aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/test')
-rw-r--r--lib/ssl/test/Makefile6
-rw-r--r--lib/ssl/test/erl_make_certs.erl4
-rw-r--r--lib/ssl/test/make_certs.erl2
-rw-r--r--lib/ssl/test/old_ssl_active_SUITE.erl84
-rw-r--r--lib/ssl/test/old_ssl_active_once_SUITE.erl86
-rw-r--r--lib/ssl/test/old_ssl_dist_SUITE.erl34
-rw-r--r--lib/ssl/test/old_ssl_misc_SUITE.erl70
-rw-r--r--lib/ssl/test/old_ssl_passive_SUITE.erl84
-rw-r--r--lib/ssl/test/old_ssl_peer_cert_SUITE.erl73
-rw-r--r--lib/ssl/test/old_ssl_protocol_SUITE.erl70
-rw-r--r--lib/ssl/test/old_ssl_verify_SUITE.erl70
-rw-r--r--lib/ssl/test/old_transport_accept_SUITE.erl39
-rw-r--r--lib/ssl/test/ssl.cover36
-rw-r--r--lib/ssl/test/ssl.spec2
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl693
-rw-r--r--lib/ssl/test/ssl_packet_SUITE.erl115
-rw-r--r--lib/ssl/test/ssl_payload_SUITE.erl63
-rw-r--r--lib/ssl/test/ssl_session_cache_SUITE.erl317
-rw-r--r--lib/ssl/test/ssl_test_lib.erl144
-rw-r--r--lib/ssl/test/ssl_to_openssl_SUITE.erl83
20 files changed, 1441 insertions, 634 deletions
diff --git a/lib/ssl/test/Makefile b/lib/ssl/test/Makefile
index 9e4aecac45..fd3b6d06ad 100644
--- a/lib/ssl/test/Makefile
+++ b/lib/ssl/test/Makefile
@@ -1,7 +1,7 @@
#
# %CopyrightBegin%
#
-# Copyright Ericsson AB 1999-2010. All Rights Reserved.
+# Copyright Ericsson AB 1999-2011. All Rights Reserved.
#
# The contents of this file are subject to the Erlang Public License,
# Version 1.1, (the "License"); you may not use this file except in
@@ -40,6 +40,7 @@ MODULES = \
ssl_packet_SUITE \
ssl_payload_SUITE \
ssl_to_openssl_SUITE \
+ ssl_session_cache_SUITE \
ssl_test_MACHINE \
old_ssl_active_SUITE \
old_ssl_active_once_SUITE \
@@ -59,6 +60,7 @@ ERL_FILES = $(MODULES:%=%.erl)
HRL_FILES = ssl_test_MACHINE.hrl
HRL_FILES_SRC = \
+ ssl_int.hrl \
ssl_alert.hrl \
ssl_handshake.hrl
@@ -125,7 +127,7 @@ release_spec: opt
release_tests_spec: opt
$(INSTALL_DIR) $(RELSYSDIR)
$(INSTALL_DATA) $(ERL_FILES) $(HRL_FILES) $(HRL_FILES_NEEDED_IN_TEST) $(COVER_FILE) $(RELSYSDIR)
- $(INSTALL_DATA) ssl.spec $(RELSYSDIR)
+ $(INSTALL_DATA) ssl.spec ssl.cover $(RELSYSDIR)
chmod -f -R u+w $(RELSYSDIR)
@tar cf - *_SUITE_data | (cd $(RELSYSDIR); tar xf -)
diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index f8aef55754..8b01ca3ad4 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -268,7 +268,7 @@ publickey(#'RSAPrivateKey'{modulus=N, publicExponent=E}) ->
subjectPublicKey = Public};
publickey(#'DSAPrivateKey'{p=P, q=Q, g=G, y=Y}) ->
Algo = #'PublicKeyAlgorithm'{algorithm= ?'id-dsa',
- parameters=#'Dss-Parms'{p=P, q=Q, g=G}},
+ parameters={params, #'Dss-Parms'{p=P, q=Q, g=G}}},
#'OTPSubjectPublicKeyInfo'{algorithm = Algo, subjectPublicKey = Y}.
validity(Opts) ->
@@ -290,7 +290,7 @@ sign_algorithm(#'RSAPrivateKey'{}, Opts) ->
end,
{Type, 'NULL'};
sign_algorithm(#'DSAPrivateKey'{p=P, q=Q, g=G}, _Opts) ->
- {?'id-dsa-with-sha1', #'Dss-Parms'{p=P, q=Q, g=G}}.
