public_key, ssl: Patch 1112

OTP-7046 Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6. OTP-8553 Moved extended key usage test for ssl values to ssl. OTP-8557 Fixes handling of the option fail_if_no_peer_cert and some undocumented options. Thanks to Rory Byrne. OTP-7046 Support for Diffie-Hellman. ssl-3.11 requires public_key-0.6. OTP-8517 New ssl now properly handles ssl renegotiation, and initiates a renegotiation if ssl/ltls-sequence numbers comes close to the max value. However RFC-5746 is not yet supported, but will be in an upcoming release. OTP-8545 When gen_tcp is configured with the {packet,http} option, it automatically switches to expect HTTP Headers after a HTTP Request/Response line has been received. This update fixes ssl to behave in the same way. Thanks to Rory Byrne. OTP-8554 Ssl now correctly verifies the extended_key_usage extension and also allows the user to verify application specific extensions by supplying an appropriate fun. OTP-8560 Fixed ssl:transport_accept/2 to return properly when socket is closed. Thanks to Rory Byrne.
author: Dan Gudmundsson <[email protected]> 2010-04-20 12:00:00 +0200
committer: Björn Gustavsson <[email protected]> 2010-08-20 08:50:41 +0200
commit: f0dbde23b539999add8754ec84541698419fc8b5 (patch)
tree: c2924c60a51335f1b25ef6493b8013fb6de52c7a /lib/ssl/test/ssl_test_lib.erl
parent: b792ebc90dca5c9ba3d75d7f3c56e2295ae5d6f3 (diff)
download: otp-f0dbde23b539999add8754ec84541698419fc8b5.tar.gz
otp-f0dbde23b539999add8754ec84541698419fc8b5.tar.bz2
otp-f0dbde23b539999add8754ec84541698419fc8b5.zip
1 files changed, 128 insertions, 44 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 2df2e70679..00c5350ad0 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -26,6 +26,7 @@
 %% Note: This directive should only be used in test suites.
 -compile(export_all).
 
+-record(sslsocket, { fd = nil, pid = nil}).
 
 timetrap(Time) ->
     Mul = try 
@@ -52,7 +53,11 @@ node_to_hostip(Node) ->
     Address.
 
 start_server(Args) ->
-    spawn_link(?MODULE, run_server, [Args]).
+    Result = spawn_link(?MODULE, run_server, [Args]),
+    receive
+	{listen, up} ->
+	    Result
+    end.
 
 run_server(Opts) ->
     Node = proplists:get_value(node, Opts),
@@ -61,23 +66,14 @@ run_server(Opts) ->
     Pid = proplists:get_value(from, Opts),
     test_server:format("ssl:listen(~p, ~p)~n", [Port, Options]),
     {ok, ListenSocket} = rpc:call(Node, ssl, listen, [Port, Options]),
-    case Port of
-	0 ->
-	    {ok, {_, NewPort}} = ssl:sockname(ListenSocket),	 
-	    Pid ! {self(), {port, NewPort}};
-	_ ->
-	    ok
-    end,
+    Pid ! {listen, up},
+    send_selected_port(Pid, Port, ListenSocket),
     run_server(ListenSocket, Opts).
 
 run_server(ListenSocket, Opts) ->
+    AcceptSocket = connect(ListenSocket, Opts),
     Node = proplists:get_value(node, Opts),
     Pid = proplists:get_value(from, Opts),
-    test_server:format("ssl:transport_accept(~p)~n", [ListenSocket]),
-    {ok, AcceptSocket} = rpc:call(Node, ssl, transport_accept, 
-				  [ListenSocket]),    
-    test_server:format("ssl:ssl_accept(~p)~n", [AcceptSocket]),
-    ok = rpc:call(Node, ssl, ssl_accept, [AcceptSocket]),
     {Module, Function, Args} = proplists:get_value(mfa, Opts),
     test_server:format("Server: apply(~p,~p,~p)~n", 
 		       [Module, Function, [AcceptSocket | Args]]),
@@ -85,6 +81,7 @@ run_server(ListenSocket, Opts) ->
 	no_result_msg ->
 	    ok;
 	Msg ->
+	    test_server:format("Msg: ~p ~n", [Msg]),    
 	    Pid ! {self(), Msg}
     end,
     receive 
@@ -94,8 +91,44 @@ run_server(ListenSocket, Opts) ->
 	    ok = rpc:call(Node, ssl, close, [AcceptSocket])
     end.
 
