aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2010-05-11 09:23:42 +0000
committerErlang/OTP <[email protected]>2010-05-11 09:23:42 +0000
commit250ee20c846333338888d52deee5b57bb2eeed5b (patch)
tree0a58a2ead106e3bb5afc35eee07fcf23625c9732 /lib/ssl/test
parent48177ff7c93ba71f7687cd0189f5e60bd413c7c6 (diff)
downloadotp-250ee20c846333338888d52deee5b57bb2eeed5b.tar.gz
otp-250ee20c846333338888d52deee5b57bb2eeed5b.tar.bz2
otp-250ee20c846333338888d52deee5b57bb2eeed5b.zip
OTP-8568 RFC -5746
New ssl now supports secure renegotiation as described by RFC 5746.
Diffstat (limited to 'lib/ssl/test')
-rw-r--r--lib/ssl/test/ssl.cover14
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl85
-rw-r--r--lib/ssl/test/ssl_to_openssl_SUITE.erl34
3 files changed, 112 insertions, 21 deletions
diff --git a/lib/ssl/test/ssl.cover b/lib/ssl/test/ssl.cover
index 138bf96b9d..e8daa363c5 100644
--- a/lib/ssl/test/ssl.cover
+++ b/lib/ssl/test/ssl.cover
@@ -3,5 +3,17 @@
'PKIX1Explicit88',
'PKIX1Implicit88',
'PKIXAttributeCertificate',
- 'SSL-PKIX']}.
+ 'SSL-PKIX',
+ ssl_pem,
+ ssl_pkix,
+ ssl_base64,
+ ssl_broker,
+ ssl_broker_int,
+ ssl_broker_sup,
+ ssl_debug,
+ ssl_server,
+ ssl_prim,
+ inet_ssl_dist,
+ 'OTP-PKIX'
+ ]}.
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 3ee82d990b..9afcbd9113 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -171,7 +171,8 @@ all(suite) ->
client_verify_none_active, client_verify_none_active_once
%%, session_cache_process_list, session_cache_process_mnesia
,reuse_session, reuse_session_expired, server_does_not_want_to_reuse_session,
- client_renegotiate, server_renegotiate,
+ client_renegotiate, server_renegotiate, client_renegotiate_reused_session,
+ server_renegotiate_reused_session,
client_no_wrap_sequence_number, server_no_wrap_sequence_number,
extended_key_usage, validate_extensions_fun
].
@@ -665,7 +666,7 @@ misc_ssl_options(Config) when is_list(Config) ->
{password, []},
{reuse_session, fun(_,_,_,_) -> true end},
{debug, []},
- {cb_info, {gen_tcp, tcp, tcp_closed}}],
+ {cb_info, {gen_tcp, tcp, tcp_closed, tcp_error}}],
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -2112,6 +2113,76 @@ server_renegotiate(Config) when is_list(Config) ->
ok.
%%--------------------------------------------------------------------
+client_renegotiate_reused_session(doc) ->
+ ["Test ssl:renegotiate/1 on client when the ssl session will be reused."];
+
+client_renegotiate_reused_session(suite) ->
+ [];
+
+client_renegotiate_reused_session(Config) when is_list(Config) ->
+ process_flag(trap_exit, true),
+ ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ?config(client_opts, Config),
+
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Data = "From erlang to erlang",
+
+ Server =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, erlang_ssl_receive, [Data]}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE,
+ renegotiate_reuse_session, [Data]}},
+ {options, [{reuse_sessions, true} | ClientOpts]}]),
+
+ ssl_test_lib:check_result(Client, ok, Server, ok),
+
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client),
+ process_flag(trap_exit, false),
+ ok.
