aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2011-11-28 14:03:54 +0100
committerIngela Anderton Andin <[email protected]>2011-11-28 14:03:54 +0100
commit4430f257b29f5f1d5771971616a0a5d68b8ae7e3 (patch)
tree9e876004fd6ff3d889eb26ebe2bb6eb973fbb752 /lib/ssl/test
parent5c0deeb960d5fd5f1a4034cc982f2ba7a5caf1cd (diff)
parentf4352ae5dd94c1dfaf67d8636991cd0413a173f0 (diff)
downloadotp-4430f257b29f5f1d5771971616a0a5d68b8ae7e3.tar.gz
otp-4430f257b29f5f1d5771971616a0a5d68b8ae7e3.tar.bz2
otp-4430f257b29f5f1d5771971616a0a5d68b8ae7e3.zip
Merge branch 'ia/ssl/passive-receive-during-renegotiation-bug/OTP-9744'
Diffstat (limited to 'lib/ssl/test')
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl64
-rw-r--r--lib/ssl/test/ssl_test_lib.erl1
2 files changed, 49 insertions, 16 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index fc56ceb17e..228ec9e294 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -257,7 +257,8 @@ all() ->
%%different_ca_peer_sign,
no_reuses_session_server_restart_new_cert,
no_reuses_session_server_restart_new_cert_file, reuseaddr,
- hibernate, connect_twice, renegotiate_dos_mitigate,
+ hibernate, connect_twice, renegotiate_dos_mitigate_active,
+ renegotiate_dos_mitigate_passive,
tcp_error_propagation_in_active_mode
].
@@ -1565,14 +1566,14 @@ eoptions(Config) when is_list(Config) ->
{cacertfile, ""},
{dhfile,'dh.pem' },
{ciphers, [{foo, bar, sha, ignore}]},
- {reuse_session, foo},
- {reuse_sessions, 0},
+ {reuse_session, foo},
+ {reuse_sessions, 0},
{renegotiate_at, "10"},
- {debug, 1},
+ {debug, 1},
{mode, depech},
- {packet, 8.0},
- {packet_size, "2"},
- {header, a},
+ {packet, 8.0},
+ {packet_size, "2"},
+ {header, a},
{active, trice},
{key, 'key.pem' }],
@@ -3692,25 +3693,57 @@ connect_twice(Config) when is_list(Config) ->
ssl_test_lib:close(Client1).
%%--------------------------------------------------------------------
-renegotiate_dos_mitigate(doc) ->
+renegotiate_dos_mitigate_active(doc) ->
["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
"immediately after each other"];
-renegotiate_dos_mitigate(suite) ->
+renegotiate_dos_mitigate_active(suite) ->
[];
-renegotiate_dos_mitigate(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+renegotiate_dos_mitigate_active(Config) when is_list(Config) ->
+ ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ?config(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-
- Server =
- ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+
+ Server =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
{mfa, {?MODULE, send_recv_result_active, []}},
{options, [ServerOpts]}]),
Port = ssl_test_lib:inet_port(Server),
+
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE,
+ renegotiate_immediately, []}},
+ {options, ClientOpts}]),
+
+ ssl_test_lib:check_result(Client, ok, Server, ok),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+renegotiate_dos_mitigate_passive(doc) ->
+ ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
+ "immediately after each other"];
+
+renegotiate_dos_mitigate_passive(suite) ->
+ [];
+
+renegotiate_dos_mitigate_passive(Config) when is_list(Config) ->
+ ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ?config(client_opts, Config),
+
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result, []}},
+ {options, [{active, false} | ServerOpts]}]),
+ Port = ssl_test_lib:inet_port(Server),
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
@@ -3723,6 +3756,7 @@ renegotiate_dos_mitigate(Config) when is_list(Config) ->
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
+%%--------------------------------------------------------------------
tcp_error_propagation_in_active_mode(doc) ->
["Test that process recives {ssl_error, Socket, closed} when tcp error ocurres"];
tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index e0a16fc04a..fa8a1826f2 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -690,7 +690,6 @@ public_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
public_key:der_decode('DSAPrivateKey', iolist_to_binary(Key));
public_key(Key) ->
Key.
-
receive_rizzo_duong_beast() ->
receive
{ssl, _, "ello\n"} ->