+%%% To enable to test with s_client -reconnect
+connect(ListenSocket, Opts) ->
+    Node = proplists:get_value(node, Opts),
+    ReconnectTimes =  proplists:get_value(reconnect_times, Opts, 0),
+    AcceptSocket = connect(ListenSocket, Node, 1 + ReconnectTimes, dummy),
+    case ReconnectTimes of
+	0 ->
+	    AcceptSocket;
+	_ ->
+	  remove_close_msg(ReconnectTimes),
+	  AcceptSocket
+    end.
+    
+connect(_, _, 0, AcceptSocket) ->
+    AcceptSocket;
+connect(ListenSocket, Node, N, _) ->
+    test_server:format("ssl:transport_accept(~p)~n", [ListenSocket]),
+    {ok, AcceptSocket} = rpc:call(Node, ssl, transport_accept, 
+				  [ListenSocket]),    
+    test_server:format("ssl:ssl_accept(~p)~n", [AcceptSocket]),
+    ok = rpc:call(Node, ssl, ssl_accept, [AcceptSocket]),
+    connect(ListenSocket, Node, N-1, AcceptSocket).
+  
+remove_close_msg(0) ->
+    ok;
+remove_close_msg(ReconnectTimes) ->
+    receive
+	{ssl_closed, _} ->
+	   remove_close_msg(ReconnectTimes -1)
+    end.
+	    
+
 start_client(Args) ->
-    spawn_link(?MODULE, run_client, [Args]).
+    Result = spawn_link(?MODULE, run_client, [Args]),
+    receive 
+	connected ->
+	    Result
+    end.
 
 run_client(Opts) ->
     Node = proplists:get_value(node, Opts),
@@ -106,14 +139,11 @@ run_client(Opts) ->
     test_server:format("ssl:connect(~p, ~p, ~p)~n", [Host, Port, Options]),
     case rpc:call(Node, ssl, connect, [Host, Port, Options]) of
 	{ok, Socket} ->
+	    Pid ! connected,
 	    test_server:format("Client: connected~n", []), 
-	    case proplists:get_value(port, Options) of
-		0 ->
-		    {ok, {_, NewPort}} = ssl:sockname(Socket),	 
-		    Pid ! {self(), {port, NewPort}};
-		_ ->
-		    ok
-	    end,
+	    %% In specail cases we want to know the client port, it will
+	    %% be indicated by sending {port, 0} in options list!
+	    send_selected_port(Pid,  proplists:get_value(port, Options), Socket),
 	    {Module, Function, Args} = proplists:get_value(mfa, Opts),
 	    test_server:format("Client: apply(~p,~p,~p)~n", 
 			       [Module, Function, [Socket | Args]]),
@@ -178,6 +208,26 @@ check_result(Pid, Msg) ->
 	    test_server:fail(Reason)
     end.
 
+check_result_ignore_renegotiation_reject(Pid, Msg) -> 
+    receive 
+	{Pid,  fail_session_fatal_alert_during_renegotiation} ->
+	    test_server:comment("Server rejected old renegotiation"),
+	    ok;
+	{ssl_error, _, esslconnect} ->
+	    test_server:comment("Server rejected old renegotiation"),
+	    ok;
+	{Pid, Msg} -> 
+	    ok;
+	{Port, {data,Debug}} when is_port(Port) ->
+	    io:format("openssl ~s~n",[Debug]),
+	    check_result(Pid,Msg);
+	Unexpected ->
+	    Reason = {{expected, {Pid, Msg}}, 
+		      {got, Unexpected}},
+	    test_server:fail(Reason)
+    end.
+
+
 wait_for_result(Server, ServerMsg, Client, ClientMsg) -> 
     receive 
 	{Server, ServerMsg} -> 
@@ -237,7 +287,7 @@ cert_options(Config) ->
 				   "badcert.pem"]),
     BadKeyFile = filename:join([?config(priv_dir, Config), 
 			      "badkey.pem"]),
-    [{client_opts, [{ssl_imp, new}]}, 
+    [{client_opts, [{ssl_imp, new},{reuseaddr, true}]}, 
      {client_verification_opts, [{cacertfile, ClientCaCertFile}, 
 				{certfile, ClientCertFile},  
 				{keyfile, ClientKeyFile},
@@ -269,7 +319,11 @@ cert_options(Config) ->
 
 
 start_upgrade_server(Args) ->
-    spawn_link(?MODULE, run_upgrade_server, [Args]).
+    Result = spawn_link(?MODULE, run_upgrade_server, [Args]),
+    receive
+	{listen, up} ->
+	    Result
+    end.
 
 run_upgrade_server(Opts) ->
     Node = proplists:get_value(node, Opts),
@@ -281,15 +335,8 @@ run_upgrade_server(Opts) ->
 
     test_server:format("gen_tcp:listen(~p, ~p)~n", [Port, TcpOptions]),
     {ok, ListenSocket} = rpc:call(Node, gen_tcp, listen, [Port, TcpOptions]),
-
-    case Port of
-	0 ->
-	    {ok, {_, NewPort}} = inet:sockname(ListenSocket),	 
-	    Pid ! {self(), {port, NewPort}};
-	_ ->
-	    ok
-    end,
-
+    Pid ! {listen, up},
+    send_selected_port(Pid, Port, ListenSocket),
     test_server:format("gen_tcp:accept(~p)~n", [ListenSocket]),
     {ok, AcceptSocket} = rpc:call(Node, gen_tcp, accept, [ListenSocket]),
 
