aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_sni_SUITE.erl
diff options
context:
space:
mode:
authorQijiang Fan <[email protected]>2015-04-16 22:25:57 +0800
committerIngela Anderton Andin <[email protected]>2015-05-12 14:04:06 +0200
commitdb509dd5debcd72d7f1d024d289315274f9b788b (patch)
tree9f8ccb37cf9ad162a2d1b90662109c1656d17017 /lib/ssl/test/ssl_sni_SUITE.erl
parent181ceb12675b59de9bd7a881fe9b58995d03bac0 (diff)
downloadotp-db509dd5debcd72d7f1d024d289315274f9b788b.tar.gz
otp-db509dd5debcd72d7f1d024d289315274f9b788b.tar.bz2
otp-db509dd5debcd72d7f1d024d289315274f9b788b.zip
ssl: add option sni_fun
The newly added function sni_fun allows dynamic update of SSL options like keys and certificates depending on different SNI hostname, rather than a predefined rules of SSL options.
Diffstat (limited to 'lib/ssl/test/ssl_sni_SUITE.erl')
-rw-r--r--lib/ssl/test/ssl_sni_SUITE.erl34
1 files changed, 33 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_sni_SUITE.erl b/lib/ssl/test/ssl_sni_SUITE.erl
index 134e508b10..46cd644e4d 100644
--- a/lib/ssl/test/ssl_sni_SUITE.erl
+++ b/lib/ssl/test/ssl_sni_SUITE.erl
@@ -31,7 +31,7 @@
%%--------------------------------------------------------------------
suite() -> [{ct_hooks,[ts_install_cth]}].
-all() -> [no_sni_header, sni_match, sni_no_match].
+all() -> [no_sni_header, sni_match, sni_no_match] ++ [no_sni_header_fun, sni_match_fun, sni_no_match_fun].
init_per_suite(Config0) ->
catch crypto:stop(),
@@ -57,12 +57,20 @@ end_per_suite(_) ->
no_sni_header(Config) ->
run_handshake(Config, undefined, undefined, "server").
+no_sni_header_fun(Config) ->
+ run_sni_fun_handshake(Config, undefined, undefined, "server").
+
sni_match(Config) ->
run_handshake(Config, "a.server", "a.server", "a.server").
+sni_match_fun(Config) ->
+ run_sni_fun_handshake(Config, "a.server", "a.server", "a.server").
+
sni_no_match(Config) ->
run_handshake(Config, "c.server", undefined, "server").
+sni_no_match_fun(Config) ->
+ run_sni_fun_handshake(Config, "c.server", undefined, "server").
%%--------------------------------------------------------------------
@@ -112,6 +120,30 @@ recv_and_certificate(SSLSocket) ->
ct:log("Subject of certificate received from server: ~p", [Subject]),
rdn_to_string(rdnPart(Subject, ?'id-at-commonName')).
+run_sni_fun_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) ->
+ ct:log("Start running handshake for sni_fun, Config: ~p, SNIHostname: ~p, ExpectedSNIHostname: ~p, ExpectedCN: ~p", [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]),
+ [{sni_hosts, ServerSNIConf}] = ?config(sni_server_opts, Config),
+ SNIFun = fun(Domain) -> proplists:get_value(Domain, ServerSNIConf, undefined) end,
+ ServerOptions = ?config(server_opts, Config) ++ [{sni_fun, SNIFun}],
+ ClientOptions =
+ case SNIHostname of
+ undefined ->
+ ?config(client_opts, Config);
+ _ ->
+ [{server_name_indication, SNIHostname}] ++ ?config(client_opts, Config)
+ end,
+ ct:log("Options: ~p", [[ServerOptions, ClientOptions]]),
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()}, {mfa, {?MODULE, send_and_hostname, []}},
+ {options, ServerOptions}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname}, {from, self()},
+ {mfa, {?MODULE, recv_and_certificate, []}},
+ {options, ClientOptions}]),
+ ssl_test_lib:check_result(Server, ExpectedSNIHostname, Client, ExpectedCN).
+
run_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) ->
ct:log("Start running handshake, Config: ~p, SNIHostname: ~p, ExpectedSNIHostname: ~p, ExpectedCN: ~p", [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]),