OTP-8695 New ssl default

Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application.
author: Ingela Anderton Andin <[email protected]> 2010-06-11 08:21:23 +0000
committer: Erlang/OTP <[email protected]> 2010-06-11 08:21:23 +0000
commit: 4d0e43b5e252b979d50c17592c08ae68ece5fa07 (patch)
tree: 179408fb7b2eb80ae402a00443c5158c9c6d9428 /lib/ssl/test
parent: a346eb92eb7b5bedb36768c0a63b82547919bc0b (diff)
download: otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.tar.gz
otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.tar.bz2
otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.zip
15 files changed, 225 insertions, 105 deletions
diff --git a/lib/ssl/test/Makefile b/lib/ssl/test/Makefile
index d35cafc47b..9e4aecac45 100644
--- a/lib/ssl/test/Makefile
+++ b/lib/ssl/test/Makefile
@@ -59,12 +59,10 @@ ERL_FILES = $(MODULES:%=%.erl)
 HRL_FILES = ssl_test_MACHINE.hrl 
 
 HRL_FILES_SRC = \
-	ssl_pkix.hrl \
 	ssl_alert.hrl \
 	ssl_handshake.hrl
 
-HRL_FILES_INC = \
-	OTP-PKIX.hrl
+HRL_FILES_INC = 
 
 HRL_FILES_NEEDED_IN_TEST = \
 	$(HRL_FILES_SRC:%=../src/%) \
diff --git a/lib/ssl/test/old_ssl_active_SUITE.erl b/lib/ssl/test/old_ssl_active_SUITE.erl
index 010596f351..d1cec26827 100644
--- a/lib/ssl/test/old_ssl_active_SUITE.erl
+++ b/lib/ssl/test/old_ssl_active_SUITE.erl
@@ -87,6 +87,8 @@ config(Config) ->
     %% operating system, version of OTP, Erts, kernel and stdlib. 
 
     %% Check if SSL exists. If this case fails, all other cases are skipped
+    crypto:start(),
+    application:start(public_key),
     case ssl:start() of
 	ok -> ssl:stop();
 	{error, {already_started, _}} -> ssl:stop();
diff --git a/lib/ssl/test/old_ssl_active_once_SUITE.erl b/lib/ssl/test/old_ssl_active_once_SUITE.erl
index 6224b17aa7..63eaa730e9 100644
--- a/lib/ssl/test/old_ssl_active_once_SUITE.erl
+++ b/lib/ssl/test/old_ssl_active_once_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2002-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -79,6 +79,8 @@ config(Config) ->
     io:format("Config: ~p~n", [Config]),
 
