aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_basic_SUITE.erl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/test/ssl_basic_SUITE.erl')
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl147
1 files changed, 143 insertions, 4 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 6cf712fa6f..4c3548a703 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -248,6 +248,7 @@ api_tests() ->
[connection_info,
peername,
peercert,
+ peercert_with_client_cert,
sockname,
versions,
controlling_process,
@@ -257,7 +258,8 @@ api_tests() ->
shutdown_write,
shutdown_both,
shutdown_error,
- hibernate
+ hibernate,
+ listen_socket
].
certificate_verify_tests() ->
@@ -273,6 +275,7 @@ certificate_verify_tests() ->
server_verify_client_once_passive,
server_verify_client_once_active,
server_verify_client_once_active_once,
+ new_server_wants_peer_cert,
client_verify_none_passive,
client_verify_none_active,
client_verify_none_active_once,
@@ -787,6 +790,43 @@ peercert(Config) when is_list(Config) ->
peercert_result(Socket) ->
ssl:peercert(Socket).
+%%--------------------------------------------------------------------
+
+peercert_with_client_cert(doc) ->
+ [""];
+peercert_with_client_cert(suite) ->
+ [];
+peercert_with_client_cert(Config) when is_list(Config) ->
+ ClientOpts = ?config(client_dsa_opts, Config),
+ ServerOpts = ?config(server_dsa_verify_opts, Config),
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, peercert_result, []}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client = ssl_test_lib:start_client([{node, ServerNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE, peercert_result, []}},
+ {options, ClientOpts}]),
+
+ ServerCertFile = proplists:get_value(certfile, ServerOpts),
+ [{'Certificate', ServerBinCert, _}]= ssl_test_lib:pem_to_der(ServerCertFile),
+ ClientCertFile = proplists:get_value(certfile, ClientOpts),
+ [{'Certificate', ClientBinCert, _}]= ssl_test_lib:pem_to_der(ClientCertFile),
+
+ ServerMsg = {ok, ClientBinCert},
+ ClientMsg = {ok, ServerBinCert},
+
+ test_server:format("Testcase ~p, Client ~p Server ~p ~n",
+ [self(), Client, Server]),
+
+ ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
+
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
sockname(doc) ->
@@ -3609,9 +3649,14 @@ no_reuses_session_server_restart_new_cert(Config) when is_list(Config) ->
%% Make sure session is registered
test_server:sleep(?SLEEP),
+ Monitor = erlang:monitor(process, Server),
ssl_test_lib:close(Server),
ssl_test_lib:close(Client0),
-
+ receive
+ {'DOWN', Monitor, _, _, _} ->
+ ok
+ end,
+
Server1 =
ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
{from, self()},
@@ -3718,10 +3763,14 @@ reuseaddr(Config) when is_list(Config) ->
{from, self()},
{mfa, {ssl_test_lib, no_result, []}},
{options, [{active, false} | ClientOpts]}]),
- test_server:sleep(?SLEEP),
+ Monitor = erlang:monitor(process, Server),
ssl_test_lib:close(Server),
ssl_test_lib:close(Client),
-
+ receive
+ {'DOWN', Monitor, _, _, _} ->
+ ok
+ end,
+
Server1 =
ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
{from, self()},
@@ -3777,6 +3826,35 @@ hibernate(Config) ->
ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
+listen_socket(doc) ->
+ ["Check error handling and inet compliance when calling API functions with listen sockets."];
+
+listen_socket(suite) ->
+ [];
+
+listen_socket(Config) ->
+ ServerOpts = ?config(server_opts, Config),
+ {ok, ListenSocket} = ssl:listen(0, ServerOpts),
+
+ %% This can be a valid thing to do as
+ %% options are inherited by the accept socket
+ ok = ssl:controlling_process(ListenSocket, self()),
+
+ {ok, _} = ssl:sockname(ListenSocket),
+
+ {error, enotconn} = ssl:send(ListenSocket, <<"data">>),
+ {error, enotconn} = ssl:recv(ListenSocket, 0),
+ {error, enotconn} = ssl:connection_info(ListenSocket),
+ {error, enotconn} = ssl:peername(ListenSocket),
+ {error, enotconn} = ssl:peercert(ListenSocket),
+ {error, enotconn} = ssl:session_info(ListenSocket),
+ {error, enotconn} = ssl:renegotiate(ListenSocket),
+ {error, enotconn} = ssl:prf(ListenSocket, 'master_secret', <<"Label">>, client_random, 256),
+ {error, enotconn} = ssl:shutdown(ListenSocket, read_write),
+
+ ok = ssl:close(ListenSocket).
+
+%%--------------------------------------------------------------------
connect_twice(doc) ->
[""];
@@ -4011,6 +4089,67 @@ client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == dss orelse KeyAlgo ==
{?config(client_dsa_opts, Config),
?config(server_dsa_opts, Config)}.
+
+%%--------------------------------------------------------------------
+
+new_server_wants_peer_cert(doc) ->
+ ["Test that server configured to do client certification does"
+ " not reuse session without a client certificate."];
+new_server_wants_peer_cert(suite) ->
+ [];
+new_server_wants_peer_cert(Config) when is_list(Config) ->
+ ServerOpts = ?config(server_opts, Config),
+ VServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
+ | ?config(server_verification_opts, Config)],
+ ClientOpts = ?config(client_verification_opts, Config),
+
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, peercert_result, []}},
+ {options, [ServerOpts]}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client =
+ ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {ssl_test_lib, no_result, []}},
+ {options, ClientOpts}]),
+
+ Monitor = erlang:monitor(process, Server),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client),
+ receive
+ {'DOWN', Monitor, _, _, _} ->
+ ok
+ end,
+
+ Server1 = ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
+ {from, self()},
+ {mfa, {?MODULE, peercert_result, []}},
+ {options, VServerOpts}]),
+ Client1 =
+ ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {ssl_test_lib, no_result, []}},
+ {options, [ClientOpts]}]),
+
+ CertFile = proplists:get_value(certfile, ClientOpts),
+ [{'Certificate', BinCert, _}]= ssl_test_lib:pem_to_der(CertFile),
+
+ ServerMsg = {error, no_peercert},
+ Sever1Msg = {ok, BinCert},
+
+ ssl_test_lib:check_result(Server, ServerMsg, Server1, Sever1Msg),
+
+ ssl_test_lib:close(Server1),
+ ssl_test_lib:close(Client),
+ ssl_test_lib:close(Client1).
+
+
%%--------------------------------------------------------------------
%%% Internal functions
%%--------------------------------------------------------------------
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 18:44:39 +0000