aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_basic_SUITE.erl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/test/ssl_basic_SUITE.erl')
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl199
1 files changed, 155 insertions, 44 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 8dc987e3ff..68970b6693 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -151,16 +151,17 @@ all(doc) ->
all(suite) ->
[app, connection_info, controlling_process, controller_dies,
peercert, connect_dist,
- peername, sockname, socket_options, versions, cipher_suites,
+ peername, sockname, socket_options, valid_ssl_options, versions, cipher_suites,
upgrade, upgrade_with_timeout, tcp_connect,
ipv6, ekeyfile, ecertfile, ecacertfile, eoptions, shutdown,
shutdown_write, shutdown_both, shutdown_error, ciphers,
- send_close, dh_params,
+ send_close, close_transport_accept, dh_params,
server_verify_peer_passive,
server_verify_peer_active, server_verify_peer_active_once,
server_verify_none_passive, server_verify_none_active,
- server_verify_none_active_once,
- server_verify_no_cacerts, client_verify_none_passive,
+ server_verify_none_active_once, server_verify_no_cacerts,
+ server_require_peer_cert_ok, server_require_peer_cert_fail,
+ client_verify_none_passive,
client_verify_none_active, client_verify_none_active_once
%%, session_cache_process_list, session_cache_process_mnesia
,reuse_session, reuse_session_expired, server_does_not_want_to_reuse_session,
@@ -605,6 +606,59 @@ socket_options_result(Socket, Options, DefaultValues, NewOptions, NewValues) ->
ok.
%%--------------------------------------------------------------------
+valid_ssl_options(doc) ->
+ ["Test what happens when we give valid options"];
+
+valid_ssl_options(suite) ->
+ [];
+
+valid_ssl_options(Config) when is_list(Config) ->
+ ClientOpts = [{reuseaddr, true} | ?config(client_opts, Config)],
+ ServerOpts = [{reuseaddr, true} | ?config(server_opts, Config)],
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+ Port = ssl_test_lib:inet_port(ServerNode),
+
+ StartOk =
+ fun(Peer, Pid, TestOpt) ->
+ receive
+ {Pid, ok} when Peer =:= server ->
+ ok;
+ {Pid, {ok, _}} when Peer =:= client ->
+ ok;
+ {Pid, Error} ->
+ test_server:fail({Peer,
+ {option_being_tested, TestOpt},
+ {got, Error}})
+ end
+ end,
+
+ %% The following contains both documented and undocumented options as
+ %% listed in ssl:handle_options/2. It excludes file options which are
+ %% tested elsewhere (cacertfile, certfile, keyfile).
+ TestOpts = [{versions, []}, {verify, verify_none}, {verify_fun, fun(_) -> false end},
+ {fail_if_no_peer_cert, false}, {verify_client_once, false},
+ {depth, 1}, {key, undefined}, {password, "secret"}, {ciphers, []},
+ {reuse_sessions, true}, {reuse_session, fun(_,_,_,_) -> true end},
+ {renegotiate_at, 1000000000}, {debug, []},
+ {cb_info, {gen_tcp, tcp, tcp_closed}}],
+ [begin
+ Server =
+ ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
+ {from, self()},
+ {options, [TestOpt | ServerOpts]}]),
+ Client =
+ ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
+ {host, Hostname}, {from, self()},
+ {options, [TestOpt | ClientOpts]}]),
+ StartOk(server, Server, TestOpt),
+ StartOk(client, Client, TestOpt),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client),
+ ok
+ end || TestOpt <- TestOpts],
+ ok.
+
+%%--------------------------------------------------------------------
versions(doc) ->
["Test API function versions/0"];
@@ -675,6 +729,32 @@ send_close(Config) when is_list(Config) ->
gen_tcp:close(TcpS),
{error, _} = ssl:send(SslS, "Hello world"),
ssl_test_lib:close(Server).