     %% Check if SSL exists. If this case fails, all other cases are skipped
+    crypto:start(),
+    application:start(public_key),
     case ssl:start() of
 	ok -> ssl:stop();
 	{error, {already_started, _}} -> ssl:stop();
diff --git a/lib/ssl/test/old_ssl_dist_SUITE.erl b/lib/ssl/test/old_ssl_dist_SUITE.erl
index 56209c3530..97090c1409 100644
--- a/lib/ssl/test/old_ssl_dist_SUITE.erl
+++ b/lib/ssl/test/old_ssl_dist_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -254,7 +254,8 @@ mk_node_cmdline(ListenPort, Name, Args) ->
     Prog ++ " "
 	++ Static ++ " "
 	++ NameSw ++ " " ++ Name ++ " "
-	++ "-pa " ++ Pa ++ " "
+	++ "-pa " ++ Pa ++ " " 
+ 	++ "-run application start crypto -run application start public_key "
 	++ "-run " ++ atom_to_list(?MODULE) ++ " cnct2tstsrvr "
 	++ host_name() ++ " "
 	++ integer_to_list(ListenPort) ++ " "
@@ -524,23 +525,10 @@ add_ssl_opts_config(Config) ->
 	KrnlDir = filename:join([LibDir, "kernel-" ++ KRNL_VSN]),
 	{ok, _} = file:read_file_info(StdlDir),
 	{ok, _} = file:read_file_info(KrnlDir),
-	SSL_VSN = case lists:keysearch(ssl, 1, Apps) of
-		      {value, {ssl, _, VSN}} ->
-			  VSN;
-		      _ ->
-			  application:start(ssl),
-			  try
-			      {value,
-			       {ssl,
-				_,
-				VSN}} = lists:keysearch(ssl,
-							1,
-							application:which_applications()),
-			      VSN
-			  after
-			      application:stop(ssl)
-			  end
-		  end,
+	SSL_VSN = vsn(ssl),
+	VSN_CRYPTO = vsn(crypto),
+	VSN_PKEY = vsn(public_key),
+	
 	SslDir = filename:join([LibDir, "ssl-" ++ SSL_VSN]),
 	{ok, _} = file:read_file_info(SslDir),
 	%% We are using an installed otp system, create the boot script.
@@ -552,6 +540,8 @@ add_ssl_opts_config(Config) ->
 		  " {erts, \"~s\"},~n"
 		  " [{kernel, \"~s\"},~n"
 		  "  {stdlib, \"~s\"},~n"
+		  "  {crypto, \"~s\"},~n"
+		  "  {public_key, \"~s\"},~n"
 		  "  {ssl, \"~s\"}]}.~n",
 		  [case catch erlang:system_info(otp_release) of
 		       {'EXIT', _} -> "R11B";
@@ -560,6 +550,8 @@ add_ssl_opts_config(Config) ->
 		   erlang:system_info(version),
 		   KRNL_VSN,
 		   STDL_VSN,
+		   VSN_CRYPTO,
+		   VSN_PKEY,
 		   SSL_VSN]),
 	ok = file:close(RelFile),
 	ok = systools:make_script(Script, []),
@@ -593,3 +585,17 @@ success(Config) ->
 	{value, {comment, _} = Res} -> Res;
 	_ -> ok
     end.
+
+vsn(App) ->
+    application:start(App),
+    try
+	{value,
+	 {ssl,
+	  _,
+	  VSN}} = lists:keysearch(App,
+				  1,
+				  application:which_applications()),
+	VSN
+     after
+	 application:stop(ssl)
+     end.
diff --git a/lib/ssl/test/old_ssl_misc_SUITE.erl b/lib/ssl/test/old_ssl_misc_SUITE.erl
index 55d1b71025..2767123a12 100644
--- a/lib/ssl/test/old_ssl_misc_SUITE.erl
+++ b/lib/ssl/test/old_ssl_misc_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -61,6 +61,8 @@ config(Config) ->
     io:format("Config: ~p~n", [Config]),
 
     %% Check if SSL exists. If this case fails, all other cases are skipped
+    crypto:start(),
+    application:start(public_key),
     case ssl:start() of
 	ok -> ssl:stop();
 	{error, {already_started, _}} -> ssl:stop();
diff --git a/lib/ssl/test/old_ssl_passive_SUITE.erl b/lib/ssl/test/old_ssl_passive_SUITE.erl
index 4cb8c1f0cd..96a7938583 100644
--- a/lib/ssl/test/old_ssl_passive_SUITE.erl
+++ b/lib/ssl/test/old_ssl_passive_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -78,6 +78,8 @@ config(Config) ->
     io:format("Config: ~p~n", [Config]),
 
     %% Check if SSL exists. If this case fails, all other cases are skipped
+    crypto:start(),
+    application:start(public_key),
     case ssl:start() of
 	ok -> ssl:stop();
 	{error, {already_started, _}} -> ssl:stop();
diff --git a/lib/ssl/test/old_ssl_peer_cert_SUITE.erl b/lib/ssl/test/old_ssl_peer_cert_SUITE.erl
index f0b8db2607..e5b3975d41 100644
--- a/lib/ssl/test/old_ssl_peer_cert_SUITE.erl
+++ b/lib/ssl/test/old_ssl_peer_cert_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -62,6 +62,8 @@ config(Config) ->
     io:format("Config: ~p~n", [Config]),
 