+ {?'id-dsa-with-sha1', {params,#'Dss-Parms'{p=P, q=Q, g=G}}}.
make_key(rsa, _Opts) ->
%% (OBS: for testing only)
diff --git a/lib/ssl/test/make_certs.erl b/lib/ssl/test/make_certs.erl
index 3c18a905b4..693289990c 100644
--- a/lib/ssl/test/make_certs.erl
+++ b/lib/ssl/test/make_certs.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2007-2009. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
diff --git a/lib/ssl/test/old_ssl_active_SUITE.erl b/lib/ssl/test/old_ssl_active_SUITE.erl
index d1cec26827..52ff0bcc5d 100644
--- a/lib/ssl/test/old_ssl_active_SUITE.erl
+++ b/lib/ssl/test/old_ssl_active_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -20,11 +20,10 @@
%%
-module(old_ssl_active_SUITE).
--export([all/1,
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
+ init_per_group/2,end_per_group/2,
init_per_testcase/2,
- fin_per_testcase/2,
- config/1,
- finish/1,
+ end_per_testcase/2,
cinit_return_chkclose/1,
sinit_return_chkclose/1,
cinit_big_return_chkclose/1,
@@ -40,7 +39,7 @@
-import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
test_server_only/6]).
--include("test_server.hrl").
+-include_lib("test_server/include/test_server.hrl").
-include("ssl_test_MACHINE.hrl").
-define(MANYCONNS, ssl_test_MACHINE:many_conns()).
@@ -49,33 +48,35 @@ init_per_testcase(_Case, Config) ->
WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
[{watchdog, WatchDog}| Config].
-fin_per_testcase(_Case, Config) ->
+end_per_testcase(_Case, Config) ->
WatchDog = ?config(watchdog, Config),
test_server:timetrap_cancel(WatchDog).
-all(doc) ->
- "Test of ssl.erl interface in active mode.";
-all(suite) ->
- {conf,
- config,
- [cinit_return_chkclose,
- sinit_return_chkclose,
- cinit_big_return_chkclose,
- sinit_big_return_chkclose,
- cinit_big_echo_chkclose,
- cinit_huge_echo_chkclose,
- sinit_big_echo_chkclose,
- cinit_few_echo_chkclose,
- cinit_many_echo_chkclose,
- cinit_cnocert],
- finish}.
-
-config(doc) ->
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+ [cinit_return_chkclose, sinit_return_chkclose,
+ cinit_big_return_chkclose, sinit_big_return_chkclose,
+ cinit_big_echo_chkclose, cinit_huge_echo_chkclose,
+ sinit_big_echo_chkclose, cinit_few_echo_chkclose,
+ cinit_many_echo_chkclose, cinit_cnocert].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+
+init_per_suite(doc) ->
"Want to se what Config contains, and record the number of available "
"file descriptors";
-config(suite) ->
+init_per_suite(suite) ->
[];
-config(Config) ->
+init_per_suite(Config) ->
io:format("Config: ~p~n", [Config]),
case os:type() of
{unix, _} ->
@@ -87,20 +88,25 @@ config(Config) ->
%% operating system, version of OTP, Erts, kernel and stdlib.
%% Check if SSL exists. If this case fails, all other cases are skipped
- crypto:start(),
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config.
-
-finish(doc) ->
+ case catch crypto:start() of
+ ok ->
+ application:start(public_key),
+ case ssl:start() of
+ ok -> ssl:stop();
+ {error, {already_started, _}} -> ssl:stop();
+ Error -> ?t:fail({failed_starting_ssl,Error})
+ end,
+ Config;
+ _Else ->
+ {skip,"Could not start crypto!"}
+ end.
