fix srp_anon ciphers suites requiring certificates to work.

This problem was not caught by the test suites since all PSK and SRP suites where always tested with certificates. Split those tests into test with and without certificates.
author: Andreas Schultz <[email protected]> 2013-04-12 10:42:31 +0200
committer: Andreas Schultz <[email protected]> 2013-04-12 10:42:31 +0200
commit: 69833e8f64e900eece91f5430c2462dd584fff31 (patch)
tree: d73df7e81019f8ebad9192b6687c665f16be0956 /lib
parent: e09920ed1da9ebf3efa814d8f5039140109beab3 (diff)
download: otp-69833e8f64e900eece91f5430c2462dd584fff31.tar.gz
otp-69833e8f64e900eece91f5430c2462dd584fff31.tar.bz2
otp-69833e8f64e900eece91f5430c2462dd584fff31.zip
3 files changed, 57 insertions, 10 deletions
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 1843377582..fa64915fd0 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1547,7 +1547,7 @@ server_hello_done(#state{transport_cb = Transport,
 		tls_handshake_history = Handshake}.
 
 certify_server(#state{key_algorithm = Algo} = State)
-  when Algo == dh_anon; Algo == psk; Algo == dhe_psk ->
+  when Algo == dh_anon; Algo == psk; Algo == dhe_psk; Algo == srp_anon ->
     State;
 
 certify_server(#state{transport_cb = Transport,
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 5cedde5d27..10bbd4d88b 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -156,7 +156,10 @@ cipher_tests() ->
      anonymous_cipher_suites,
      psk_cipher_suites,
      psk_with_hint_cipher_suites,
+     psk_anon_cipher_suites,
+     psk_anon_with_hint_cipher_suites,
      srp_cipher_suites,
+     srp_anon_cipher_suites,
      srp_dsa_cipher_suites,
      default_reject_anonymous].
 
@@ -1594,6 +1597,20 @@ psk_with_hint_cipher_suites(Config) when is_list(Config) ->
     Ciphers = ssl_test_lib:psk_suites(),
     run_suites(Ciphers, Version, Config, psk_with_hint).
 %%-------------------------------------------------------------------
+psk_anon_cipher_suites() ->
+    [{doc, "Test the anonymous PSK ciphersuites WITHOUT server supplied identity hint"}].
+psk_anon_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:psk_anon_suites(),
+    run_suites(Ciphers, Version, Config, psk_anon).
+%%-------------------------------------------------------------------
+psk_anon_with_hint_cipher_suites()->
+    [{doc, "Test the anonymous PSK ciphersuites WITH server supplied identity hint"}].
+psk_anon_with_hint_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:psk_anon_suites(),
+    run_suites(Ciphers, Version, Config, psk_anon_with_hint).
+%%-------------------------------------------------------------------
 srp_cipher_suites()->
     [{doc, "Test the SRP ciphersuites"}].
 srp_cipher_suites(Config) when is_list(Config) ->
@@ -1601,6 +1618,13 @@ srp_cipher_suites(Config) when is_list(Config) ->
     Ciphers = ssl_test_lib:srp_suites(),
     run_suites(Ciphers, Version, Config, srp).
 %%-------------------------------------------------------------------
+srp_anon_cipher_suites()->
+    [{doc, "Test the anonymous SRP ciphersuites"}].
+srp_anon_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:srp_anon_suites(),
+    run_suites(Ciphers, Version, Config, srp_anon).
+%%-------------------------------------------------------------------
 srp_dsa_cipher_suites()->
     [{doc, "Test the SRP DSA ciphersuites"}].
 srp_dsa_cipher_suites(Config) when is_list(Config) ->
@@ -3151,9 +3175,18 @@ run_suites(Ciphers, Version, Config, Type) ->
 	    psk_with_hint ->
 		{?config(client_psk, Config),
 		 ?config(server_psk_hint, Config)};
+	    psk_anon ->
+		{?config(client_psk, Config),
+		 ?config(server_psk_anon, Config)};
+	    psk_anon_with_hint ->
+		{?config(client_psk, Config),
+		 ?config(server_psk_anon_hint, Config)};
 	    srp ->
 		{?config(client_srp, Config),
 		 ?config(server_srp, Config)};
+	    srp_anon ->
+		{?config(client_srp, Config),
+		 ?config(server_srp_anon, Config)};
 	    srp_dsa ->
 		{?config(client_srp_dsa, Config),
 		 ?config(server_srp_dsa, Config)}
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index d655d7659e..e4fedcd118 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -339,12 +339,22 @@ cert_options(Config) ->
 			{psk_identity, "HINT"},
 			{user_lookup_fun, {fun user_lookup/3, PskSharedSecret}},
 			{ciphers, psk_suites()}]},
+     {server_psk_anon, [{ssl_imp, new},{reuseaddr, true},
+			{user_lookup_fun, {fun user_lookup/3, PskSharedSecret}},
+			{ciphers, psk_anon_suites()}]},
+     {server_psk_anon_hint, [{ssl_imp, new},{reuseaddr, true},
+			     {psk_identity, "HINT"},
+			     {user_lookup_fun, {fun user_lookup/3, PskSharedSecret}},
+			     {ciphers, psk_anon_suites()}]},
      {client_srp, [{ssl_imp, new},{reuseaddr, true},
 		   {srp_identity, {"Test-User", "secret"}}]},
      {server_srp, [{ssl_imp, new},{reuseaddr, true},
 		   {certfile, ServerCertFile}, {keyfile, ServerKeyFile},
 		   {user_lookup_fun, {fun user_lookup/3, undefined}},
 		   {ciphers, srp_suites()}]},
+     {server_srp_anon, [{ssl_imp, new},{reuseaddr, true},
+			{user_lookup_fun, {fun user_lookup/3, undefined}},
+			{ciphers, srp_anon_suites()}]},
      {server_verification_opts, [{ssl_imp, new},{reuseaddr, true}, 
 		    {cacertfile, ServerCaCertFile},
 		    {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
@@ -711,6 +721,12 @@ anonymous_suites() ->
      {dh_anon, aes_256_cbc, sha}].
 
