diff options
author | Rory Byrne <[email protected]> | 2010-03-31 20:10:18 +0100 |
---|---|---|
committer | Rory Byrne <[email protected]> | 2010-04-05 14:04:21 +0100 |
commit | c75443977b2957c8f0d35b0765c5a8b8859315f2 (patch) | |
tree | a6453f5ac0b3b481b1622b04cb98b6bff3263eba /lib/ssl | |
parent | 3fe4b0e254ef9d76aeb2029eb134056e9cc2234f (diff) | |
download | otp-c75443977b2957c8f0d35b0765c5a8b8859315f2.tar.gz otp-c75443977b2957c8f0d35b0765c5a8b8859315f2.tar.bz2 otp-c75443977b2957c8f0d35b0765c5a8b8859315f2.zip |
Fix mishandling of valid ssl options
Using certain valid options in the new ssl implementation results
in badarg exceptions. This happens for one documented option
'fail_if_no_peer_cert' and two undocumented options
'verify_client_once' and 'cb_info'.
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/src/ssl.erl | 3 | ||||
-rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 55 |
2 files changed, 56 insertions, 2 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 87a0939897..965e40a109 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -560,10 +560,11 @@ handle_options(Opts0, Role) -> CbInfo = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed}), SslOptions = [versions, verify, verify_fun, + fail_if_no_peer_cert, verify_client_once, depth, certfile, keyfile, key, password, cacertfile, dhfile, ciphers, debug, reuse_session, reuse_sessions, ssl_imp, - cd_info, renegotiate_at], + cb_info, renegotiate_at], SockOpts = lists:foldl(fun(Key, PropList) -> proplists:delete(Key, PropList) diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index 8dc987e3ff..41624cf087 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -151,7 +151,7 @@ all(doc) -> all(suite) -> [app, connection_info, controlling_process, controller_dies, peercert, connect_dist, - peername, sockname, socket_options, versions, cipher_suites, + peername, sockname, socket_options, valid_ssl_options, versions, cipher_suites, upgrade, upgrade_with_timeout, tcp_connect, ipv6, ekeyfile, ecertfile, ecacertfile, eoptions, shutdown, shutdown_write, shutdown_both, shutdown_error, ciphers, @@ -605,6 +605,59 @@ socket_options_result(Socket, Options, DefaultValues, NewOptions, NewValues) -> ok. %%-------------------------------------------------------------------- +valid_ssl_options(doc) -> + ["Test what happens when we give valid options"]; + +valid_ssl_options(suite) -> + []; + +valid_ssl_options(Config) when is_list(Config) -> + ClientOpts = [{reuseaddr, true} | ?config(client_opts, Config)], + ServerOpts = [{reuseaddr, true} | ?config(server_opts, Config)], + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + Port = ssl_test_lib:inet_port(ServerNode), + + StartOk = + fun(Peer, Pid, TestOpt) -> + receive + {Pid, ok} when Peer =:= server -> + ok; + {Pid, {ok, _}} when Peer =:= client -> + ok; + {Pid, Error} -> + test_server:fail({Peer, + {option_being_tested, TestOpt}, + {got, Error}}) + end + end, + + %% The following contains both documented and undocumented options as + %% listed in ssl:handle_options/2. It excludes file options which are + %% tested elsewhere (cacertfile, certfile, keyfile). + TestOpts = [{versions, []}, {verify, verify_none}, {verify_fun, fun(_) -> false end}, + {fail_if_no_peer_cert, false}, {verify_client_once, false}, + {depth, 1}, {key, undefined}, {password, "secret"}, {ciphers, []}, + {reuse_sessions, true}, {reuse_session, fun(_,_,_,_) -> true end}, + {renegotiate_at, 1000000000}, {debug, []}, + {cb_info, {gen_tcp, tcp, tcp_closed}}], + [begin + Server = + ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, + {from, self()}, + {options, [TestOpt | ServerOpts]}]), + Client = + ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port}, + {host, Hostname}, {from, self()}, + {options, [TestOpt | ClientOpts]}]), + StartOk(server, Server, TestOpt), + StartOk(client, Client, TestOpt), + ssl_test_lib:close(Server), + ssl_test_lib:close(Client), + ok + end || TestOpt <- TestOpts], + ok. + +%%-------------------------------------------------------------------- versions(doc) -> ["Test API function versions/0"]; |