diff options
| author | Ingela Anderton Andin <[email protected]> | 2015-03-05 09:15:24 +0100 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2015-03-05 09:15:24 +0100 |
| commit | 549785976441514377e1da14c5c1e7fb289456e0 (patch) | |
| tree | 70e09cf100cd86020a77f32b4d5d99fe680927a6 /lib/ssl/test | |
| parent | 71b52f31772210a7160317966ca46e36140b935a (diff) | |
| parent | ed540bd0e457fd43a5b3eaf41f9886cb63a2755a (diff) | |
| download | otp-549785976441514377e1da14c5c1e7fb289456e0.tar.gz otp-549785976441514377e1da14c5c1e7fb289456e0.tar.bz2 otp-549785976441514377e1da14c5c1e7fb289456e0.zip | |
Merge branch 'ia/ssl/TLS_FALLBACK_SCSV/OTP-12458' into maint
* ia/ssl/TLS_FALLBACK_SCSV/OTP-12458:
ssl: Implement support for TLS_FALLBACK_SCSV
Diffstat (limited to 'lib/ssl/test')
| -rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index 2d4d2452e3..df9432a43b 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -90,7 +90,8 @@ basic_tests() -> version_option, connect_twice, connect_dist, - clear_pem_cache + clear_pem_cache, + fallback ]. options_tests() -> @@ -281,6 +282,14 @@ init_per_testcase(empty_protocol_versions, Config) -> ssl:start(), Config; +init_per_testcase(fallback, Config) -> + case tls_record:highest_protocol_version([]) of + {3, N} when N > 1 -> + Config; + _ -> + {skip, "Not relevant if highest supported version is less than 3.2"} + end; + %% init_per_testcase(different_ca_peer_sign, Config0) -> %% ssl_test_lib:make_mix_cert(Config0); @@ -643,6 +652,34 @@ clear_pem_cache(Config) when is_list(Config) -> 0 = ets:info(FilRefDb, size). %%-------------------------------------------------------------------- + +fallback() -> + [{doc, "Test TLS_FALLBACK_SCSV downgrade prevention"}]. + +fallback(Config) when is_list(Config) -> + ClientOpts = ?config(client_opts, Config), + ServerOpts = ?config(server_opts, Config), + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + + Server = + ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, + {from, self()}, + {options, ServerOpts}]), + + Port = ssl_test_lib:inet_port(Server), + + Client = + ssl_test_lib:start_client_error([{node, ClientNode}, + {port, Port}, {host, Hostname}, + {from, self()}, {options, + [{fallback, true}, + {versions, ['tlsv1']} + | ClientOpts]}]), + + ssl_test_lib:check_result(Server, {error,{tls_alert,"inappropriate fallback"}}, + Client, {error,{tls_alert,"inappropriate fallback"}}). + +%%-------------------------------------------------------------------- peername() -> [{doc,"Test API function peername/1"}]. |