+%%--------------------------------------------------------------------
+server_renegotiate_reused_session(doc) ->
+ ["Test ssl:renegotiate/1 on server when the ssl session will be reused."];
+
+server_renegotiate_reused_session(suite) ->
+ [];
+
+server_renegotiate_reused_session(Config) when is_list(Config) ->
+ process_flag(trap_exit, true),
+ ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ?config(client_opts, Config),
+
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Data = "From erlang to erlang",
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE,
+ renegotiate_reuse_session, [Data]}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE, erlang_ssl_receive, [Data]}},
+ {options, [{reuse_sessions, true} | ClientOpts]}]),
+
+ ssl_test_lib:check_result(Server, ok, Client, ok),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client),
+ ok.
+
+%%--------------------------------------------------------------------
client_no_wrap_sequence_number(doc) ->
["Test that erlang client will renegotiate session when",
"max sequence number celing is about to be reached. Although"
@@ -2314,14 +2385,14 @@ renegotiate(Socket, Data) ->
case Result of
ok ->
ok;
- %% It is not an error in erlang ssl
- %% if peer rejects renegotiation.
- %% Connection will stay up
- {error, renegotiation_rejected} ->
- ok;
Other ->
Other
end.
+
+renegotiate_reuse_session(Socket, Data) ->
+ %% Make sure session is registerd
+ test_server:sleep(?SLEEP),
+ renegotiate(Socket, Data).
session_cache_process_list(doc) ->
["Test reuse of sessions (short handshake)"];
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 186bf52ff6..03466aec6f 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -81,11 +81,20 @@ end_per_suite(_Config) ->
%% variable, but should NOT alter/remove any existing entries.
%% Description: Initialization before each test case
%%--------------------------------------------------------------------
-init_per_testcase(_TestCase, Config0) ->
+init_per_testcase(TestCase, Config0) ->
Config = lists:keydelete(watchdog, 1, Config0),
Dog = ssl_test_lib:timetrap(?TIMEOUT),
- [{watchdog, Dog} | Config].
+ special_init(TestCase, [{watchdog, Dog} | Config]).
+special_init(TestCase, Config)
+ when TestCase == erlang_client_openssl_server_renegotiate;
+ TestCase == erlang_client_openssl_server_no_wrap_sequence_number;
+ TestCase == erlang_server_openssl_client_no_wrap_sequence_number ->
+ check_sane_openssl_renegotaite(Config);
+
+special_init(_, Config) ->
+ Config.
+
%%--------------------------------------------------------------------
%% Function: end_per_testcase(TestCase, Config) -> _
%% Case - atom()
@@ -297,12 +306,8 @@ erlang_client_openssl_server_renegotiate(Config) when is_list(Config) ->
test_server:sleep(?SLEEP),
port_command(OpensslPort, OpenSslData),
- %%ssl_test_lib:check_result(Client, ok),
- %% Currently allow test case to not fail
- %% if server requires secure renegotiation from RFC-5746
- %% This should be removed as soon as we have implemented it.
- ssl_test_lib:check_result_ignore_renegotiation_reject(Client, ok),
-
+ ssl_test_lib:check_result(Client, ok),
+
%% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
@@ -350,11 +355,7 @@ erlang_client_openssl_server_no_wrap_sequence_number(Config) when is_list(Config
{options, [{reuse_sessions, false},
{renegotiate_at, N} | ClientOpts]}]),
- %%ssl_test_lib:check_result(Client, ok),
- %% Currently allow test case to not fail
- %% if server requires secure renegotiation from RFC-5746
- %% This should be removed as soon as we have implemented it.
- ssl_test_lib:check_result_ignore_renegotiation_reject(Client, ok),
+ ssl_test_lib:check_result(Client, ok),
%% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
@@ -1080,3 +1081,10 @@ wait_for_openssl_server() ->
test_server:sleep(?SLEEP)
end.
+check_sane_openssl_renegotaite(Config) ->
+ case os:cmd("openssl version") of
+ "OpenSSL 0.9.8l" ++ _ ->
+ {skip, "Known renegotiation bug in OppenSSL"};
+ _ ->
+ Config
+ end.