diff options
author | Ingela Anderton Andin <[email protected]> | 2011-11-28 14:03:54 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2011-11-28 14:03:54 +0100 |
commit | 4430f257b29f5f1d5771971616a0a5d68b8ae7e3 (patch) | |
tree | 9e876004fd6ff3d889eb26ebe2bb6eb973fbb752 /lib/ssl/test | |
parent | 5c0deeb960d5fd5f1a4034cc982f2ba7a5caf1cd (diff) | |
parent | f4352ae5dd94c1dfaf67d8636991cd0413a173f0 (diff) | |
download | otp-4430f257b29f5f1d5771971616a0a5d68b8ae7e3.tar.gz otp-4430f257b29f5f1d5771971616a0a5d68b8ae7e3.tar.bz2 otp-4430f257b29f5f1d5771971616a0a5d68b8ae7e3.zip |
Merge branch 'ia/ssl/passive-receive-during-renegotiation-bug/OTP-9744'
Diffstat (limited to 'lib/ssl/test')
-rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 64 | ||||
-rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 1 |
2 files changed, 49 insertions, 16 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index fc56ceb17e..228ec9e294 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -257,7 +257,8 @@ all() -> %%different_ca_peer_sign, no_reuses_session_server_restart_new_cert, no_reuses_session_server_restart_new_cert_file, reuseaddr, - hibernate, connect_twice, renegotiate_dos_mitigate, + hibernate, connect_twice, renegotiate_dos_mitigate_active, + renegotiate_dos_mitigate_passive, tcp_error_propagation_in_active_mode ]. @@ -1565,14 +1566,14 @@ eoptions(Config) when is_list(Config) -> {cacertfile, ""}, {dhfile,'dh.pem' }, {ciphers, [{foo, bar, sha, ignore}]}, - {reuse_session, foo}, - {reuse_sessions, 0}, + {reuse_session, foo}, + {reuse_sessions, 0}, {renegotiate_at, "10"}, - {debug, 1}, + {debug, 1}, {mode, depech}, - {packet, 8.0}, - {packet_size, "2"}, - {header, a}, + {packet, 8.0}, + {packet_size, "2"}, + {header, a}, {active, trice}, {key, 'key.pem' }], @@ -3692,25 +3693,57 @@ connect_twice(Config) when is_list(Config) -> ssl_test_lib:close(Client1). %%-------------------------------------------------------------------- -renegotiate_dos_mitigate(doc) -> +renegotiate_dos_mitigate_active(doc) -> ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row", "immediately after each other"]; -renegotiate_dos_mitigate(suite) -> +renegotiate_dos_mitigate_active(suite) -> []; -renegotiate_dos_mitigate(Config) when is_list(Config) -> - ServerOpts = ?config(server_opts, Config), - ClientOpts = ?config(client_opts, Config), +renegotiate_dos_mitigate_active(Config) when is_list(Config) -> + ServerOpts = ?config(server_opts, Config), + ClientOpts = ?config(client_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), - - Server = - ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, + + Server = + ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, {from, self()}, {mfa, {?MODULE, send_recv_result_active, []}}, {options, [ServerOpts]}]), Port = ssl_test_lib:inet_port(Server), + + Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {?MODULE, + renegotiate_immediately, []}}, + {options, ClientOpts}]), + + ssl_test_lib:check_result(Client, ok, Server, ok), + ssl_test_lib:close(Server), + ssl_test_lib:close(Client). + +%%-------------------------------------------------------------------- +renegotiate_dos_mitigate_passive(doc) -> + ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row", + "immediately after each other"]; + +renegotiate_dos_mitigate_passive(suite) -> + []; + +renegotiate_dos_mitigate_passive(Config) when is_list(Config) -> + ServerOpts = ?config(server_opts, Config), + ClientOpts = ?config(client_opts, Config), + + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + + Server = + ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, + {from, self()}, + {mfa, {?MODULE, send_recv_result, []}}, + {options, [{active, false} | ServerOpts]}]), + Port = ssl_test_lib:inet_port(Server), Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, {host, Hostname}, @@ -3723,6 +3756,7 @@ renegotiate_dos_mitigate(Config) when is_list(Config) -> ssl_test_lib:close(Server), ssl_test_lib:close(Client). +%%-------------------------------------------------------------------- tcp_error_propagation_in_active_mode(doc) -> ["Test that process recives {ssl_error, Socket, closed} when tcp error ocurres"]; tcp_error_propagation_in_active_mode(Config) when is_list(Config) -> diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index e0a16fc04a..fa8a1826f2 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -690,7 +690,6 @@ public_key(#'PrivateKeyInfo'{privateKeyAlgorithm = public_key:der_decode('DSAPrivateKey', iolist_to_binary(Key)); public_key(Key) -> Key. - receive_rizzo_duong_beast() -> receive {ssl, _, "ello\n"} -> |