ssl: Enhance error handling

author: Ingela Anderton Andin <[email protected]> 2018-12-10 16:50:46 +0100
committer: Ingela Anderton Andin <[email protected]> 2019-02-04 10:48:17 +0100
commit: 949c725abcc649e508d971cbc82f5278e050db2c (patch)
tree: 27eb940aa5dd4a94cd49c94b107f71132ea62cae /lib/ssl/test/ssl_certificate_verify_SUITE.erl
parent: 29f09d4ef93b94d92f57045712e2c395902e0893 (diff)
download: otp-949c725abcc649e508d971cbc82f5278e050db2c.tar.gz
otp-949c725abcc649e508d971cbc82f5278e050db2c.tar.bz2
otp-949c725abcc649e508d971cbc82f5278e050db2c.zip
1 files changed, 17 insertions, 92 deletions
diff --git a/lib/ssl/test/ssl_certificate_verify_SUITE.erl b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
index 588ca153a9..c0a5367a57 100644
--- a/lib/ssl/test/ssl_certificate_verify_SUITE.erl
+++ b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
@@ -298,15 +298,8 @@ server_require_peer_cert_fail(Config) when is_list(Config) ->
 					      {host, Hostname},
 					      {from, self()},
 					      {options, [{active, Active} | BadClientOpts]}]),
-    receive
-	{Server, {error, {tls_alert, "handshake failure"}}} ->
-	    receive
-		{Client, {error, {tls_alert, "handshake failure"}}} ->
-		    ok;
-		{Client, {error, closed}} ->
-		    ok
-	    end
-    end.
+
+    ssl_test_lib:check_server_alert(Server, Client, handshake_failure).
 
 %%--------------------------------------------------------------------
 server_require_peer_cert_empty_ok() ->
@@ -365,15 +358,8 @@ server_require_peer_cert_partial_chain(Config) when is_list(Config) ->
 					      {options, [{active, Active},
 							 {cacerts, [RootCA]} |
 							 proplists:delete(cacertfile, ClientOpts)]}]),
-    receive
-	{Server, {error, {tls_alert, "unknown ca"}}} ->
-	    receive
-		{Client, {error, {tls_alert, "unknown ca"}}} ->
-		    ok;
-		{Client, {error, closed}} ->
-		    ok
-	    end
-    end.
+    ssl_test_lib:check_server_alert(Server, Client, unknown_ca).
+
 %%--------------------------------------------------------------------
 server_require_peer_cert_allow_partial_chain() ->
     [{doc, "Server trusts intermediat CA and accepts a partial chain. (partial_chain option)"}].
@@ -446,17 +432,7 @@ server_require_peer_cert_do_not_allow_partial_chain(Config) when is_list(Config)
 					      {from, self()},
 					      {mfa, {ssl_test_lib, no_result, []}},
 					      {options, ClientOpts}]),
-
-    receive
-	 {Server, {error, {tls_alert, "unknown ca"}}} ->
-	    receive
-		{Client, {error, {tls_alert, "unknown ca"}}} ->
-		    ok;
-		{Client, {error, closed}} ->
-		    ok
-	    end
-    end.
-
+    ssl_test_lib:check_server_alert(Server, Client, unknown_ca).
  %%--------------------------------------------------------------------
 server_require_peer_cert_partial_chain_fun_fail() ->
     [{doc, "If parial_chain fun crashes, treat it as if it returned unkown_ca"}].
@@ -487,16 +463,7 @@ server_require_peer_cert_partial_chain_fun_fail(Config) when is_list(Config) ->
 					      {from, self()},
 					      {mfa, {ssl_test_lib, no_result, []}},
 					      {options, ClientOpts}]),
-
-    receive
-	 {Server, {error, {tls_alert, "unknown ca"}}} ->
-	    receive
-		{Client, {error, {tls_alert, "unknown ca"}}} ->
-		    ok;
-		{Client, {error, closed}} ->
-		    ok
-	    end
-    end.
+    ssl_test_lib:check_server_alert(Server, Client, unknown_ca).
 
 %%--------------------------------------------------------------------
 verify_fun_always_run_client() ->
@@ -535,14 +502,8 @@ verify_fun_always_run_client(Config) when is_list(Config) ->
 					       [{verify, verify_peer},
 						{verify_fun, FunAndState}
 						| ClientOpts]}]),
-    %% Server error may be {tls_alert,"handshake failure"} or closed depending on timing
-    %% this is not a bug it is a circumstance of how tcp works!
-    receive
-	{Server, ServerError} ->
-	    ct:log("Server Error ~p~n", [ServerError])
-    end,
 
-    ssl_test_lib:check_result(Client, {error, {tls_alert, "handshake failure"}}).
+    ssl_test_lib:check_client_alert(Server, Client, handshake_failure).
 