+
+%%--------------------------------------------------------------------
+close_transport_accept(doc) ->
+ ["Tests closing ssl socket when waiting on ssl:transport_accept/1"];
+
+close_transport_accept(suite) ->
+ [];
+
+close_transport_accept(Config) when is_list(Config) ->
+ ServerOpts = ?config(server_opts, Config),
+ {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
+
+ Port = 0,
+ Opts = [{active, false} | ServerOpts],
+ {ok, ListenSocket} = rpc:call(ServerNode, ssl, listen, [Port, Opts]),
+ spawn_link(fun() ->
+ test_server:sleep(?SLEEP),
+ rpc:call(ServerNode, ssl, close, [ListenSocket])
+ end),
+ case rpc:call(ServerNode, ssl, transport_accept, [ListenSocket]) of
+ {error, closed} ->
+ ok;
+ Other ->
+ exit({?LINE, Other})
+ end.
+
%%--------------------------------------------------------------------
dh_params(doc) ->
["Test to specify DH-params file in server."];
@@ -806,7 +886,7 @@ tcp_connect(Config) when is_list(Config) ->
Server = ssl_test_lib:start_upgrade_server([{node, ServerNode}, {port, 0},
{from, self()},
{timeout, 5000},
- {mfa, {?MODULE, should_close, []}},
+ {mfa, {?MODULE, dummy, []}},
{tcp_options, TcpOpts},
{ssl_options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
@@ -815,18 +895,20 @@ tcp_connect(Config) when is_list(Config) ->
test_server:format("Testcase ~p connected to Server ~p ~n", [self(), Server]),
gen_tcp:send(Socket, "<SOME GARBLED NON SSL MESSAGE>"),
- ssl_test_lib:check_result(Server, {error,esslerrssl}, tcp_closed, Socket),
-
+ receive
+ {tcp_closed, Socket} ->
+ receive
+ {Server, {error, Error}} ->
+ test_server:format("Error ~p", [Error])
+ end
+ end,
ssl_test_lib:close(Server).
-should_close(Socket) ->
- receive
- {ssl, Socket, closed} ->
- server_closed;
- Other ->
- exit({?LINE, Other})
- end.
+dummy(Socket) ->
+ %% Should not happen as the ssl connection will not be established
+ %% due to fatal handshake failiure
+ exit(kill).
%%--------------------------------------------------------------------
ipv6(doc) ->
@@ -992,8 +1074,6 @@ eoptions(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server0, {error, {eoptions, {active,trice}}},
Client0, {error, {eoptions, {active,trice}}}),
- test_server:sleep(?SLEEP),
-
Server1 =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
{from, self()},
@@ -1005,9 +1085,6 @@ eoptions(Config) when is_list(Config) ->
{options, [{header, a} | ClientOpts]}]),
ssl_test_lib:check_result(Server1, {error, {eoptions, {header, a}}},
Client1, {error, {eoptions, {header, a}}}),
-
- test_server:sleep(?SLEEP),
-
Server2 =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
@@ -1022,9 +1099,6 @@ eoptions(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server2, {error, {eoptions, {mode, a}}},
Client2, {error, {eoptions, {mode, a}}}),
-
- test_server:sleep(?SLEEP),
-
Server3 =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
{from, self()},
@@ -1036,8 +1110,6 @@ eoptions(Config) when is_list(Config) ->
{options, [{packet, 8.0} | ClientOpts]}]),
ssl_test_lib:check_result(Server3, {error, {eoptions, {packet, 8.0}}},
Client3, {error, {eoptions, {packet, 8.0}}}),
-
- test_server:sleep(?SLEEP),
%% ssl
Server4 =
@@ -1051,8 +1123,6 @@ eoptions(Config) when is_list(Config) ->
{options, [{verify, 4} | ClientOpts]}]),
ssl_test_lib:check_result(Server4, {error, {eoptions, {verify, 4}}},
Client4, {error, {eoptions, {verify, 4}}}),
-
- test_server:sleep(?SLEEP),
Server5 =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
@@ -1065,8 +1135,6 @@ eoptions(Config) when is_list(Config) ->
{options, [{depth, four} | ClientOpts]}]),
ssl_test_lib:check_result(Server5, {error, {eoptions, {depth, four}}},
Client5, {error, {eoptions, {depth, four}}}),
-
- test_server:sleep(?SLEEP),
Server6 =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
