ssl: Add connection information items

Add session_id and remove undocumented ssl:session_info/1 Add client_random, server_random and master_secret, they will not be included in ssl:connection_information/1 as they may affect the connections security if used recklessly.
author: Ingela Anderton Andin <[email protected]> 2017-03-15 15:37:59 +0100
committer: Ingela Anderton Andin <[email protected]> 2017-03-21 15:27:25 +0100
commit: e682fd8081ba3f60db28da9185a027e3bded6a06 (patch)
tree: 7199ccd45db91e3df9b1a71582b67c458b6aa69f /lib/ssl/test
parent: 746e7ac3262747204c2d26bac94d748c38c16076 (diff)
download: otp-e682fd8081ba3f60db28da9185a027e3bded6a06.tar.gz
otp-e682fd8081ba3f60db28da9185a027e3bded6a06.tar.bz2
otp-e682fd8081ba3f60db28da9185a027e3bded6a06.zip
3 files changed, 50 insertions, 13 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 86426bdb60..4eabe544d7 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -148,6 +148,7 @@ options_tests_tls() ->
 
 api_tests() ->
     [connection_info,
+     secret_connection_info,
      connection_information,
      peercert,
      peercert_with_client_cert,
@@ -611,7 +612,7 @@ prf(Config) when is_list(Config) ->
 %%--------------------------------------------------------------------
 
 connection_info() ->
-    [{doc,"Test the API function ssl:connection_information/1"}].
+    [{doc,"Test the API function ssl:connection_information/2"}].
 connection_info(Config) when is_list(Config) -> 
     ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
     ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
@@ -645,6 +646,38 @@ connection_info(Config) when is_list(Config) ->
 
 %%--------------------------------------------------------------------
 
+secret_connection_info() ->
+    [{doc,"Test the API function ssl:connection_information/2"}].
+secret_connection_info(Config) when is_list(Config) -> 
+    ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+    ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+					{from, self()}, 
+					{mfa, {?MODULE, secret_connection_info_result, []}},
+					{options, ServerOpts}]),
+    
+    Port = ssl_test_lib:inet_port(Server),
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+					{host, Hostname},
+                                        {from, self()}, 
+                                        {mfa, {?MODULE, secret_connection_info_result, []}},
+                                        {options, ClientOpts}]),
+    
+    ct:log("Testcase ~p, Client ~p  Server ~p ~n",
+		       [self(), Client, Server]),
+
+    Version = ssl_test_lib:protocol_version(Config),    
+			   
+    ssl_test_lib:check_result(Server, true, Client, true),
+    
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
+
+
+%%--------------------------------------------------------------------
+
 connection_information() ->
     [{doc,"Test the API function ssl:connection_information/1"}].
 connection_information(Config) when is_list(Config) -> 
@@ -3414,7 +3447,6 @@ listen_socket(Config) ->
     {error, enotconn} = ssl:connection_information(ListenSocket),
     {error, enotconn} = ssl:peername(ListenSocket),
     {error, enotconn} = ssl:peercert(ListenSocket),
-    {error, enotconn} = ssl:session_info(ListenSocket),
     {error, enotconn} = ssl:renegotiate(ListenSocket),
     {error, enotconn} = ssl:prf(ListenSocket, 'master_secret', <<"Label">>, client_random, 256),
     {error, enotconn} = ssl:shutdown(ListenSocket, read_write),
@@ -4638,6 +4670,11 @@ version_info_result(Socket) ->
     {ok, [{version, Version}]} = ssl:connection_information(Socket, [version]),
     {ok, Version}.
 