     %% Check if SSL exists. If this case fails, all other cases are skipped
+    crypto:start(),
+    application:start(public_key),
     case ssl:start() of
 	ok -> ssl:stop();
 	{error, {already_started, _}} -> ssl:stop();
diff --git a/lib/ssl/test/old_ssl_protocol_SUITE.erl b/lib/ssl/test/old_ssl_protocol_SUITE.erl
index 7bde5d6749..efdbf45a3d 100644
--- a/lib/ssl/test/old_ssl_protocol_SUITE.erl
+++ b/lib/ssl/test/old_ssl_protocol_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2005-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -55,6 +55,8 @@ config(Config) ->
     io:format("Config: ~p~n", [Config]),
 
     %% Check if SSL exists. If this case fails, all other cases are skipped
+    crypto:start(),
+    application:start(public_key),
     case ssl:start() of
 	ok -> ssl:stop();
 	{error, {already_started, _}} -> ssl:stop();
diff --git a/lib/ssl/test/old_ssl_verify_SUITE.erl b/lib/ssl/test/old_ssl_verify_SUITE.erl
index 5db964526f..7a8cd1578a 100644
--- a/lib/ssl/test/old_ssl_verify_SUITE.erl
+++ b/lib/ssl/test/old_ssl_verify_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 1999-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -60,6 +60,8 @@ config(Config) ->
     io:format("Config: ~p~n", [Config]),
 
     %% Check if SSL exists. If this case fails, all other cases are skipped
+    crypto:start(),
+    application:start(public_key),
     case ssl:start() of
 	ok -> ssl:stop();
 	{error, {already_started, _}} -> ssl:stop();
diff --git a/lib/ssl/test/old_transport_accept_SUITE.erl b/lib/ssl/test/old_transport_accept_SUITE.erl
index 4bb09cee19..71c1d9e181 100644
--- a/lib/ssl/test/old_transport_accept_SUITE.erl
+++ b/lib/ssl/test/old_transport_accept_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -224,12 +224,9 @@ tolerant_server_loop(Client, LSock, Msg, N) ->
     tolerant_server_loop(Client, LSock, Msg, N-1).
 
 app() ->
-    case application:get_application(ssl) of
-	undefined ->
-	    application:start(ssl);
-	_ ->
-	    ok
-    end.
+    crypto:start(),
+    application:start(public_key),
+    ssl:start().
 
 start_node(Kind, Params) ->
     S = atom_to_list(?MODULE)++"_" ++ atom_to_list(Kind),
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 0d9a912e30..8a1b90ed98 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -50,18 +50,21 @@
 %% Note: This function is free to add any key/value pairs to the Config
 %% variable, but should NOT alter/remove any existing entries.
 %%--------------------------------------------------------------------
-init_per_suite(Config) ->
+init_per_suite(Config0) ->
+    Dog = ssl_test_lib:timetrap(?TIMEOUT *2),
     crypto:start(),
+    application:start(public_key),
     ssl:start(),
     
     %% make rsa certs using oppenssl
     Result = 
-	(catch make_certs:all(?config(data_dir, Config), 
-			      ?config(priv_dir, Config))),
+	(catch make_certs:all(?config(data_dir, Config0), 
+			      ?config(priv_dir, Config0))),
     test_server:format("Make certs  ~p~n", [Result]),
 
-    NewConfig = ssl_test_lib:make_dsa_cert(Config),
-    ssl_test_lib:cert_options(NewConfig).
+    Config1 = ssl_test_lib:make_dsa_cert(Config0),
+    Config = ssl_test_lib:cert_options(Config1),
+    [{watchdog, Dog} | Config].
 
