ssl: Fix alert handling (TLS 1.3)

Server and client use different secrets when sending certificate related alerts. This is due to a change to the TLS protocol where clients send their 'certificate' message after they have received the server's 'finished' message.
author: Péter Dimitrov <[email protected]> 2019-06-04 17:11:19 +0200
committer: Péter Dimitrov <[email protected]> 2019-06-07 14:26:41 +0200
commit: f79bea24bb252985c7abf18f4f03fcd604e9e512 (patch)
tree: e870be5bfe7f2a71ea7fe14a8e5aa159f07be711 /lib/ssl/test/ssl_test_lib.erl
parent: 83e0f5897ba6de0041819c0d7bdad9e856c73f6c (diff)
download: otp-f79bea24bb252985c7abf18f4f03fcd604e9e512.tar.gz
otp-f79bea24bb252985c7abf18f4f03fcd604e9e512.tar.bz2
otp-f79bea24bb252985c7abf18f4f03fcd604e9e512.zip
1 files changed, 24 insertions, 15 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index c706c68d3a..0318cc81e3 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -428,41 +428,42 @@ check_result(Pid, Msg) ->
 		      {got, Unexpected}},
 	    ct:fail(Reason)
     end.
+
 check_server_alert(Pid, Alert) ->
     receive
 	{Pid, {error, {tls_alert, {Alert, STxt}}}} ->
             check_server_txt(STxt),
+            ok;
+        {Pid, {error, closed}} ->
             ok
     end.
 check_server_alert(Server, Client, Alert) ->
     receive
 	{Server, {error, {tls_alert, {Alert, STxt}}}} ->
             check_server_txt(STxt),
-	    receive
-		{Client, {error, {tls_alert, {Alert, CTxt}}}} ->
-                    check_client_txt(CTxt),
-		    ok;
-		{Client, {error, closed}} ->
-		    ok
-	    end
+            check_client_alert(Client, Alert)
     end.
 check_client_alert(Pid, Alert) ->
     receive
 	{Pid, {error, {tls_alert, {Alert, CTxt}}}} ->
             check_client_txt(CTxt),
+            ok;
+        {Pid, {ssl_error, _, {tls_alert, {Alert, CTxt}}}} ->
+            check_client_txt(CTxt),
+            ok;
+        {Pid, {error, closed}} ->
             ok
     end.
 check_client_alert(Server, Client, Alert) ->
     receive
 	{Client, {error, {tls_alert, {Alert, CTxt}}}} ->
             check_client_txt(CTxt),
-	    receive
-		{Server, {error, {tls_alert, {Alert, STxt}}}} ->
-                      check_server_txt(STxt),
-		    ok;
-		{Server, {error, closed}} ->
-		    ok
-	    end
+            check_server_alert(Server, Alert);
+        {Client, {ssl_error, _, {tls_alert, {Alert, CTxt}}}} ->
+            check_client_txt(CTxt),
+            ok;
+        {Client, {error, closed}} ->
+            ok
     end.
 check_server_txt("TLS server" ++ _) ->
     ok;
@@ -1103,7 +1104,15 @@ run_client_error(Opts) ->
     Options = proplists:get_value(options, Opts),
     ct:log("~p:~p~nssl:connect(~p, ~p, ~p)~n", [?MODULE,?LINE, Host, Port, Options]),
     Error = Transport:connect(Host, Port, Options),
-    Pid ! {self(), Error}.
+    case Error of
+        {error, {tls_alert, _}} ->
+            Pid ! {self(), Error};
+        {ok, _Socket} ->
+            receive
+                {ssl_error, _, {tls_alert, _}} = SslError ->
+                                Pid ! {self(), SslError}
+            end
+    end.
 
 accepters(N) ->
     accepters([], N).
author	Péter Dimitrov <[email protected]>	2019-06-04 17:11:19 +0200
committer	Péter Dimitrov <[email protected]>	2019-06-07 14:26:41 +0200
commit	f79bea24bb252985c7abf18f4f03fcd604e9e512 (patch)
tree	e870be5bfe7f2a71ea7fe14a8e5aa159f07be711 /lib/ssl/test/ssl_test_lib.erl
parent	83e0f5897ba6de0041819c0d7bdad9e856c73f6c (diff)
download	otp-f79bea24bb252985c7abf18f4f03fcd604e9e512.tar.gz otp-f79bea24bb252985c7abf18f4f03fcd604e9e512.tar.bz2 otp-f79bea24bb252985c7abf18f4f03fcd604e9e512.zip