aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_to_openssl_SUITE.erl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-06-11 08:21:23 +0000
committerErlang/OTP <[email protected]>2010-06-11 08:21:23 +0000
commit4d0e43b5e252b979d50c17592c08ae68ece5fa07 (patch)
tree179408fb7b2eb80ae402a00443c5158c9c6d9428 /lib/ssl/test/ssl_to_openssl_SUITE.erl
parenta346eb92eb7b5bedb36768c0a63b82547919bc0b (diff)
downloadotp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.tar.gz
otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.tar.bz2
otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.zip
OTP-8695 New ssl default
Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
Diffstat (limited to 'lib/ssl/test/ssl_to_openssl_SUITE.erl')
-rw-r--r--lib/ssl/test/ssl_to_openssl_SUITE.erl129
1 files changed, 112 insertions, 17 deletions
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 4981ac0424..d2a4ca8db5 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -25,8 +25,6 @@
-compile(export_all).
-include("test_server.hrl").
--include("test_server_line.hrl").
--include("ssl_pkix.hrl").
-define(TIMEOUT, 120000).
-define(SLEEP, 1000).
@@ -45,19 +43,22 @@
%% Note: This function is free to add any key/value pairs to the Config
%% variable, but should NOT alter/remove any existing entries.
%%--------------------------------------------------------------------
-init_per_suite(Config) ->
+init_per_suite(Config0) ->
+ Dog = ssl_test_lib:timetrap(?TIMEOUT *2),
case os:find_executable("openssl") of
false ->
{skip, "Openssl not found"};
_ ->
crypto:start(),
+ application:start(public_key),
ssl:start(),
Result =
- (catch make_certs:all(?config(data_dir, Config),
- ?config(priv_dir, Config))),
+ (catch make_certs:all(?config(data_dir, Config0),
+ ?config(priv_dir, Config0))),
test_server:format("Make certs ~p~n", [Result]),
- NewConfig = ssl_test_lib:make_dsa_cert(Config),
- ssl_test_lib:cert_options(NewConfig)
+ Config1 = ssl_test_lib:make_dsa_cert(Config0),
+ Config = ssl_test_lib:cert_options(Config1),
+ [{watchdog, Dog} | Config]
end.
%%--------------------------------------------------------------------
@@ -143,9 +144,10 @@ all(doc) ->
all(suite) ->
[erlang_client_openssl_server,
erlang_server_openssl_client,
- %% Comment out when new crypto sign functions is available
- %%erlang_client_openssl_server_dsa_cert,
- %%erlang_server_openssl_client_dsa_cert,
+ tls1_erlang_client_openssl_server_dsa_cert,
+ tls1_erlang_server_openssl_client_dsa_cert,
+ ssl3_erlang_client_openssl_server_dsa_cert,
+ ssl3_erlang_server_openssl_client_dsa_cert,
erlang_server_openssl_client_reuse_session,
erlang_client_openssl_server_renegotiate,
erlang_client_openssl_server_no_wrap_sequence_number,
@@ -252,11 +254,11 @@ erlang_server_openssl_client(Config) when is_list(Config) ->
%%--------------------------------------------------------------------
-erlang_client_openssl_server_dsa_cert(doc) ->
+tls1_erlang_client_openssl_server_dsa_cert(doc) ->
["Test erlang server with openssl client"];
-erlang_client_openssl_server_dsa_cert(suite) ->
+tls1_erlang_client_openssl_server_dsa_cert(suite) ->
[];
-erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
+tls1_erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
process_flag(trap_exit, true),
ClientOpts = ?config(client_dsa_opts, Config),
ServerOpts = ?config(server_dsa_opts, Config),
@@ -300,11 +302,11 @@ erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
%%--------------------------------------------------------------------
-erlang_server_openssl_client_dsa_cert(doc) ->
+tls1_erlang_server_openssl_client_dsa_cert(doc) ->
["Test erlang server with openssl client"];
-erlang_server_openssl_client_dsa_cert(suite) ->
+tls1_erlang_server_openssl_client_dsa_cert(suite) ->
[];
-erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
+tls1_erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
process_flag(trap_exit, true),
ClientOpts = ?config(client_dsa_opts, Config),
ServerOpts = ?config(server_dsa_opts, Config),
@@ -338,6 +340,97 @@ erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
close_port(OpenSslPort),
process_flag(trap_exit, false),
ok.