 %%--------------------------------------------------------------------
 %% Function: end_per_suite(Config) -> _
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index a019e660e9..1b8754afe9 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -54,6 +54,7 @@
 %%--------------------------------------------------------------------
 init_per_suite(Config) ->
     crypto:start(),
+    application:start(public_key),
     ssl:start(),
     Result = 
 	(catch make_certs:all(?config(data_dir, Config), 
diff --git a/lib/ssl/test/ssl_payload_SUITE.erl b/lib/ssl/test/ssl_payload_SUITE.erl
index a0aa92bdf2..d80df0bfbd 100644
--- a/lib/ssl/test/ssl_payload_SUITE.erl
+++ b/lib/ssl/test/ssl_payload_SUITE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2008-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -38,6 +38,7 @@
 %%--------------------------------------------------------------------
 init_per_suite(Config) ->
     crypto:start(),
+    application:start(public_key),
     ssl:start(),
     make_certs:all(?config(data_dir, Config), ?config(priv_dir, Config)),
     ssl_test_lib:cert_options(Config).
diff --git a/lib/ssl/test/ssl_test_MACHINE.erl b/lib/ssl/test/ssl_test_MACHINE.erl
index e75f7079ed..e0ffa15d80 100644
--- a/lib/ssl/test/ssl_test_MACHINE.erl
+++ b/lib/ssl/test/ssl_test_MACHINE.erl
@@ -1,19 +1,19 @@
 %%
 %% %CopyrightBegin%
-%% 
-%% Copyright Ericsson AB 2003-2009. All Rights Reserved.
-%% 
+%%
+%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
 %% compliance with the License. You should have received a copy of the
 %% Erlang Public License along with this software. If not, it can be
 %% retrieved online at http://www.erlang.org/.
-%% 
+%%
 %% Software distributed under the License is distributed on an "AS IS"
 %% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 %% the License for the specific language governing rights and limitations
 %% under the License.
-%% 
+%%
 %% %CopyrightEnd%
 %%
 
@@ -60,10 +60,12 @@ many_conns_1() ->
 %% 
 mk_ssl_cert_opts(_Config) ->
     Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
-    COpts = [{cacertfile, filename:join([Dir, "client", "cacerts.pem"])}, 
+    COpts = [{ssl_imp, old},
+	     {cacertfile, filename:join([Dir, "client", "cacerts.pem"])}, 
 	     {certfile, filename:join([Dir, "client", "cert.pem"])}, 
 	     {keyfile, filename:join([Dir, "client", "key.pem"])}], 
-    SOpts = [{cacertfile, filename:join([Dir, "server", "cacerts.pem"])}, 
+    SOpts = [{ssl_imp, old},
+	     {cacertfile, filename:join([Dir, "server", "cacerts.pem"])}, 
 	     {certfile, filename:join([Dir, "server", "cert.pem"])}, 
 	     {keyfile, filename:join([Dir, "server", "key.pem"])}], 
     {ok, {COpts, SOpts}}.
@@ -225,11 +227,13 @@ start_ssl(Nodes, Config) ->
     ok.
 
 do_start(Env) ->
+    application:start(crypto),
+    application:start(public_key),
     application:load(ssl),
     lists:foreach(
       fun({Par, Val}) -> application:set_env(ssl, Par, Val) end, Env),
-    application:start(ssl),
-    application:start(crypto).
+    application:start(ssl).
+
     
 %%
 %% start_node(Name) -> {ok, Node}
@@ -542,7 +546,7 @@ get_active(St) ->
 listen(St, LPort) ->
     case St#st.protomod of
 	ssl ->
-	    ssl:listen(LPort, St#st.sockopts ++ St#st.sslopts);
+	    ssl:listen(LPort, [{ssl_imp, old} | St#st.sockopts ++ St#st.sslopts]);
 	gen_tcp ->
 	    gen_tcp:listen(LPort, St#st.sockopts)
     end.
@@ -584,7 +588,8 @@ connect(St, Host, Port) ->
     
     case St#st.protomod of
 	ssl ->
-	    case ssl:connect(Host, Port, St#st.sockopts ++ St#st.sslopts, 
+	    case ssl:connect(Host, Port, 
+			     [{ssl_imp, old} | St#st.sockopts ++ St#st.sslopts], 
 			     St#st.timeout) of
 		{ok, Sock} ->
 		    {ok, LPort} = ssl:sockname(Sock),
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 4981ac0424..d2a4ca8db5 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -25,8 +25,6 @@
 -compile(export_all).
 
 -include("test_server.hrl").
--include("test_server_line.hrl").
--include("ssl_pkix.hrl").
 
