diff options
| author | Ingela Anderton Andin <[email protected]> | 2016-04-06 11:39:35 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2016-04-06 11:39:35 +0200 |
| commit | 57fcf2334c04352af3ce2c09a370fe9a04b073e9 (patch) | |
| tree | 148546f7c0feab9b082240adf781c965fd7603c2 /lib/ssl/test/ssl_basic_SUITE.erl | |
| parent | 30b22c1a3835fa411733763c49c65f2e2abb1640 (diff) | |
| parent | 9a834cff78e3f4e33b561304c83de717019f5a4d (diff) | |
| download | otp-57fcf2334c04352af3ce2c09a370fe9a04b073e9.tar.gz otp-57fcf2334c04352af3ce2c09a370fe9a04b073e9.tar.bz2 otp-57fcf2334c04352af3ce2c09a370fe9a04b073e9.zip | |
Merge branch 'ingela/ssl/config-signature-algs/OTP-13463'
* ingela/ssl/config-signature-algs/OTP-13463:
ssl: Remove default support for use of md5 in TLS 1.2 signature algorithms
ssl: Add option signature_algs
Diffstat (limited to 'lib/ssl/test/ssl_basic_SUITE.erl')
| -rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 58 |
1 files changed, 56 insertions, 2 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index f2cf99e8a8..f045d50cce 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -58,7 +58,7 @@ all() -> groups() -> [{basic, [], basic_tests()}, {options, [], options_tests()}, - {'tlsv1.2', [], all_versions_groups()}, + {'tlsv1.2', [], all_versions_groups() ++ [conf_signature_algs, no_common_signature_algs]}, {'tlsv1.1', [], all_versions_groups()}, {'tlsv1', [], all_versions_groups() ++ rizzo_tests()}, {'sslv3', [], all_versions_groups() ++ rizzo_tests() ++ [ciphersuite_vs_version]}, @@ -2900,7 +2900,61 @@ ciphersuite_vs_version(Config) when is_list(Config) -> _ -> ct:fail({unexpected_server_hello, ServerHello}) end. - + +%%-------------------------------------------------------------------- +conf_signature_algs() -> + [{doc,"Test to set the signature_algs option on both client and server"}]. +conf_signature_algs(Config) when is_list(Config) -> + ClientOpts = ?config(client_opts, Config), + ServerOpts = ?config(server_opts, Config), + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + Server = + ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, + {from, self()}, + {mfa, {ssl_test_lib, send_recv_result, []}}, + {options, [{active, false}, {signature_algs, [{sha256, rsa}]} | ServerOpts]}]), + Port = ssl_test_lib:inet_port(Server), + Client = + ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {ssl_test_lib, send_recv_result, []}}, + {options, [{active, false}, {signature_algs, [{sha256, rsa}]} | ClientOpts]}]), + + ct:log("Testcase ~p, Client ~p Server ~p ~n", + [self(), Client, Server]), + + ssl_test_lib:check_result(Server, ok, Client, ok), + + ssl_test_lib:close(Server), + ssl_test_lib:close(Client). + + +%%-------------------------------------------------------------------- +no_common_signature_algs() -> + [{doc,"Set the signature_algs option so that there client and server does not share any hash sign algorithms"}]. +no_common_signature_algs(Config) when is_list(Config) -> + + ClientOpts = ?config(client_opts, Config), + ServerOpts = ?config(server_opts, Config), + + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + + + Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, + {from, self()}, + {options, [{signature_algs, [{sha256, rsa}]} + | ServerOpts]}]), + Port = ssl_test_lib:inet_port(Server), + Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {options, [{signature_algs, [{sha384, rsa}]} + | ClientOpts]}]), + + ssl_test_lib:check_result(Server, {error, {tls_alert, "insufficient security"}}, + Client, {error, {tls_alert, "insufficient security"}}). + %%-------------------------------------------------------------------- dont_crash_on_handshake_garbage() -> |