@@ -331,14 +378,8 @@ run_upgrade_client(Opts) ->
     test_server:format("gen_tcp:connect(~p, ~p, ~p)~n", 
 		       [Host, Port, TcpOptions]),
     {ok, Socket} = rpc:call(Node, gen_tcp, connect, [Host, Port, TcpOptions]),
-    
-    case proplists:get_value(port, Opts) of
-	0 ->
-	    {ok, {_, NewPort}} = inet:sockname(Socket),	 
-	    Pid ! {self(), {port, NewPort}};
-	_ ->
-	    ok
-    end,
+
+    send_selected_port(Pid, Port, Socket),
 
     test_server:format("ssl:connect(~p, ~p)~n", [Socket, SslOptions]),
     {ok, SslSocket} = rpc:call(Node, ssl, connect, [Socket, SslOptions]),
@@ -354,7 +395,11 @@ run_upgrade_client(Opts) ->
     end.
 
 start_server_error(Args) ->
-    spawn_link(?MODULE, run_server_error, [Args]).
+    Result = spawn_link(?MODULE, run_server_error, [Args]),
+    receive 
+	{listen, up} ->
+	    Result
+    end.
 
 run_server_error(Opts) ->
     Node = proplists:get_value(node, Opts),
@@ -364,8 +409,10 @@ run_server_error(Opts) ->
     test_server:format("ssl:listen(~p, ~p)~n", [Port, Options]),
     case rpc:call(Node, ssl, listen, [Port, Options]) of
 	{ok, ListenSocket} ->
-	    test_server:sleep(2000), %% To make sure error_client will
+	    %% To make sure error_client will
 	    %% get {error, closed} and not {error, connection_refused}
+	    Pid ! {listen, up},
+	    send_selected_port(Pid, Port, ListenSocket),
 	    test_server:format("ssl:transport_accept(~p)~n", [ListenSocket]),
 	    case rpc:call(Node, ssl, transport_accept, [ListenSocket]) of
 		{error, _} = Error ->
@@ -376,6 +423,9 @@ run_server_error(Opts) ->
 		    Pid ! {self(), Error}
 	    end;
 	Error ->
+	    %% Not really true but as this is an error test 
+	    %% this is what we want.
+	    Pid ! {listen, up},
 	    Pid ! {self(), Error}
     end.
 
@@ -400,8 +450,8 @@ inet_port(Pid) when is_pid(Pid)->
 
 inet_port(Node) ->
     {Port, Socket} = do_inet_port(Node),
-    rpc:call(Node, gen_tcp, close, [Socket]),
-    Port.
+     rpc:call(Node, gen_tcp, close, [Socket]),
+     Port.
 
 do_inet_port(Node) ->
     {ok, Socket} = rpc:call(Node, gen_tcp, listen, [0, [{reuseaddr, true}]]),
@@ -410,3 +460,37 @@ do_inet_port(Node) ->
 
 no_result(_) ->
     no_result_msg.
+
+trigger_renegotiate(Socket, [ErlData, N]) ->
+    [{session_id, Id} | _ ] = ssl:session_info(Socket),
+    trigger_renegotiate(Socket, ErlData, N, Id).
+
+trigger_renegotiate(Socket, _, 0, Id) ->
+    test_server:sleep(1000),
+    case ssl:session_info(Socket) of
+	[{session_id, Id} | _ ] ->
+	    fail_session_not_renegotiated;
+	%% Tests that uses this function will not reuse
+	%% sessions so if we get a new session id the
+	%% renegotiation has succeeded.
+       	[{session_id, _} | _ ] -> 
+	    ok;
+	{error, closed} ->
+	    fail_session_fatal_alert_during_renegotiation;
+	{error, timeout} ->
+	    fail_timeout
+    end;
+
+trigger_renegotiate(Socket, ErlData, N, Id) ->
+    ssl:send(Socket, ErlData),
+    trigger_renegotiate(Socket, ErlData, N-1, Id).				   
+    
+
+send_selected_port(Pid, 0, #sslsocket{} = Socket) ->
+    {ok, {_, NewPort}} = ssl:sockname(Socket),	 
+    Pid ! {self(), {port, NewPort}};
+send_selected_port(Pid, 0, Socket) ->
+    {ok, {_, NewPort}} = inet:sockname(Socket),	 
+    Pid ! {self(), {port, NewPort}};
+send_selected_port(_,_,_) ->
+    ok.
author	Dan Gudmundsson <[email protected]>	2010-04-20 12:00:00 +0200
committer	Björn Gustavsson <[email protected]>	2010-08-20 08:50:41 +0200
commit	f0dbde23b539999add8754ec84541698419fc8b5 (patch)
tree	c2924c60a51335f1b25ef6493b8013fb6de52c7a /lib/ssl/test/ssl_test_lib.erl
parent	b792ebc90dca5c9ba3d75d7f3c56e2295ae5d6f3 (diff)
download	otp-f0dbde23b539999add8754ec84541698419fc8b5.tar.gz otp-f0dbde23b539999add8754ec84541698419fc8b5.tar.bz2 otp-f0dbde23b539999add8754ec84541698419fc8b5.zip