 -define(TIMEOUT, 120000).
 -define(SLEEP, 1000).
@@ -45,19 +43,22 @@
 %% Note: This function is free to add any key/value pairs to the Config
 %% variable, but should NOT alter/remove any existing entries.
 %%--------------------------------------------------------------------
-init_per_suite(Config) ->
+init_per_suite(Config0) ->
+    Dog = ssl_test_lib:timetrap(?TIMEOUT *2),
     case os:find_executable("openssl") of
 	false ->
 	    {skip, "Openssl not found"};
 	_ ->
 	    crypto:start(),
+	    application:start(public_key),
 	    ssl:start(),
 	    Result = 
-		(catch make_certs:all(?config(data_dir, Config), 
-				      ?config(priv_dir, Config))),
+		(catch make_certs:all(?config(data_dir, Config0), 
+				      ?config(priv_dir, Config0))),
 	    test_server:format("Make certs  ~p~n", [Result]),
-	    NewConfig = ssl_test_lib:make_dsa_cert(Config),
-	    ssl_test_lib:cert_options(NewConfig)
+	    Config1 = ssl_test_lib:make_dsa_cert(Config0),
+	    Config = ssl_test_lib:cert_options(Config1),
+	    [{watchdog, Dog} | Config]
     end.
 
 %%--------------------------------------------------------------------
@@ -143,9 +144,10 @@ all(doc) ->
 all(suite) -> 
     [erlang_client_openssl_server, 
      erlang_server_openssl_client,
-     %% Comment out when new crypto sign functions is available
-     %%erlang_client_openssl_server_dsa_cert,
-     %%erlang_server_openssl_client_dsa_cert,
+     tls1_erlang_client_openssl_server_dsa_cert,
+     tls1_erlang_server_openssl_client_dsa_cert,
+     ssl3_erlang_client_openssl_server_dsa_cert,
+     ssl3_erlang_server_openssl_client_dsa_cert,
      erlang_server_openssl_client_reuse_session,
      erlang_client_openssl_server_renegotiate,
      erlang_client_openssl_server_no_wrap_sequence_number,
@@ -252,11 +254,11 @@ erlang_server_openssl_client(Config) when is_list(Config) ->
 
 %%-------------------------------------------------------------------- 
 
-erlang_client_openssl_server_dsa_cert(doc) ->
+tls1_erlang_client_openssl_server_dsa_cert(doc) ->
     ["Test erlang server with openssl client"];
-erlang_client_openssl_server_dsa_cert(suite) ->
+tls1_erlang_client_openssl_server_dsa_cert(suite) ->
     [];
-erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
+tls1_erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ClientOpts = ?config(client_dsa_opts, Config),  
     ServerOpts = ?config(server_dsa_opts, Config),  
@@ -300,11 +302,11 @@ erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
 