 psk_suites() ->
+    [{rsa_psk, rc4_128, sha},
+     {rsa_psk, '3des_ede_cbc', sha},
+     {rsa_psk, aes_128_cbc, sha},
+     {rsa_psk, aes_256_cbc, sha}].
+
+psk_anon_suites() ->
     [{psk, rc4_128, sha},
      {psk, '3des_ede_cbc', sha},
      {psk, aes_128_cbc, sha},
@@ -718,20 +734,18 @@ psk_suites() ->
      {dhe_psk, rc4_128, sha},
      {dhe_psk, '3des_ede_cbc', sha},
      {dhe_psk, aes_128_cbc, sha},
-     {dhe_psk, aes_256_cbc, sha},
-     {rsa_psk, rc4_128, sha},
-     {rsa_psk, '3des_ede_cbc', sha},
-     {rsa_psk, aes_128_cbc, sha},
-     {rsa_psk, aes_256_cbc, sha}].
+     {dhe_psk, aes_256_cbc, sha}].
 
 srp_suites() ->
-    [{srp_anon, '3des_ede_cbc', sha},
-     {srp_rsa, '3des_ede_cbc', sha},
-     {srp_anon, aes_128_cbc, sha},
+    [{srp_rsa, '3des_ede_cbc', sha},
      {srp_rsa, aes_128_cbc, sha},
-     {srp_anon, aes_256_cbc, sha},
      {srp_rsa, aes_256_cbc, sha}].
 
+srp_anon_suites() ->
+    [{srp_anon, '3des_ede_cbc', sha},
+     {srp_anon, aes_128_cbc, sha},
+     {srp_anon, aes_256_cbc, sha}].
+
 srp_dss_suites() ->
     [{srp_dss, '3des_ede_cbc', sha},
      {srp_dss, aes_128_cbc, sha},
author	Andreas Schultz <[email protected]>	2013-04-12 10:42:31 +0200
committer	Andreas Schultz <[email protected]>	2013-04-12 10:42:31 +0200
commit	69833e8f64e900eece91f5430c2462dd584fff31 (patch)
tree	d73df7e81019f8ebad9192b6687c665f16be0956 /lib
parent	e09920ed1da9ebf3efa814d8f5039140109beab3 (diff)
download	otp-69833e8f64e900eece91f5430c2462dd584fff31.tar.gz otp-69833e8f64e900eece91f5430c2462dd584fff31.tar.bz2 otp-69833e8f64e900eece91f5430c2462dd584fff31.zip