+
+%%--------------------------------------------------------------------
+
+ssl3_erlang_client_openssl_server_dsa_cert(doc) ->
+ ["Test erlang server with openssl client"];
+ssl3_erlang_client_openssl_server_dsa_cert(suite) ->
+ [];
+ssl3_erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
+ process_flag(trap_exit, true),
+ ClientOpts = ?config(client_dsa_opts, Config),
+ ServerOpts = ?config(server_dsa_opts, Config),
+
+ {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
+
+ Data = "From openssl to erlang",
+
+ Port = ssl_test_lib:inet_port(node()),
+ CaCertFile = proplists:get_value(cacertfile, ServerOpts),
+ CertFile = proplists:get_value(certfile, ServerOpts),
+ KeyFile = proplists:get_value(keyfile, ServerOpts),
+
+ Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++
+ " -cert " ++ CertFile ++ " -CAfile " ++ CaCertFile
+ ++ " -key " ++ KeyFile ++ " -Verify 2 -ssl3 -msg",
+
+ test_server:format("openssl cmd: ~p~n", [Cmd]),
+
+ OpensslPort = open_port({spawn, Cmd}, [stderr_to_stdout]),
+
+ wait_for_openssl_server(),
+
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE,
+ erlang_ssl_receive, [Data]}},
+ {options, ClientOpts}]),
+
+ port_command(OpensslPort, Data),
+
+ ssl_test_lib:check_result(Client, ok),
+
+ %% Clean close down! Server needs to be closed first !!
+ close_port(OpensslPort),
+
+ ssl_test_lib:close(Client),
+ process_flag(trap_exit, false),
+ ok.
+
+%%--------------------------------------------------------------------
+
+ssl3_erlang_server_openssl_client_dsa_cert(doc) ->
+ ["Test erlang server with openssl client"];
+ssl3_erlang_server_openssl_client_dsa_cert(suite) ->
+ [];
+ssl3_erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
+ process_flag(trap_exit, true),
+ ClientOpts = ?config(client_dsa_opts, Config),
+ ServerOpts = ?config(server_dsa_opts, Config),
+
+ {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+
+ Data = "From openssl to erlang",
+ CaCertFile = proplists:get_value(cacertfile, ClientOpts),
+ CertFile = proplists:get_value(certfile, ClientOpts),
+ KeyFile = proplists:get_value(keyfile, ClientOpts),
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, erlang_ssl_receive, [Data]}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+
+ Cmd = "openssl s_client -port " ++ integer_to_list(Port) ++
+ " -host localhost " ++ " -cert " ++ CertFile ++ " -CAfile " ++ CaCertFile
+ ++ " -key " ++ KeyFile ++ " -ssl3 -msg",
+
+ test_server:format("openssl cmd: ~p~n", [Cmd]),
+
+ OpenSslPort = open_port({spawn, Cmd}, [stderr_to_stdout]),
+ port_command(OpenSslPort, Data),
+
+ ssl_test_lib:check_result(Server, ok),
+
+ ssl_test_lib:close(Server),
+
+ close_port(OpenSslPort),
+ process_flag(trap_exit, false),
+ ok.
+
+
%%--------------------------------------------------------------------
erlang_server_openssl_client_reuse_session(doc) ->
@@ -1314,7 +1407,9 @@ wait_for_openssl_server() ->
check_sane_openssl_renegotaite(Config) ->
case os:cmd("openssl version") of
- "OpenSSL 0.9.8l" ++ _ ->
+ "OpenSSL 0.9.8" ++ _ ->
+ {skip, "Known renegotiation bug in OppenSSL"};
+ "OpenSSL 0.9.7" ++ _ ->
{skip, "Known renegotiation bug in OppenSSL"};
_ ->
Config
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 17:19:16 +0000