 %%-------------------------------------------------------------------- 
 
-erlang_server_openssl_client_dsa_cert(doc) ->
+tls1_erlang_server_openssl_client_dsa_cert(doc) ->
     ["Test erlang server with openssl client"];
-erlang_server_openssl_client_dsa_cert(suite) ->
+tls1_erlang_server_openssl_client_dsa_cert(suite) ->
     [];
-erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
+tls1_erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ClientOpts = ?config(client_dsa_opts, Config),
     ServerOpts = ?config(server_dsa_opts, Config),  
@@ -338,6 +340,97 @@ erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
     close_port(OpenSslPort),
     process_flag(trap_exit, false),
     ok.
+
+%%-------------------------------------------------------------------- 
+
+ssl3_erlang_client_openssl_server_dsa_cert(doc) ->
+    ["Test erlang server with openssl client"];
+ssl3_erlang_client_openssl_server_dsa_cert(suite) ->
+    [];
+ssl3_erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    ClientOpts = ?config(client_dsa_opts, Config),  
+    ServerOpts = ?config(server_dsa_opts, Config),  
+
+    {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
+  
+    Data = "From openssl to erlang",
+
+    Port = ssl_test_lib:inet_port(node()),
+    CaCertFile =  proplists:get_value(cacertfile, ServerOpts),
+    CertFile = proplists:get_value(certfile, ServerOpts),
+    KeyFile = proplists:get_value(keyfile, ServerOpts),
+   
+    Cmd = "openssl s_server -accept " ++ integer_to_list(Port)  ++ 
+	" -cert " ++ CertFile ++ " -CAfile " ++ CaCertFile  
+	++ " -key " ++ KeyFile ++ " -Verify 2 -ssl3 -msg", 
+    
+    test_server:format("openssl cmd: ~p~n", [Cmd]),
+
+    OpensslPort =  open_port({spawn, Cmd}, [stderr_to_stdout]), 
+
+    wait_for_openssl_server(),
+
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+					{host, Hostname},
+					{from, self()}, 
+					{mfa, {?MODULE, 
+					       erlang_ssl_receive, [Data]}},
+					{options, ClientOpts}]),
+
+    port_command(OpensslPort, Data),
+    
+    ssl_test_lib:check_result(Client, ok), 
+   
+    %% Clean close down!   Server needs to be closed first !!
+    close_port(OpensslPort),
+
+    ssl_test_lib:close(Client),
+    process_flag(trap_exit, false),
+    ok.
+
+%%-------------------------------------------------------------------- 
+
+ssl3_erlang_server_openssl_client_dsa_cert(doc) ->
+    ["Test erlang server with openssl client"];
+ssl3_erlang_server_openssl_client_dsa_cert(suite) ->
+    [];
+ssl3_erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    ClientOpts = ?config(client_dsa_opts, Config),
+    ServerOpts = ?config(server_dsa_opts, Config),  
+
+    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    
+    Data = "From openssl to erlang",
+    CaCertFile =  proplists:get_value(cacertfile, ClientOpts),
+    CertFile = proplists:get_value(certfile, ClientOpts),
+    KeyFile = proplists:get_value(keyfile, ClientOpts),
+    
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+					{from, self()}, 
+			   {mfa, {?MODULE, erlang_ssl_receive, [Data]}},
+			   {options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+    
+    Cmd = "openssl s_client -port " ++ integer_to_list(Port)  ++ 
+	" -host localhost " ++	" -cert " ++ CertFile ++ " -CAfile " ++ CaCertFile  
+	++ " -key " ++ KeyFile ++ " -ssl3 -msg",
+
+    test_server:format("openssl cmd: ~p~n", [Cmd]),
+    
+    OpenSslPort =  open_port({spawn, Cmd}, [stderr_to_stdout]), 
+    port_command(OpenSslPort, Data),
+    
+    ssl_test_lib:check_result(Server, ok),
+    
+    ssl_test_lib:close(Server),
+
+    close_port(OpenSslPort),
+    process_flag(trap_exit, false),
+    ok.
+
+
 %%-------------------------------------------------------------------- 
 
 erlang_server_openssl_client_reuse_session(doc) ->
@@ -1314,7 +1407,9 @@ wait_for_openssl_server() ->
 	    
 check_sane_openssl_renegotaite(Config) ->
     case os:cmd("openssl version") of
-	"OpenSSL 0.9.8l" ++ _ ->
+	"OpenSSL 0.9.8" ++ _ ->
+	    {skip, "Known renegotiation bug in OppenSSL"};
+	"OpenSSL 0.9.7" ++ _ ->
 	    {skip, "Known renegotiation bug in OppenSSL"};
 	_ ->
 	    Config
author	Ingela Anderton Andin <[email protected]>	2010-06-11 08:21:23 +0000
committer	Erlang/OTP <[email protected]>	2010-06-11 08:21:23 +0000
commit	4d0e43b5e252b979d50c17592c08ae68ece5fa07 (patch)
tree	179408fb7b2eb80ae402a00443c5158c9c6d9428 /lib/ssl/test
parent	a346eb92eb7b5bedb36768c0a63b82547919bc0b (diff)
download	otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.tar.gz otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.tar.bz2 otp-4d0e43b5e252b979d50c17592c08ae68ece5fa07.zip