOpts0], ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0], - ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, handshake_failure). + ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, certificate_required). +%%-------------------------------------------------------------------- +unsupported_sign_algo_client_auth() -> + [{doc,"TLS 1.3: Test client authentication with unsupported signature_algorithm"}]. + +unsupported_sign_algo_client_auth(Config) -> + ClientOpts0 = ssl_test_lib:ssl_options(client_cert_opts, Config), + ServerOpts0 = ssl_test_lib:ssl_options(server_cert_opts, Config), + ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']}, + {verify, verify_peer}, + %% Skip rsa_pkcs1_sha256! + {signature_algs, [rsa_pkcs1_sha384, rsa_pkcs1_sha512]}, + {fail_if_no_peer_cert, true}|ServerOpts0], + ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0], + ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, insufficient_security). %%-------------------------------------------------------------------- hello_retry_client_auth() -> [{doc, "TLS 1.3 (HelloRetryRequest): Test client authentication."}]. |