aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2019-06-13 11:00:14 +0200
committerPéter Dimitrov <[email protected]>2019-06-13 11:02:58 +0200
commita249d001ee8544a3a89fb788b0721edf5655e22b (patch)
tree71ecf2e7e166d1c317184667277984f5a9294bae /lib/ssl/test
parent7a07d24ff09c69c90f8bfa8ca69a0fe433245185 (diff)
downloadotp-a249d001ee8544a3a89fb788b0721edf5655e22b.tar.gz
otp-a249d001ee8544a3a89fb788b0721edf5655e22b.tar.bz2
otp-a249d001ee8544a3a89fb788b0721edf5655e22b.zip
ssl: Test ECDSA certificates in TLS 1.3
Diffstat (limited to 'lib/ssl/test')
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl136
1 files changed, 135 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index ce4479020e..80af44b032 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -276,7 +276,12 @@ tls13_test_group() ->
tls13_ssl_server_with_alpn_ssl_client,
tls13_ssl_server_with_alpn_ssl_client_empty_alpn,
tls13_ssl_server_with_alpn_ssl_client_bad_alpn,
- tls13_ssl_server_with_alpn_ssl_client_alpn].
+ tls13_ssl_server_with_alpn_ssl_client_alpn,
+ tls13_ecdsa_ssl_server_openssl_client,
+ tls13_ecdsa_ssl_server_ssl_client,
+ tls13_ecdsa_openssl_server_ssl_client,
+ tls13_ecdsa_client_auth_ssl_server_ssl_client
+ ].
%%--------------------------------------------------------------------
init_per_suite(Config0) ->
@@ -6239,6 +6244,135 @@ tls13_ssl_server_with_alpn_ssl_client_alpn(Config) ->
ssl_test_lib:close_port(Client).
+tls13_ecdsa_ssl_server_openssl_client() ->
+ [{doc,"Test TLS 1.3 basic connection between ssl server and openssl s_client using ECDSA certificates"}].
+
+tls13_ecdsa_ssl_server_openssl_client(Config) ->
+ ClientOpts = ssl_test_lib:ssl_options(client_ecdsa_opts, Config),
+ ServerOpts0 = ssl_test_lib:ssl_options(server_ecdsa_opts, Config),
+ %% Set versions
+ ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ServerOpts0],
+ {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {ssl_test_lib, send_recv_result_active, []}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+
+ Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
+
+ ssl_test_lib:check_result(Server, ok),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close_port(Client).
+
+tls13_ecdsa_ssl_server_ssl_client() ->
+ [{doc,"Test TLS 1.3 basic connection between ssl server and ssl client using ECDSA certificates"}].
+
+tls13_ecdsa_ssl_server_ssl_client(Config) ->
+ ClientOpts0 = ssl_test_lib:ssl_options(client_ecdsa_opts, Config),
+ ServerOpts0 = ssl_test_lib:ssl_options(server_ecdsa_opts, Config),
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ %% Set versions
+ ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ServerOpts0],
+ ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {ssl_test_lib, send_recv_result_active, []}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {ssl_test_lib, send_recv_result_active, []}},
+ {options, ClientOpts}]),
+
+ ssl_test_lib:check_result(Server, ok, Client, ok),
+
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close_port(Client).
+
+
+tls13_ecdsa_openssl_server_ssl_client() ->
+ [{doc,"Test TLS 1.3 basic connection between openssl server and ssl client using ECDSA certificates"}].
+
+tls13_ecdsa_openssl_server_ssl_client(Config) ->
+ process_flag(trap_exit, true),
+ ServerOpts = ssl_test_lib:ssl_options(server_ecdsa_verify_opts, Config),
+ ClientOpts0 = ssl_test_lib:ssl_options(client_ecdsa_opts, Config),
+
+ ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
+
+ {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
+
+ Data = "From openssl to erlang",
+
+ Port = ssl_test_lib:inet_port(node()),
+ CertFile = proplists:get_value(certfile, ServerOpts),
+ CaCertFile = proplists:get_value(cacertfile, ServerOpts),
+ KeyFile = proplists:get_value(keyfile, ServerOpts),
+ Exe = "openssl",
+ Args = ["s_server", "-accept", integer_to_list(Port),
+ "-tls1_3",
+ "-cert", CertFile, "-CAfile", CaCertFile,
+ "-key", KeyFile, "-Verify", "2"],
+
+ OpensslPort = ssl_test_lib:portable_open_port(Exe, Args),
+
+ ssl_test_lib:wait_for_openssl_server(Port, tls),
+
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE,
+ erlang_ssl_receive, [Data]}},
+ {options, ClientOpts}]),
+ true = port_command(OpensslPort, Data),
+
+ ssl_test_lib:check_result(Client, ok),
+
+ %% Clean close down! Server needs to be closed first !!
+ ssl_test_lib:close_port(OpensslPort),
+ ssl_test_lib:close(Client),
+ process_flag(trap_exit, false).
+
+
+tls13_ecdsa_client_auth_ssl_server_ssl_client() ->
+ [{doc,"TLS 1.3: Test client authentication with ECDSA certificates."}].
+
+tls13_ecdsa_client_auth_ssl_server_ssl_client(Config) ->
+ ClientOpts0 = ssl_test_lib:ssl_options(client_ecdsa_opts, Config),
+ ServerOpts0 = ssl_test_lib:ssl_options(server_ecdsa_opts, Config),
+
+ %% Set versions
+ ServerOpts = [{versions, ['tlsv1.2','tlsv1.3']},
+ {verify, verify_peer},
+ {fail_if_no_peer_cert, true}|ServerOpts0],
+ ClientOpts = [{versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {ssl_test_lib, send_recv_result_active, []}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+
+ %%Client = ssl_test_lib:start_basic_client(openssl, 'tlsv1.3', Port, ClientOpts),
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {ssl_test_lib, send_recv_result_active, []}},
+ {options, ClientOpts}]),
+
+ ssl_test_lib:check_result(Server, ok, Client, ok),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close_port(Client).
+
+
+
%%--------------------------------------------------------------------
%% Internal functions ------------------------------------------------
%%--------------------------------------------------------------------