aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorAndrew Thompson <[email protected]>2014-02-08 00:58:11 -0500
committerHans Nilsson <[email protected]>2014-03-26 10:13:55 +0100
commit9756dcd97cd819c9b2d64c35dd36550f99600e92 (patch)
tree1f7a8f1eabe71993442963c4530e8c96579ccb06 /lib/ssl
parent8991663e33313233fed9cb7b0149baec1aa32b3f (diff)
downloadotp-9756dcd97cd819c9b2d64c35dd36550f99600e92.tar.gz
otp-9756dcd97cd819c9b2d64c35dd36550f99600e92.tar.bz2
otp-9756dcd97cd819c9b2d64c35dd36550f99600e92.zip
Rework IDP validation according to the RFC, fix public_key tests
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/test/make_certs.erl4
-rw-r--r--lib/ssl/test/ssl_crl_SUITE.erl31
2 files changed, 16 insertions, 19 deletions
diff --git a/lib/ssl/test/make_certs.erl b/lib/ssl/test/make_certs.erl
index 2b4eaaef53..c438ae2b87 100644
--- a/lib/ssl/test/make_certs.erl
+++ b/lib/ssl/test/make_certs.erl
@@ -410,7 +410,6 @@ ca_cnf(C) ->
"[idpsec]\n"
"fullname=URI:http://localhost:8000/",C#config.commonName,"/crl.pem\n"
- %"fullname=URI:file://$ROOTDIR/",C#config.commonName,"/crl.pem\n"
"[user_cert]\n"
"basicConstraints = CA:false\n"
@@ -422,7 +421,8 @@ ca_cnf(C) ->
"crlDistributionPoints=@crl_section\n"
"[crl_section]\n"
- "URI.1=file://$ROOTDIR/",C#config.commonName,"/crl.pem\n"
+ %% intentionally invalid
+ "URI.1=http://localhost/",C#config.commonName,"/crl.pem\n"
"URI.2=http://localhost:8000/",C#config.commonName,"/crl.pem\n"
"\n"
diff --git a/lib/ssl/test/ssl_crl_SUITE.erl b/lib/ssl/test/ssl_crl_SUITE.erl
index 8afd926ee6..7cf09aa419 100644
--- a/lib/ssl/test/ssl_crl_SUITE.erl
+++ b/lib/ssl/test/ssl_crl_SUITE.erl
@@ -69,6 +69,7 @@ init_per_suite(Config0) ->
false ->
{skip, "Openssl not found"};
_ ->
+ inets:start(),
catch crypto:stop(),
try crypto:start() of
ok ->
@@ -81,6 +82,7 @@ init_per_suite(Config0) ->
end_per_suite(_Config) ->
ssl:stop(),
+ inets:stop(),
application:stop(crypto).
init_per_group(v1_crl, Config) ->
@@ -91,7 +93,12 @@ init_per_group(v1_crl, Config) ->
CertDir,
[{v2_crls, false}])),
ct:log("Make certs ~p~n", [Result]),
- [{make_cert_result, Result}, {cert_dir, CertDir} | Config];
+ %% start a HTTP server to serve the CRLs
+ {ok, Httpd} = inets:start(httpd, [{port, 8000}, {server_name, "localhost"},
+ {server_root, "/tmp"},
+ {document_root, CertDir},
+ {modules, [mod_get]}]),
+ [{make_cert_result, Result}, {cert_dir, CertDir}, {httpd, Httpd} | Config];
init_per_group(idp_crl, Config) ->
ssl:start(),
CertDir = filename:join(?config(priv_dir, Config), "idp_crl"),
@@ -113,7 +120,12 @@ init_per_group(_GroupName, Config) ->
(catch make_certs:all(?config(data_dir, Config),
CertDir)),
ct:log("Make certs ~p~n", [Result]),
- [{make_cert_result, Result}, {cert_dir, CertDir} | Config].
+ %% start a HTTP server to serve the CRLs
+ {ok, Httpd} = inets:start(httpd, [{port, 8000}, {server_name, "localhost"},
+ {server_root, "/tmp"},
+ {document_root, CertDir},
+ {modules, [mod_get]}]),
+ [{make_cert_result, Result}, {cert_dir, CertDir}, {httpd, Httpd} | Config].
end_per_group(_GroupName, Config) ->
case ?config(httpd, Config) of
@@ -185,8 +197,6 @@ crl_verify_revoked(Config) when is_list(Config) ->
{cacertfile, filename:join([PrivDir, "revoked", "cacerts.pem"])}],
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-
- Data = "From openssl to erlang",
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -462,19 +472,6 @@ fetch_point(#'DistributionPoint'{distributionPoint={fullName, Names}}) ->
%%
fetch([]) ->
not_available;
-fetch([{uniformResourceIdentifier, "file://"++File}|Rest]) ->
- io:format("getting CRL from ~p~n", [File]),
- try file:read_file(File) of
- {ok, Bin} ->
- %% assume PEM
- [{'CertificateList', DER, _}=CertList] = public_key:pem_decode(Bin),
- {DER, public_key:pem_entry_decode(CertList)};
- _ ->
- fetch(Rest)
- catch
- _:_ ->
- fetch(Rest)
- end;
fetch([{uniformResourceIdentifier, "http"++_=URL}|Rest]) ->
io:format("getting CRL from ~p~n", [URL]),
_ = inets:start(),