diff options
Diffstat (limited to 'lib/ssl/test/ssl_basic_SUITE.erl')
-rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 199 |
1 files changed, 155 insertions, 44 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index 8dc987e3ff..68970b6693 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -151,16 +151,17 @@ all(doc) -> all(suite) -> [app, connection_info, controlling_process, controller_dies, peercert, connect_dist, - peername, sockname, socket_options, versions, cipher_suites, + peername, sockname, socket_options, valid_ssl_options, versions, cipher_suites, upgrade, upgrade_with_timeout, tcp_connect, ipv6, ekeyfile, ecertfile, ecacertfile, eoptions, shutdown, shutdown_write, shutdown_both, shutdown_error, ciphers, - send_close, dh_params, + send_close, close_transport_accept, dh_params, server_verify_peer_passive, server_verify_peer_active, server_verify_peer_active_once, server_verify_none_passive, server_verify_none_active, - server_verify_none_active_once, - server_verify_no_cacerts, client_verify_none_passive, + server_verify_none_active_once, server_verify_no_cacerts, + server_require_peer_cert_ok, server_require_peer_cert_fail, + client_verify_none_passive, client_verify_none_active, client_verify_none_active_once %%, session_cache_process_list, session_cache_process_mnesia ,reuse_session, reuse_session_expired, server_does_not_want_to_reuse_session, @@ -605,6 +606,59 @@ socket_options_result(Socket, Options, DefaultValues, NewOptions, NewValues) -> ok. %%-------------------------------------------------------------------- +valid_ssl_options(doc) -> + ["Test what happens when we give valid options"]; + +valid_ssl_options(suite) -> + []; + +valid_ssl_options(Config) when is_list(Config) -> + ClientOpts = [{reuseaddr, true} | ?config(client_opts, Config)], + ServerOpts = [{reuseaddr, true} | ?config(server_opts, Config)], + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + Port = ssl_test_lib:inet_port(ServerNode), + + StartOk = + fun(Peer, Pid, TestOpt) -> + receive + {Pid, ok} when Peer =:= server -> + ok; + {Pid, {ok, _}} when Peer =:= client -> + ok; + {Pid, Error} -> + test_server:fail({Peer, + {option_being_tested, TestOpt}, + {got, Error}}) + end + end, + + %% The following contains both documented and undocumented options as + %% listed in ssl:handle_options/2. It excludes file options which are + %% tested elsewhere (cacertfile, certfile, keyfile). + TestOpts = [{versions, []}, {verify, verify_none}, {verify_fun, fun(_) -> false end}, + {fail_if_no_peer_cert, false}, {verify_client_once, false}, + {depth, 1}, {key, undefined}, {password, "secret"}, {ciphers, []}, + {reuse_sessions, true}, {reuse_session, fun(_,_,_,_) -> true end}, + {renegotiate_at, 1000000000}, {debug, []}, + {cb_info, {gen_tcp, tcp, tcp_closed}}], + [begin + Server = + ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, + {from, self()}, + {options, [TestOpt | ServerOpts]}]), + Client = + ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port}, + {host, Hostname}, {from, self()}, + {options, [TestOpt | ClientOpts]}]), + StartOk(server, Server, TestOpt), + StartOk(client, Client, TestOpt), + ssl_test_lib:close(Server), + ssl_test_lib:close(Client), + ok + end || TestOpt <- TestOpts], + ok. + +%%-------------------------------------------------------------------- versions(doc) -> ["Test API function versions/0"]; @@ -675,6 +729,32 @@ send_close(Config) when is_list(Config) -> gen_tcp:close(TcpS), {error, _} = ssl:send(SslS, "Hello world"), ssl_test_lib:close(Server). + +%%-------------------------------------------------------------------- +close_transport_accept(doc) -> + ["Tests closing ssl socket when waiting on ssl:transport_accept/1"]; + +close_transport_accept(suite) -> + []; + +close_transport_accept(Config) when