aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
diff options
context:
space:
mode:
authorRaimo Niskanen <[email protected]>2018-04-19 11:48:55 +0200
committerRaimo Niskanen <[email protected]>2018-04-19 15:01:13 +0200
commita819cb1633e0cf5f3916b1d660fb0c7f37d51981 (patch)
treec4b3d87774c30619d8989d38927ca07578ec14fe /lib/ssl/test
parent23f4279f49ce84c8d0e96a4d4a1478b2ee9ec190 (diff)
downloadotp-a819cb1633e0cf5f3916b1d660fb0c7f37d51981.tar.gz
otp-a819cb1633e0cf5f3916b1d660fb0c7f37d51981.tar.bz2
otp-a819cb1633e0cf5f3916b1d660fb0c7f37d51981.zip
Rewrite TLS dist to handle node names in certs
Diffstat (limited to 'lib/ssl/test')
-rw-r--r--lib/ssl/test/ssl_dist_bench_SUITE.erl45
1 files changed, 33 insertions, 12 deletions
diff --git a/lib/ssl/test/ssl_dist_bench_SUITE.erl b/lib/ssl/test/ssl_dist_bench_SUITE.erl
index 4d27564319..06150218ea 100644
--- a/lib/ssl/test/ssl_dist_bench_SUITE.erl
+++ b/lib/ssl/test/ssl_dist_bench_SUITE.erl
@@ -1,7 +1,7 @@
%%%-------------------------------------------------------------------
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2017. All Rights Reserved.
+%% Copyright Ericsson AB 2017-2018. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
@@ -95,14 +95,14 @@ init_per_suite(Config) ->
_ ->
PrivDir = proplists:get_value(priv_dir, Config),
%%
- [_, HostA] = string:split(atom_to_list(Node), "@"),
+ [_, HostA] = split_node(Node),
NodeAName = ?MODULE_STRING ++ "_node_a",
NodeAString = NodeAName ++ "@" ++ HostA,
NodeAConfFile = filename:join(PrivDir, NodeAString ++ ".conf"),
NodeA = list_to_atom(NodeAString),
%%
ServerNode = ssl_bench_test_lib:setup(dist_server),
- [_, HostB] = string:split(atom_to_list(ServerNode), "@"),
+ [_, HostB] = split_node(ServerNode),
NodeBName = ?MODULE_STRING ++ "_node_b",
NodeBString = NodeBName ++ "@" ++ HostB,
NodeBConfFile = filename:join(PrivDir, NodeBString ++ ".conf"),
@@ -116,16 +116,23 @@ init_per_suite(Config) ->
?MODULE_STRING ++ " ROOT CA", CertOptions),
SSLConf =
[{verify, verify_peer},
+ {fail_if_no_peer_cert, true},
{versions, [TLSVersion]},
{ciphers, [TLSCipher]}],
+ ServerConf =
+ [{verify_fun,
+ {fun inet_tls_dist:verify_client/3, undefined}}
+ | SSLConf],
+ ClientConf =
+ [{verify_fun,
+ {fun inet_tls_dist:verify_server/3, node}}
+ | SSLConf],
%%
write_node_conf(
- NodeAConfFile, NodeA,
- [{fail_if_no_peer_cert, true} | SSLConf], SSLConf,
+ NodeAConfFile, NodeA, ServerConf, ClientConf,
CertOptions, RootCert),
write_node_conf(
- NodeBConfFile, NodeB,
- [{fail_if_no_peer_cert, true} | SSLConf], SSLConf,
+ NodeBConfFile, NodeB, ServerConf, ClientConf,
CertOptions, RootCert),
%%
[{node_a_name, NodeAName},
@@ -179,8 +186,17 @@ write_node_conf(
[{extensions,
[#'Extension'{
extnID = ?'id-ce-subjectAltName',
- extnValue = [{dNSName, atom_to_list(Node)}],
- critical = false}]} | CertOptions]}),
+ %% extnValue = [{dNSName, atom_to_list(Node)}],
+ %% extnValue = [{rfc822Name, atom_to_list(Node)}],
+ extnValue =
+ [{directoryName,
+ {rdnSequence,
+ [[#'AttributeTypeAndValue'{
+ type = ?'id-at-commonName',
+ value =
+ {utf8String,
+ atom_to_binary(Node, utf8)}}]]}}],
+ critical = true}]} | CertOptions]}),
NodeConf =
[{server, ServerConf ++ Conf}, {client, ClientConf ++ Conf}],
{ok, Fd} = file:open(ConfFile, [write]),
@@ -188,6 +204,8 @@ write_node_conf(
io:format(Fd, "~p.~n", [NodeConf]),
ok = file:close(Fd).
+split_node(Node) ->
+ string:split(atom_to_list(Node), "@").
%%%-------------------------------------------------------------------
%%% Test cases
@@ -221,15 +239,18 @@ setup_loop(_A, _B, T, 0) ->
T;
setup_loop(A, B, T, N) ->
StartTime = start_time(),
- [A] = rpc:block_call(B, erlang, nodes, []),
+ [N,A] = [N|rpc:block_call(B, erlang, nodes, [])],
Time = elapsed_time(StartTime),
- [B] = erlang:nodes(),
+ [N,B] = [N|erlang:nodes()],
Mref = erlang:monitor(process, {rex,B}),
true = net_kernel:disconnect(B),
receive
{'DOWN',Mref,process,_,_} ->
[] = erlang:nodes(),
- setup_loop(A, B, Time + T, N - 1)
+ receive
+ after 500 ->
+ setup_loop(A, B, Time + T, N - 1)
+ end
end.