diff options
author | Péter Dimitrov <[email protected]> | 2019-06-04 17:11:19 +0200 |
---|---|---|
committer | Péter Dimitrov <[email protected]> | 2019-06-07 14:26:41 +0200 |
commit | f79bea24bb252985c7abf18f4f03fcd604e9e512 (patch) | |
tree | e870be5bfe7f2a71ea7fe14a8e5aa159f07be711 /lib/ssl/test/ssl_certificate_verify_SUITE.erl | |
parent | 83e0f5897ba6de0041819c0d7bdad9e856c73f6c (diff) | |
download | otp-f79bea24bb252985c7abf18f4f03fcd604e9e512.tar.gz otp-f79bea24bb252985c7abf18f4f03fcd604e9e512.tar.bz2 otp-f79bea24bb252985c7abf18f4f03fcd604e9e512.zip |
ssl: Fix alert handling (TLS 1.3)
Server and client use different secrets when sending certificate related
alerts. This is due to a change to the TLS protocol where clients send
their 'certificate' message after they have received the server's 'finished'
message.
Diffstat (limited to 'lib/ssl/test/ssl_certificate_verify_SUITE.erl')
-rw-r--r-- | lib/ssl/test/ssl_certificate_verify_SUITE.erl | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_certificate_verify_SUITE.erl b/lib/ssl/test/ssl_certificate_verify_SUITE.erl index 358e9f8f77..c6982bb928 100644 --- a/lib/ssl/test/ssl_certificate_verify_SUITE.erl +++ b/lib/ssl/test/ssl_certificate_verify_SUITE.erl @@ -302,7 +302,13 @@ server_require_peer_cert_fail(Config) when is_list(Config) -> {from, self()}, {options, [{active, Active} | BadClientOpts]}]), - ssl_test_lib:check_server_alert(Server, Client, handshake_failure). + Version = proplists:get_value(version,Config), + case Version of + 'tlsv1.3' -> + ssl_test_lib:check_server_alert(Server, Client, certificate_required); + _ -> + ssl_test_lib:check_server_alert(Server, Client, handshake_failure) + end. %%-------------------------------------------------------------------- server_require_peer_cert_empty_ok() -> @@ -855,6 +861,7 @@ invalid_signature_server(Config) when is_list(Config) -> {from, self()}, {options, [{verify, verify_peer} | ClientOpts]}]), ssl_test_lib:check_server_alert(Server, Client, unknown_ca). + %%-------------------------------------------------------------------- invalid_signature_client() -> |