diff options
Diffstat (limited to 'lib/ssl/test/ssl_test_lib.erl')
| -rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 221 |
1 files changed, 180 insertions, 41 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index 46b6eb401d..f6ccbe85e3 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -81,14 +81,20 @@ run_server(ListenSocket, Opts) -> no_result_msg -> ok; Msg -> - test_server:format("Msg: ~p ~n", [Msg]), + test_server:format("Server Msg: ~p ~n", [Msg]), Pid ! {self(), Msg} end, - receive + receive listen -> run_server(ListenSocket, Opts); + {listen, MFA} -> + run_server(ListenSocket, [MFA | proplists:delete(mfa, Opts)]); close -> - ok = rpc:call(Node, ssl, close, [AcceptSocket]) + test_server:format("Server closing ~p ~n", [self()]), + Result = rpc:call(Node, ssl, close, [AcceptSocket], 500), + test_server:format("Result ~p ~n", [Result]); + {ssl_closed, _} -> + ok end. %%% To enable to test with s_client -reconnect @@ -151,19 +157,30 @@ run_client(Opts) -> no_result_msg -> ok; Msg -> + test_server:format("Client Msg: ~p ~n", [Msg]), Pid ! {self(), Msg} end, - receive + receive close -> - ok = rpc:call(Node, ssl, close, [Socket]) + test_server:format("Client closing~n", []), + rpc:call(Node, ssl, close, [Socket]); + {ssl_closed, Socket} -> + ok end; {error, Reason} -> - test_server:format("Client: connection failed: ~p ~n", [Reason]), + test_server:format("Client: connection failed: ~p ~n", [Reason]), Pid ! {self(), {error, Reason}} end. close(Pid) -> - Pid ! close. + test_server:format("Close ~p ~n", [Pid]), + Monitor = erlang:monitor(process, Pid), + Pid ! close, + receive + {'DOWN', Monitor, process, Pid, Reason} -> + erlang:demonitor(Monitor), + test_server:format("Pid: ~p down due to:~p ~n", [Pid, Reason]) + end. check_result(Server, ServerMsg, Client, ClientMsg) -> receive @@ -208,47 +225,27 @@ check_result(Pid, Msg) -> test_server:fail(Reason) end. -check_result_ignore_renegotiation_reject(Pid, Msg) -> - receive - {Pid, fail_session_fatal_alert_during_renegotiation} -> - test_server:comment("Server rejected old renegotiation"), - ok; - {ssl_error, _, esslconnect} -> - test_server:comment("Server rejected old renegotiation"), - ok; - {Pid, Msg} -> - ok; - {Port, {data,Debug}} when is_port(Port) -> - io:format("openssl ~s~n",[Debug]), - check_result(Pid,Msg); - Unexpected -> - Reason = {{expected, {Pid, Msg}}, - {got, Unexpected}}, - test_server:fail(Reason) - end. - - wait_for_result(Server, ServerMsg, Client, ClientMsg) -> receive {Server, ServerMsg} -> receive {Client, ClientMsg} -> - ok; - Unexpected -> - Unexpected + ok + %% Unexpected -> + %% Unexpected end; {Client, ClientMsg} -> receive {Server, ServerMsg} -> - ok; - Unexpected -> - Unexpected + ok + %% Unexpected -> + %% Unexpected end; {Port, {data,Debug}} when is_port(Port) -> io:format("openssl ~s~n",[Debug]), - wait_for_result(Server, ServerMsg, Client, ClientMsg); - Unexpected -> - Unexpected + wait_for_result(Server, ServerMsg, Client, ClientMsg) + %% Unexpected -> + %% Unexpected end. @@ -258,9 +255,9 @@ wait_for_result(Pid, Msg) -> ok; {Port, {data,Debug}} when is_port(Port) -> io:format("openssl ~s~n",[Debug]), - wait_for_result(Pid,Msg); - Unexpected -> - Unexpected + wait_for_result(Pid,Msg) + %% Unexpected -> + %% Unexpected end. cert_options(Config) -> @@ -268,6 +265,8 @@ cert_options(Config) -> "client", "cacerts.pem"]), ClientCertFile = filename:join([?config(priv_dir, Config), "client", "cert.pem"]), + ClientCertFileDigitalSignatureOnly = filename:join([?config(priv_dir, Config), + "client", "digital_signature_only_cert.pem"]), ServerCaCertFile = filename:join([?config(priv_dir, Config), "server", "cacerts.pem"]), ServerCertFile = filename:join([?config(priv_dir, Config), @@ -292,8 +291,13 @@ cert_options(Config) -> {certfile, ClientCertFile}, {keyfile, ClientKeyFile}, {ssl_imp, new}]}, + {client_verification_opts_digital_signature_only, [{cacertfile, ClientCaCertFile}, + {certfile, ClientCertFileDigitalSignatureOnly}, + {keyfile, ClientKeyFile}, + {ssl_imp, new}]}, {server_opts, [{ssl_imp, new},{reuseaddr, true}, {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]}, + {server_anon, [{ssl_imp, new},{reuseaddr, true}, {ciphers, anonymous_suites()}]}, {server_verification_opts, [{ssl_imp, new},{reuseaddr, true}, {cacertfile, ServerCaCertFile}, {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]}, @@ -318,6 +322,58 @@ cert_options(Config) -> | Config]. +make_dsa_cert(Config) -> + + {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, dsa, dsa, ""), + {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, dsa, dsa, ""), + [{server_dsa_opts, [{ssl_imp, new},{reuseaddr, true}, + {cacertfile, ServerCaCertFile}, + {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]}, + {server_dsa_verify_opts, [{ssl_imp, new},{reuseaddr, true}, + {cacertfile, ClientCaCertFile}, + {certfile, ServerCertFile}, {keyfile, ServerKeyFile}, + {verify, verify_peer}]}, + {client_dsa_opts, [{ssl_imp, new},{reuseaddr, true}, + {cacertfile, ClientCaCertFile}, + {certfile, ClientCertFile}, {keyfile, ClientKeyFile}]} + | Config]. + + +make_mix_cert(Config) -> + {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, dsa, + rsa, "mix"), + {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, dsa, + rsa, "mix"), + [{server_mix_opts, [{ssl_imp, new},{reuseaddr, true}, + {cacertfile, ServerCaCertFile}, + {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]}, + {server_mix_verify_opts, [{ssl_imp, new},{reuseaddr, true}, + {cacertfile, ClientCaCertFile}, + {certfile, ServerCertFile}, {keyfile, ServerKeyFile}, + {verify, verify_peer}]}, + {client_mix_opts, [{ssl_imp, new},{reuseaddr, true}, + {cacertfile, ClientCaCertFile}, + {certfile, ClientCertFile}, {keyfile, ClientKeyFile}]} + | Config]. + +make_cert_files(RoleStr, Config, Alg1, Alg2, Prefix) -> + Alg1Str = atom_to_list(Alg1), + Alg2Str = atom_to_list(Alg2), + CaInfo = {CaCert, _} = erl_make_certs:make_cert([{key, Alg1}]), + {Cert, CertKey} = erl_make_certs:make_cert([{key, Alg2}, {issuer, CaInfo}]), + CaCertFile = filename:join([?config(priv_dir, Config), + RoleStr, Prefix ++ Alg1Str ++ "_cacerts.pem"]), + CertFile = filename:join([?config(priv_dir, Config), + RoleStr, Prefix ++ Alg2Str ++ "_cert.pem"]), + KeyFile = filename:join([?config(priv_dir, Config), + RoleStr, Prefix ++ Alg2Str ++ "_key.pem"]), + + der_to_pem(CaCertFile, [{'Certificate', CaCert, not_encrypted}]), + der_to_pem(CertFile, [{'Certificate', Cert, not_encrypted}]), + der_to_pem(KeyFile, [CertKey]), + {CaCertFile, CertFile, KeyFile}. + + start_upgrade_server(Args) -> Result = spawn_link(?MODULE, run_upgrade_server, [Args]), receive @@ -355,10 +411,12 @@ run_upgrade_server(Opts) -> end, {Module, Function, Args} = proplists:get_value(mfa, Opts), Msg = rpc:call(Node, Module, Function, [SslAcceptSocket | Args]), + test_server:format("Upgrade Server Msg: ~p ~n", [Msg]), Pid ! {self(), Msg}, receive close -> - ok = rpc:call(Node, ssl, close, [SslAcceptSocket]) + test_server:format("Upgrade Server closing~n", []), + rpc:call(Node, ssl, close, [SslAcceptSocket]) end catch error:{badmatch, Error} -> Pid ! {self(), Error} @@ -388,10 +446,12 @@ run_upgrade_client(Opts) -> test_server:format("apply(~p, ~p, ~p)~n", [Module, Function, [SslSocket | Args]]), Msg = rpc:call(Node, Module, Function, [SslSocket | Args]), + test_server:format("Upgrade Client Msg: ~p ~n", [Msg]), Pid ! {self(), Msg}, receive close -> - ok = rpc:call(Node, ssl, close, [SslSocket]) + test_server:format("Upgrade Client closing~n", []), + rpc:call(Node, ssl, close, [SslSocket]) end. start_upgrade_server_error(Args) -> @@ -529,3 +589,82 @@ send_selected_port(Pid, 0, Socket) -> Pid ! {self(), {port, NewPort}}; send_selected_port(_,_,_) -> ok. + +rsa_suites() -> + lists:filter(fun({dhe_dss, _, _}) -> + false; + (_) -> + true + end, + ssl:cipher_suites()). + +rsa_non_signed_suites() -> + lists:filter(fun({rsa, _, _}) -> + true; + (_) -> + false + end, + ssl:cipher_suites()). + +dsa_suites() -> + lists:filter(fun({dhe_dss, _, _}) -> + true; + (_) -> + false + end, + ssl:cipher_suites()). + + +openssl_rsa_suites() -> + Ciphers = ssl:cipher_suites(openssl), + lists:filter(fun(Str) -> + case re:run(Str,"DSS",[]) of + nomatch -> + true; + _ -> + false + end + end, Ciphers). + +openssl_dsa_suites() -> + Ciphers = ssl:cipher_suites(openssl), + lists:filter(fun(Str) -> + case re:run(Str,"DSS",[]) of + nomatch -> + false; + _ -> + true + end + end, Ciphers). + +anonymous_suites() -> + [{dh_anon, rc4_128, md5}, + {dh_anon, des_cbc, sha}, + {dh_anon, '3des_ede_cbc', sha}, + {dh_anon, aes_128_cbc, sha}, + {dh_anon, aes_256_cbc, sha}]. + +pem_to_der(File) -> + {ok, PemBin} = file:read_file(File), + public_key:pem_decode(PemBin). + +der_to_pem(File, Entries) -> + PemBin = public_key:pem_encode(Entries), + file:write_file(File, PemBin). + +cipher_result(Socket, Result) -> + Result = ssl:connection_info(Socket), + test_server:format("Successfull connect: ~p~n", [Result]), + %% Importante to send two packets here + %% to properly test "cipher state" handling + ssl:send(Socket, "Hello\n"), + receive + {ssl, Socket, "Hello\n"} -> + ssl:send(Socket, " world\n"), + receive + {ssl, Socket, " world\n"} -> + ok + end; + Other -> + {unexpected, Other} + end. |