+
+end_per_suite(doc) ->
"This test case has no mission other than closing the conf case";
-finish(suite) ->
+end_per_suite(suite) ->
[];
-finish(Config) ->
+end_per_suite(Config) ->
+ crypto:stop(),
Config.
cinit_return_chkclose(doc) ->
diff --git a/lib/ssl/test/old_ssl_active_once_SUITE.erl b/lib/ssl/test/old_ssl_active_once_SUITE.erl
index 63eaa730e9..c7beadb301 100644
--- a/lib/ssl/test/old_ssl_active_once_SUITE.erl
+++ b/lib/ssl/test/old_ssl_active_once_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2002-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -20,11 +20,10 @@
%%
-module(old_ssl_active_once_SUITE).
--export([all/1,
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
+ init_per_group/2,end_per_group/2,
init_per_testcase/2,
- fin_per_testcase/2,
- config/1,
- finish/1,
+ end_per_testcase/2,
server_accept_timeout/1,
cinit_return_chkclose/1,
sinit_return_chkclose/1,
@@ -40,7 +39,7 @@
-import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
test_server_only/6]).
--include("test_server.hrl").
+-include_lib("test_server/include/test_server.hrl").
-include("ssl_test_MACHINE.hrl").
-define(MANYCONNS, ssl_test_MACHINE:many_conns()).
@@ -49,50 +48,57 @@ init_per_testcase(_Case, Config) ->
WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
[{watchdog, WatchDog}| Config].
-fin_per_testcase(_Case, Config) ->
+end_per_testcase(_Case, Config) ->
WatchDog = ?config(watchdog, Config),
test_server:timetrap_cancel(WatchDog).
-all(doc) ->
- "Test of ssl.erl interface in passive mode.";
-all(suite) ->
- {conf,
- config,
- [server_accept_timeout,
- cinit_return_chkclose,
- sinit_return_chkclose,
- cinit_big_return_chkclose,
- sinit_big_return_chkclose,
- cinit_big_echo_chkclose,
- cinit_huge_echo_chkclose,
- sinit_big_echo_chkclose,
- cinit_few_echo_chkclose,
- cinit_many_echo_chkclose,
- cinit_cnocert],
- finish}.
-
-config(doc) ->
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+ [server_accept_timeout, cinit_return_chkclose,
+ sinit_return_chkclose, cinit_big_return_chkclose,
+ sinit_big_return_chkclose, cinit_big_echo_chkclose,
+ cinit_huge_echo_chkclose, sinit_big_echo_chkclose,
+ cinit_few_echo_chkclose, cinit_many_echo_chkclose,
+ cinit_cnocert].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+
+init_per_suite(doc) ->
"Want to se what Config contains.";
-config(suite) ->
+init_per_suite(suite) ->
[];
-config(Config) ->
+init_per_suite(Config) ->
io:format("Config: ~p~n", [Config]),
%% Check if SSL exists. If this case fails, all other cases are skipped
- crypto:start(),
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config.
-
-finish(doc) ->
+ case catch crypto:start() of
+ ok ->
+ application:start(public_key),
+ case ssl:start() of
+ ok -> ssl:stop();
+ {error, {already_started, _}} -> ssl:stop();
+ Error -> ?t:fail({failed_starting_ssl,Error})
+ end,
+ Config;
+ _Else ->
+ {skip,"Could not start crypto"}
+ end.
+
+end_per_suite(doc) ->
"This test case has no mission other than closing the conf case";
-finish(suite) ->
+end_per_suite(suite) ->
[];
-finish(Config) ->
+end_per_suite(Config) ->
+ crypto:stop(),
Config.
server_accept_timeout(doc) ->
diff --git a/lib/ssl/test/old_ssl_dist_SUITE.erl b/lib/ssl/test/old_ssl_dist_SUITE.erl
index 97090c1409..4544fb616a 100644
--- a/lib/ssl/test/old_ssl_dist_SUITE.erl
+++ b/lib/ssl/test/old_ssl_dist_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -29,39 +29,55 @@
%%%-------------------------------------------------------------------
-module(old_ssl_dist_SUITE).
--include("test_server.hrl").