 %%--------------------------------------------------------------------
 verify_fun_always_run_server() ->
@@ -581,16 +542,8 @@ verify_fun_always_run_server(Config) when is_list(Config) ->
 					      {mfa, {ssl_test_lib,
 						     no_result, []}},
 					      {options, ClientOpts}]),
-
-    %% Client error may be {tls_alert, "handshake failure" } or closed depending on timing
-    %% this is not a bug it is a circumstance of how tcp works!
-    receive
-	{Client, ClientError} ->
-	    ct:log("Client Error ~p~n", [ClientError])
-    end,
-
-    ssl_test_lib:check_result(Server, {error, {tls_alert, "handshake failure"}}).
-
+    
+    ssl_test_lib:check_client_alert(Server, Client, handshake_failure).
 %%--------------------------------------------------------------------
 
 cert_expired() ->
@@ -620,8 +573,7 @@ cert_expired(Config) when is_list(Config) ->
 					      {from, self()},
 					      {options, [{verify, verify_peer}, {active, Active}  | ClientOpts]}]),    
     
-    ssl_test_lib:check_result(Server, {error, {tls_alert, "certificate expired"}},
-                              Client, {error, {tls_alert, "certificate expired"}}).
+    ssl_test_lib:check_client_alert(Server, Client, certificate_expired).
 
 two_digits_str(N) when N < 10 ->
     lists:flatten(io_lib:format("0~p", [N]));
@@ -727,12 +679,8 @@ critical_extension_verify_server(Config) when is_list(Config) ->
                 {options, [{verify, verify_none}, {active, Active} | ClientOpts]}]),
 
     %% This certificate has a critical extension that we don't
-    %% understand.  Therefore, verification should fail.      
-
-    ssl_test_lib:check_result(Server, {error, {tls_alert, "unsupported certificate"}},
-                              Client, {error, {tls_alert, "unsupported certificate"}}),
-    
-    ssl_test_lib:close(Server).
+    %% understand.  Therefore, verification should fail.          
+    ssl_test_lib:check_server_alert(Server, Client, unsupported_certificate).
 %%--------------------------------------------------------------------
 
 critical_extension_verify_client() ->
@@ -763,12 +711,7 @@ critical_extension_verify_client(Config) when is_list(Config) ->
                 {mfa, {ssl_test_lib, ReceiveFunction, []}},
                 {options, [{verify, verify_peer}, {active, Active} | ClientOpts]}]),
 
-    %% This certificate has a critical extension that we don't
-    %% understand.  Therefore, verification should fail.
-    ssl_test_lib:check_result(Server, {error, {tls_alert, "unsupported certificate"}},
-                              Client, {error, {tls_alert, "unsupported certificate"}}),
-
-    ssl_test_lib:close(Server).
+    ssl_test_lib:check_client_alert(Server, Client, unsupported_certificate).
 
 %%--------------------------------------------------------------------
 critical_extension_verify_none() ->
@@ -908,10 +851,7 @@ invalid_signature_server(Config) when is_list(Config) ->
 					      {host, Hostname},
 					      {from, self()},
 					      {options, [{verify, verify_peer} | ClientOpts]}]),
-
-    ssl_test_lib:check_result(Server, {error, {tls_alert, "unknown ca"}},
-                              Client, {error, {tls_alert, "unknown ca"}}).
-
+    ssl_test_lib:check_server_alert(Server, Client, unknown_ca).
 %%--------------------------------------------------------------------
 
 invalid_signature_client() ->
@@ -946,9 +886,7 @@ invalid_signature_client(Config) when is_list(Config) ->
 					      {from, self()},
 					      {options, NewClientOpts}]),
 
-    ssl_test_lib:check_result(Server, {error, {tls_alert, "unknown ca"}},
-                              Client, {error, {tls_alert, "unknown ca"}}).
-
+    ssl_test_lib:check_client_alert(Server, Client, unknown_ca).
 
 %%--------------------------------------------------------------------
 
@@ -1034,16 +972,7 @@ unknown_server_ca_fail(Config) when is_list(Config) ->
 					       [{verify, verify_peer},
 						{verify_fun, FunAndState}
 						| ClientOpts]}]),
-    receive
-	{Client, {error, {tls_alert, "unknown ca"}}} ->
-	    receive
-		{Server, {error, {tls_alert, "unknown ca"}}} ->
-		    ok;
-		{Server, {error, closed}} ->
-		    ok
-	    end
-    end.
-
+    ssl_test_lib:check_client_alert(Server, Client, unknown_ca).
 
 %%--------------------------------------------------------------------
 unknown_server_ca_accept_verify_none() ->
@@ -1193,11 +1122,7 @@ customize_hostname_check(Config) when is_list(Config) ->
                                                {mfa, {ssl_test_lib, no_result, []}},
                                                {options, ClientOpts}
                                               ]),    
-    ssl_test_lib:check_result(Client1, {error, {tls_alert, "handshake failure"}},
-                              Server,  {error, {tls_alert, "handshake failure"}}),
-    
-    ssl_test_lib:close(Server),
-    ssl_test_lib:close(Client).
+    ssl_test_lib:check_client_alert(Server, Client1, handshake_failure).
 
 incomplete_chain() ->
     [{doc,"Test option verify_peer"}].
author	Ingela Anderton Andin <[email protected]>	2018-12-10 16:50:46 +0100
committer	Ingela Anderton Andin <[email protected]>	2019-02-04 10:48:17 +0100
commit	949c725abcc649e508d971cbc82f5278e050db2c (patch)
tree	27eb940aa5dd4a94cd49c94b107f71132ea62cae /lib/ssl/test/ssl_certificate_verify_SUITE.erl
parent	29f09d4ef93b94d92f57045712e2c395902e0893 (diff)
download	otp-949c725abcc649e508d971cbc82f5278e050db2c.tar.gz otp-949c725abcc649e508d971cbc82f5278e050db2c.tar.bz2 otp-949c725abcc649e508d971cbc82f5278e050db2c.zip