is_list(Config) -> + ServerOpts = ?config(server_opts, Config), + {_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config), + + Port = 0, + Opts = [{active, false} | ServerOpts], + {ok, ListenSocket} = rpc:call(ServerNode, ssl, listen, [Port, Opts]), + spawn_link(fun() -> + test_server:sleep(?SLEEP), + rpc:call(ServerNode, ssl, close, [ListenSocket]) + end), + case rpc:call(ServerNode, ssl, transport_accept, [ListenSocket]) of + {error, closed} -> + ok; + Other -> + exit({?LINE, Other}) + end. + %%-------------------------------------------------------------------- dh_params(doc) -> ["Test to specify DH-params file in server."]; @@ -806,7 +886,7 @@ tcp_connect(Config) when is_list(Config) -> Server = ssl_test_lib:start_upgrade_server([{node, ServerNode}, {port, 0}, {from, self()}, {timeout, 5000}, - {mfa, {?MODULE, should_close, []}}, + {mfa, {?MODULE, dummy, []}}, {tcp_options, TcpOpts}, {ssl_options, ServerOpts}]), Port = ssl_test_lib:inet_port(Server), @@ -815,18 +895,20 @@ tcp_connect(Config) when is_list(Config) -> test_server:format("Testcase ~p connected to Server ~p ~n", [self(), Server]), gen_tcp:send(Socket, "<SOME GARBLED NON SSL MESSAGE>"), - ssl_test_lib:check_result(Server, {error,esslerrssl}, tcp_closed, Socket), - + receive + {tcp_closed, Socket} -> + receive + {Server, {error, Error}} -> + test_server:format("Error ~p", [Error]) + end + end, ssl_test_lib:close(Server). -should_close(Socket) -> - receive - {ssl, Socket, closed} -> - server_closed; - Other -> - exit({?LINE, Other}) - end. +dummy(Socket) -> + %% Should not happen as the ssl connection will not be established + %% due to fatal handshake failiure + exit(kill). %%-------------------------------------------------------------------- ipv6(doc) -> @@ -992,8 +1074,6 @@ eoptions(Config) when is_list(Config) -> ssl_test_lib:check_result(Server0, {error, {eoptions, {active,trice}}}, Client0, {error, {eoptions, {active,trice}}}), - test_server:sleep(?SLEEP), - Server1 = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, {from, self()}, @@ -1005,9 +1085,6 @@ eoptions(Config) when is_list(Config) -> {options, [{header, a} | ClientOpts]}]), ssl_test_lib:check_result(Server1, {error, {eoptions, {header, a}}}, Client1, {error, {eoptions, {header, a}}}), - - test_server:sleep(?SLEEP), - Server2 = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, @@ -1022,9 +1099,6 @@ eoptions(Config) when is_list(Config) -> ssl_test_lib:check_result(Server2, {error, {eoptions, {mode, a}}}, Client2, {error, {eoptions, {mode, a}}}), - - test_server:sleep(?SLEEP), - Server3 = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, {from, self()}, @@ -1036,8 +1110,6 @@ eoptions(Config) when is_list(Config) -> {options, [{packet, 8.0} | ClientOpts]}]), ssl_test_lib:check_result(Server3, {error, {eoptions, {packet, 8.0}}}, Client3, {error, {eoptions, {packet, 8.0}}}), - - test_server:sleep(?SLEEP), %% ssl Server4 = @@ -1051,8 +1123,6 @@ eoptions(Config) when is_list(Config) -> {options, [{verify, 4} | ClientOpts]}]), ssl_test_lib:check_result(Server4, {error, {eoptions, {verify, 4}}}, Client4, {error, {eoptions, {verify, 4}}}), - - test_server:sleep(?SLEEP), Server5 = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, @@ -1065,8 +1135,6 @@ eoptions(Config) when is_list(Config) -> {options, [{depth, four} | ClientOpts]}]), ssl_test_lib:check_result(Server5, {error, {eoptions, {depth, four}}}, Client5, {error, {eoptions, {depth, four}}}), - - test_server:sleep(?SLEEP), Server6 = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, @@ -1080,9 +1148,6 @@ eoptions(Config) when is_list(Config) -> ssl_test_lib:check_result(Server6, {error, {eoptions, {cacertfile, ""}}}, Client6, {error, {eoptions, {cacertfile, ""}}}), - - test_server:sleep(?SLEEP), - Server7 = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, {from, self()}, @@ -1096,8 +1161,6 @@ eoptions(Config) when is_list(Config) -> {error, {eoptions, {certfile, 'cert.pem'}}}, Client7, {error, {eoptions, {certfile, 'cert.pem'}}}), - test_server:sleep(?SLEEP), - Server8 = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, {from, self()}, @@ -1110,8 +1173,6 @@ eoptions(Config) when is_list(Config) -> ssl_test_lib:check_result(Server8, {error, {eoptions, {keyfile, 'key.pem'}}}, Client8, {error, {eoptions, {keyfile, 'key.pem'}}}), - - test_server:sleep(?SLEEP), Server9 = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, @@ -1125,9 +1186,6 @@ eoptions(Config) when is_list(Config) -> ssl_test_lib:check_result(Server9, {error, {eoptions, {key, 'key.pem'}}}, Client9, {error, {eoptions, {key, 'key.pem'}}}), - - test_server:sleep(?SLEEP), - Server10 = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, {from, self()}, @@ -1139,9 +1197,6 @@ eoptions(Config) when is_list(Config) -> {options, [{password, foo} | ClientOpts]}]), ssl_test_lib:check_result(Server10, {error, {eoptions, {password, foo}}}, Client10, {error, {eoptions, {password, foo}}}), - - test_server:sleep(?SLEEP), - %% Misc Server11 = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, @@ -1155,9 +1210,6 @@ eoptions(Config) when is_list(Config) -> ssl_test_lib:check_result(Server11, {error, {eoptions, {ssl_imp, cool}}}, Client11, {error, {eoptions, {ssl_imp, cool}}}), - - test_server:sleep(?SLEEP), - Server12 = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, {from, self()}, @@ -1779,7 +1831,66 @@ server_verify_no_cacerts(Config) when is_list(Config) -> | ServerOpts]}]), ssl_test_lib:check_result(Server, {error, {eoptions, {cacertfile, ""}}}). + +%%-------------------------------------------------------------------- + +server_require_peer_cert_ok(doc) -> + ["Test server option fail_if_no_peer_cert when peer sends cert"]; + +server_require_peer_cert_ok(suite) -> + []; + +server_require_peer_cert_ok(Config) when is_list(Config) -> + ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true} + | ?config(server_verification_opts, Config)], + ClientOpts = ?config(client_verification_opts, Config), + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + + Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, + {from, self()}, + {mfa, {?MODULE, send_recv_result, []}}, + {options, [{active, false} | ServerOpts]}]), + Port = ssl_test_lib:inet_port(Server), + Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {?MODULE, send_recv_result, []}}, + {options, [{active, false} | ClientOpts]}]), + + ssl_test_lib:check_result(Server, ok, Client, ok), + ssl_test_lib:close(Server), + ssl_test_lib:close(Client). + +%%-------------------------------------------------------------------- + +server_require_peer_cert_fail(doc) -> + ["Test server option fail_if_no_peer_cert when peer doesn't send cert"]; + +server_require_peer_cert_fail(suite) -> + []; + +server_require_peer_cert_fail(Config) when is_list(Config) -> + ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true} + | ?config(server_verification_opts, Config)], + BadClientOpts = ?config(client_opts, Config), + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + Port = ssl_test_lib:inet_port(ServerNode), + + Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, Port}, + {from, self()}, + {mfa, {?MODULE, send_recv_result, []}}, + {options, [{active, false} | ServerOpts]}]), + Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {?MODULE, send_recv_result, []}}, + {options, [{active, false} | BadClientOpts]}]), + ssl_test_lib:check_result(Server, {error, esslaccept}, + Client, {error, esslconnect}), + ssl_test_lib:close(Server), + ssl_test_lib:close(Client). + %%-------------------------------------------------------------------- client_verify_none_passive(doc) -> |