+-include_lib("test_server/include/test_server.hrl").
-define(DEFAULT_TIMETRAP_SECS, 240).
-define(AWAIT_SLL_NODE_UP_TIMEOUT, 30000).
--export([all/1]).
+-export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2]).
-export([init_per_suite/1,
end_per_suite/1,
init_per_testcase/2,
- fin_per_testcase/2]).
+ end_per_testcase/2]).
-export([cnct2tstsrvr/1]).
-export([basic/1]).
-record(node_handle, {connection_handler, socket, name, nodename}).
-all(doc) ->
- [];
-all(suite) ->
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
[basic].
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+
init_per_suite(Config) ->
- add_ssl_opts_config(Config).
+ try crypto:start() of
+ ok ->
+ add_ssl_opts_config(Config)
+ catch _:_ ->
+ {skip, "Crypto did not start"}
+ end.
end_per_suite(Config) ->
+ application:stop(crypto),
Config.
init_per_testcase(Case, Config) when list(Config) ->
Dog = ?t:timetrap(?t:seconds(?DEFAULT_TIMETRAP_SECS)),
[{watchdog, Dog},{testcase, Case}|Config].
-fin_per_testcase(_Case, Config) when list(Config) ->
+end_per_testcase(_Case, Config) when list(Config) ->
Dog = ?config(watchdog, Config),
?t:timetrap_cancel(Dog),
ok.
diff --git a/lib/ssl/test/old_ssl_misc_SUITE.erl b/lib/ssl/test/old_ssl_misc_SUITE.erl
index 2767123a12..ea03e83867 100644
--- a/lib/ssl/test/old_ssl_misc_SUITE.erl
+++ b/lib/ssl/test/old_ssl_misc_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -20,18 +20,17 @@
%%
-module(old_ssl_misc_SUITE).
--export([all/1,
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
+ init_per_group/2,end_per_group/2,
init_per_testcase/2,
- fin_per_testcase/2,
- config/1,
- finish/1,
+ end_per_testcase/2,
seed/1,
app/1
]).
-import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
test_server_only/6]).
--include("test_server.hrl").
+-include_lib("test_server/include/test_server.hrl").
-include("ssl_test_MACHINE.hrl").
-define(MANYCONNS, 5).
@@ -40,41 +39,52 @@ init_per_testcase(_Case, Config) ->
WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
[{watchdog, WatchDog}| Config].
-fin_per_testcase(_Case, Config) ->
+end_per_testcase(_Case, Config) ->
WatchDog = ?config(watchdog, Config),
test_server:timetrap_cancel(WatchDog).
-all(doc) ->
- "Test of misc in ssl.erl interface.";
-all(suite) ->
- {conf,
- config,
- [seed, app],
- finish
- }.
+suite() -> [{ct_hooks,[ts_install_cth]}].
-config(doc) ->
+all() ->
+ [seed, app].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+
+init_per_suite(doc) ->
"Want to se what Config contains.";
-config(suite) ->
+init_per_suite(suite) ->
[];
-config(Config) ->
+init_per_suite(Config) ->
io:format("Config: ~p~n", [Config]),
%% Check if SSL exists. If this case fails, all other cases are skipped
- crypto:start(),
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config.
-
-finish(doc) ->
+ case catch crypto:start() of
+ ok ->
+ application:start(public_key),
+ case ssl:start() of
+ ok -> ssl:stop();
+ {error, {already_started, _}} -> ssl:stop();
+ Error -> ?t:fail({failed_starting_ssl,Error})
+ end,
+ Config;
+ _Else ->
+ {skip,"Could not start crypto!"}
+ end.
+
+end_per_suite(doc) ->
"This test case has no mission other than closing the conf case";
-finish(suite) ->
+end_per_suite(suite) ->
[];
-finish(Config) ->
+end_per_suite(Config) ->
+ crypto:stop(),
Config.
seed(doc) ->
diff --git a/lib/ssl/test/old_ssl_passive_SUITE.erl b/lib/ssl/test/old_ssl_passive_SUITE.erl
index 96a7938583..7b54fe876a 100644
--- a/lib/ssl/test/old_ssl_passive_SUITE.erl
+++ b/lib/ssl/test/old_ssl_passive_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -20,11 +20,10 @@
%%
-module(old_ssl_passive_SUITE).
