aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_handshake_SUITE.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2014-03-18 11:35:03 +0100
committerIngela Anderton Andin <[email protected]>2014-03-18 11:35:03 +0100
commitfb0a5a669e43590de66d662b99c2762e596c01e3 (patch)
tree358ccbff0e3521b6af1a8b3a50b9c00d3f6eae11 /lib/ssl/test/ssl_handshake_SUITE.erl
parent57367a29ee6cdcba8ee05030fcfbf86c3bb77382 (diff)
parentebfd862f47611fa17be72cad1afcd6a13f14bc4d (diff)
downloadotp-fb0a5a669e43590de66d662b99c2762e596c01e3.tar.gz
otp-fb0a5a669e43590de66d662b99c2762e596c01e3.tar.bz2
otp-fb0a5a669e43590de66d662b99c2762e596c01e3.zip
Merge branch 'ia/ssl/ECC-error-handling/OTP-11780'
* ia/ssl/ECC-error-handling/OTP-11780: ssl: Server now ignores client ECC curves that it does not support instead of crashing. Add test for unknown elliptic curve supported by client
Diffstat (limited to 'lib/ssl/test/ssl_handshake_SUITE.erl')
-rw-r--r--lib/ssl/test/ssl_handshake_SUITE.erl12
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl
index 7e8e8d2611..6d020c472b 100644
--- a/lib/ssl/test/ssl_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_handshake_SUITE.erl
@@ -34,6 +34,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
all() -> [decode_hello_handshake,
decode_single_hello_extension_correctly,
+ decode_supported_elliptic_curves_hello_extension_correctly,
decode_unknown_hello_extension_correctly,
encode_single_hello_sni_extension_correctly].
@@ -67,6 +68,17 @@ decode_single_hello_extension_correctly(_Config) ->
#renegotiation_info{renegotiated_connection = <<0>>}
= Extensions#hello_extensions.renegotiation_info.
+decode_supported_elliptic_curves_hello_extension_correctly(_Config) ->
+ % List of supported and unsupported curves (RFC4492:S5.1.1)
+ ClientEllipticCurves = [0, tls_v1:oid_to_enum(?sect233k1), 37, tls_v1:oid_to_enum(?sect193r2), 16#badc],
+ % Construct extension binary - modified version of ssl_handshake:encode_hello_extensions([#elliptic_curves{}], _)
+ EllipticCurveList = << <<X:16>> || X <- ClientEllipticCurves>>,
+ ListLen = byte_size(EllipticCurveList),
+ Len = ListLen + 2,
+ Extension = <<?UINT16(?ELLIPTIC_CURVES_EXT), ?UINT16(Len), ?UINT16(ListLen), EllipticCurveList/binary>>,
+ % after decoding we should see only valid curves
+ #hello_extensions{elliptic_curves = DecodedCurves} = ssl_handshake:decode_hello_extensions(Extension),
+ #elliptic_curves{elliptic_curve_list = [?sect233k1, ?sect193r2]} = DecodedCurves.
decode_unknown_hello_extension_correctly(_Config) ->
FourByteUnknown = <<16#CA,16#FE, ?UINT16(4), 3, 0, 1, 2>>,