@@ -1080,9 +1148,6 @@ eoptions(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server6, {error, {eoptions, {cacertfile, ""}}},
Client6, {error, {eoptions, {cacertfile, ""}}}),
-
- test_server:sleep(?SLEEP),
-
Server7 =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
{from, self()},
@@ -1096,8 +1161,6 @@ eoptions(Config) when is_list(Config) ->
{error, {eoptions, {certfile, 'cert.pem'}}},
Client7, {error, {eoptions, {certfile, 'cert.pem'}}}),
- test_server:sleep(?SLEEP),
-
Server8 =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
{from, self()},
@@ -1110,8 +1173,6 @@ eoptions(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server8,
{error, {eoptions, {keyfile, 'key.pem'}}},
Client8, {error, {eoptions, {keyfile, 'key.pem'}}}),
-
- test_server:sleep(?SLEEP),
Server9 =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
@@ -1125,9 +1186,6 @@ eoptions(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server9, {error, {eoptions, {key, 'key.pem'}}},
Client9, {error, {eoptions, {key, 'key.pem'}}}),
-
- test_server:sleep(?SLEEP),
-
Server10 =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
{from, self()},
@@ -1139,9 +1197,6 @@ eoptions(Config) when is_list(Config) ->
{options, [{password, foo} | ClientOpts]}]),
ssl_test_lib:check_result(Server10, {error, {eoptions, {password, foo}}},
Client10, {error, {eoptions, {password, foo}}}),
-
- test_server:sleep(?SLEEP),
-
%% Misc
Server11 =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
@@ -1155,9 +1210,6 @@ eoptions(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server11, {error, {eoptions, {ssl_imp, cool}}},
Client11, {error, {eoptions, {ssl_imp, cool}}}),
-
- test_server:sleep(?SLEEP),
-
Server12 =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
{from, self()},
@@ -1779,7 +1831,66 @@ server_verify_no_cacerts(Config) when is_list(Config) ->
| ServerOpts]}]),
ssl_test_lib:check_result(Server, {error, {eoptions, {cacertfile, ""}}}).
+
+%%--------------------------------------------------------------------
+
+server_require_peer_cert_ok(doc) ->
+ ["Test server option fail_if_no_peer_cert when peer sends cert"];
+
+server_require_peer_cert_ok(suite) ->
+ [];
+
+server_require_peer_cert_ok(Config) when is_list(Config) ->
+ ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
+ | ?config(server_verification_opts, Config)],
+ ClientOpts = ?config(client_verification_opts, Config),
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result, []}},
+ {options, [{active, false} | ServerOpts]}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result, []}},
+ {options, [{active, false} | ClientOpts]}]),
+
+ ssl_test_lib:check_result(Server, ok, Client, ok),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+
+server_require_peer_cert_fail(doc) ->
+ ["Test server option fail_if_no_peer_cert when peer doesn't send cert"];
+
+server_require_peer_cert_fail(suite) ->
+ [];
+
+server_require_peer_cert_fail(Config) when is_list(Config) ->
+ ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
+ | ?config(server_verification_opts, Config)],
+ BadClientOpts = ?config(client_opts, Config),
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+ Port = ssl_test_lib:inet_port(ServerNode),
+
+ Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result, []}},
+ {options, [{active, false} | ServerOpts]}]),
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result, []}},
+ {options, [{active, false} | BadClientOpts]}]),
+ ssl_test_lib:check_result(Server, {error, esslaccept},
+ Client, {error, esslconnect}),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client).
+
%%--------------------------------------------------------------------
client_verify_none_passive(doc) ->
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-11 17:23:34 +0000