+secret_connection_info_result(Socket) ->
+    {ok, [{client_random, ClientRand}, {server_random, ServerRand}, {master_secret, MasterSecret}]} 
+        = ssl:connection_information(Socket, [client_random, server_random, master_secret]),
+    is_binary(ClientRand) andalso is_binary(ServerRand) andalso is_binary(MasterSecret). 
+    
 connect_dist_s(S) ->
     Msg = term_to_binary({erlang,term}),
     ok = ssl:send(S, Msg).
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index 3446a566c4..c8caa9c11a 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -1973,14 +1973,14 @@ passive_recv_packet(Socket, _, 0) ->
 	    {error, timeout} = ssl:recv(Socket, 0, 500),
 	    ok;
 	Other ->
-	    {other, Other, ssl:session_info(Socket), 0}
+	    {other, Other, ssl:connection_information(Socket, [session_id, cipher_suite]), 0}
     end;
 passive_recv_packet(Socket, Data, N) ->
     case ssl:recv(Socket, 0) of
 	{ok, Data} -> 
 	    passive_recv_packet(Socket, Data, N-1);
 	Other ->
-	    {other, Other, ssl:session_info(Socket), N}
+	    {other, Other, ssl:connection_information(Socket, [session_id, cipher_suite]), N}
     end.
 
 send(Socket,_, 0) ->
@@ -2032,7 +2032,7 @@ active_once_packet(Socket,_, 0) ->
 	{ssl, Socket, []} ->
 	    ok;
 	{ssl, Socket, Other} ->
-	    {other, Other, ssl:session_info(Socket), 0}
+	    {other, Other, ssl:connection_information(Socket,  [session_id, cipher_suite]), 0}
     end;
 active_once_packet(Socket, Data, N) ->
     receive 	
@@ -2077,7 +2077,7 @@ active_packet(Socket, _, 0) ->
 	{ssl, Socket, []} ->
 	    ok;
 	Other ->
-	    {other, Other, ssl:session_info(Socket), 0}
+	    {other, Other, ssl:connection_information(Socket,  [session_id, cipher_suite]), 0}
     end;
 active_packet(Socket, Data, N) ->
     receive 
@@ -2089,7 +2089,7 @@ active_packet(Socket, Data, N) ->
 	{ssl, Socket, Data} ->
 	    active_packet(Socket, Data, N -1);
 	Other ->
-	    {other, Other, ssl:session_info(Socket),N}
+	    {other, Other, ssl:connection_information(Socket,  [session_id, cipher_suite]),N}
     end.
 
 assert_packet_opt(Socket, Type) ->
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 4b740c79db..3768fc2259 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -782,18 +782,18 @@ no_result(_) ->
     no_result_msg.
 
 trigger_renegotiate(Socket, [ErlData, N]) ->
-    [{session_id, Id} | _ ] = ssl:session_info(Socket),
+     {ok, [{session_id, Id}]} = ssl:connection_information(Socket,  [session_id]),
     trigger_renegotiate(Socket, ErlData, N, Id).
 
 trigger_renegotiate(Socket, _, 0, Id) ->
     ct:sleep(1000),
-    case ssl:session_info(Socket) of
-	[{session_id, Id} | _ ] ->
+    case ssl:connection_information(Socket,  [session_id]) of
+        {ok, [{session_id, Id}]} ->
 	    fail_session_not_renegotiated;
 	%% Tests that uses this function will not reuse
 	%% sessions so if we get a new session id the
 	%% renegotiation has succeeded.
-       	[{session_id, _} | _ ] -> 
+        {ok, [{session_id, _}]} -> 
 	    ok;
 	{error, closed} ->
 	    fail_session_fatal_alert_during_renegotiation;
@@ -998,8 +998,8 @@ cipher_result(Socket, Result) ->
     end.
 
 session_info_result(Socket) ->
-    ssl:session_info(Socket).
-
+    {ok, Info} = ssl:connection_information(Socket,  [session_id, cipher_suite]),
+    Info.
 
 public_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
 				 #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?rsaEncryption},
author	Ingela Anderton Andin <[email protected]>	2017-03-15 15:37:59 +0100
committer	Ingela Anderton Andin <[email protected]>	2017-03-21 15:27:25 +0100
commit	e682fd8081ba3f60db28da9185a027e3bded6a06 (patch)
tree	7199ccd45db91e3df9b1a71582b67c458b6aa69f /lib/ssl/test
parent	746e7ac3262747204c2d26bac94d748c38c16076 (diff)
download	otp-e682fd8081ba3f60db28da9185a027e3bded6a06.tar.gz otp-e682fd8081ba3f60db28da9185a027e3bded6a06.tar.bz2 otp-e682fd8081ba3f60db28da9185a027e3bded6a06.zip