diff options
author | Qijiang Fan <[email protected]> | 2015-04-16 22:25:57 +0800 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2015-05-12 14:04:06 +0200 |
commit | db509dd5debcd72d7f1d024d289315274f9b788b (patch) | |
tree | 9f8ccb37cf9ad162a2d1b90662109c1656d17017 /lib/ssl/test/ssl_sni_SUITE.erl | |
parent | 181ceb12675b59de9bd7a881fe9b58995d03bac0 (diff) | |
download | otp-db509dd5debcd72d7f1d024d289315274f9b788b.tar.gz otp-db509dd5debcd72d7f1d024d289315274f9b788b.tar.bz2 otp-db509dd5debcd72d7f1d024d289315274f9b788b.zip |
ssl: add option sni_fun
The newly added function sni_fun allows dynamic update of SSL options
like keys and certificates depending on different SNI hostname, rather
than a predefined rules of SSL options.
Diffstat (limited to 'lib/ssl/test/ssl_sni_SUITE.erl')
-rw-r--r-- | lib/ssl/test/ssl_sni_SUITE.erl | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_sni_SUITE.erl b/lib/ssl/test/ssl_sni_SUITE.erl index 134e508b10..46cd644e4d 100644 --- a/lib/ssl/test/ssl_sni_SUITE.erl +++ b/lib/ssl/test/ssl_sni_SUITE.erl @@ -31,7 +31,7 @@ %%-------------------------------------------------------------------- suite() -> [{ct_hooks,[ts_install_cth]}]. -all() -> [no_sni_header, sni_match, sni_no_match]. +all() -> [no_sni_header, sni_match, sni_no_match] ++ [no_sni_header_fun, sni_match_fun, sni_no_match_fun]. init_per_suite(Config0) -> catch crypto:stop(), @@ -57,12 +57,20 @@ end_per_suite(_) -> no_sni_header(Config) -> run_handshake(Config, undefined, undefined, "server"). +no_sni_header_fun(Config) -> + run_sni_fun_handshake(Config, undefined, undefined, "server"). + sni_match(Config) -> run_handshake(Config, "a.server", "a.server", "a.server"). +sni_match_fun(Config) -> + run_sni_fun_handshake(Config, "a.server", "a.server", "a.server"). + sni_no_match(Config) -> run_handshake(Config, "c.server", undefined, "server"). +sni_no_match_fun(Config) -> + run_sni_fun_handshake(Config, "c.server", undefined, "server"). %%-------------------------------------------------------------------- @@ -112,6 +120,30 @@ recv_and_certificate(SSLSocket) -> ct:log("Subject of certificate received from server: ~p", [Subject]), rdn_to_string(rdnPart(Subject, ?'id-at-commonName')). +run_sni_fun_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) -> + ct:log("Start running handshake for sni_fun, Config: ~p, SNIHostname: ~p, ExpectedSNIHostname: ~p, ExpectedCN: ~p", [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]), + [{sni_hosts, ServerSNIConf}] = ?config(sni_server_opts, Config), + SNIFun = fun(Domain) -> proplists:get_value(Domain, ServerSNIConf, undefined) end, + ServerOptions = ?config(server_opts, Config) ++ [{sni_fun, SNIFun}], + ClientOptions = + case SNIHostname of + undefined -> + ?config(client_opts, Config); + _ -> + [{server_name_indication, SNIHostname}] ++ ?config(client_opts, Config) + end, + ct:log("Options: ~p", [[ServerOptions, ClientOptions]]), + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, + {from, self()}, {mfa, {?MODULE, send_and_hostname, []}}, + {options, ServerOptions}]), + Port = ssl_test_lib:inet_port(Server), + Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, + {host, Hostname}, {from, self()}, + {mfa, {?MODULE, recv_and_certificate, []}}, + {options, ClientOptions}]), + ssl_test_lib:check_result(Server, ExpectedSNIHostname, Client, ExpectedCN). + run_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) -> ct:log("Start running handshake, Config: ~p, SNIHostname: ~p, ExpectedSNIHostname: ~p, ExpectedCN: ~p", [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]), |