--export([all/1,
+-export([all/0, suite/0,groups/0,init_per_suite/1,
+ end_per_suite/1, init_per_group/2,end_per_group/2,
init_per_testcase/2,
- fin_per_testcase/2,
- config/1,
- finish/1,
+ end_per_testcase/2,
server_accept_timeout/1,
cinit_return_chkclose/1,
sinit_return_chkclose/1,
@@ -40,7 +39,7 @@
-import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
test_server_only/6]).
--include("test_server.hrl").
+-include_lib("test_server/include/test_server.hrl").
-include("ssl_test_MACHINE.hrl").
-define(MANYCONNS, ssl_test_MACHINE:many_conns()).
@@ -49,49 +48,56 @@ init_per_testcase(_Case, Config) ->
WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
[{watchdog, WatchDog}| Config].
-fin_per_testcase(_Case, Config) ->
+end_per_testcase(_Case, Config) ->
WatchDog = ?config(watchdog, Config),
test_server:timetrap_cancel(WatchDog).
-all(doc) ->
- "Test of ssl.erl interface in passive mode.";
-all(suite) ->
- {conf,
- config,
- [server_accept_timeout,
- cinit_return_chkclose,
- sinit_return_chkclose,
- cinit_big_return_chkclose,
- sinit_big_return_chkclose,
- cinit_big_echo_chkclose,
- sinit_big_echo_chkclose,
- cinit_few_echo_chkclose,
- cinit_many_echo_chkclose,
- cinit_cnocert],
- finish}.
-
-config(doc) ->
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+ [server_accept_timeout, cinit_return_chkclose,
+ sinit_return_chkclose, cinit_big_return_chkclose,
+ sinit_big_return_chkclose, cinit_big_echo_chkclose,
+ sinit_big_echo_chkclose, cinit_few_echo_chkclose,
+ cinit_many_echo_chkclose, cinit_cnocert].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+
+init_per_suite(doc) ->
"Want to se what Config contains.";
-config(suite) ->
+init_per_suite(suite) ->
[];
-config(Config) ->
+init_per_suite(Config) ->
io:format("Config: ~p~n", [Config]),
%% Check if SSL exists. If this case fails, all other cases are skipped
- crypto:start(),
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config.
-
-finish(doc) ->
+ case catch crypto:start() of
+ ok ->
+ application:start(public_key),
+ case ssl:start() of
+ ok -> ssl:stop();
+ {error, {already_started, _}} -> ssl:stop();
+ Error -> ?t:fail({failed_starting_ssl,Error})
+ end,
+ Config;
+ _Else ->
+ {skip,"Could not start crypto"}
+ end.
+
+end_per_suite(doc) ->
"This test case has no mission other than closing the conf case";
-finish(suite) ->
+end_per_suite(suite) ->
[];
-finish(Config) ->
+end_per_suite(Config) ->
+ crypto:stop(),
Config.
server_accept_timeout(doc) ->
diff --git a/lib/ssl/test/old_ssl_peer_cert_SUITE.erl b/lib/ssl/test/old_ssl_peer_cert_SUITE.erl
index e5b3975d41..ee19bad175 100644
--- a/lib/ssl/test/old_ssl_peer_cert_SUITE.erl
+++ b/lib/ssl/test/old_ssl_peer_cert_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -20,11 +20,10 @@
%%
-module(old_ssl_peer_cert_SUITE).
--export([all/1,
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
+ init_per_group/2,end_per_group/2,
init_per_testcase/2,
- fin_per_testcase/2,
- config/1,
- finish/1,
+ end_per_testcase/2,
cinit_plain/1,
cinit_both_verify/1,
cinit_cnocert/1
@@ -32,7 +31,7 @@
-import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
test_server_only/6]).
--include("test_server.hrl").
+-include_lib("test_server/include/test_server.hrl").
-include("ssl_test_MACHINE.hrl").
@@ -40,42 +39,52 @@ init_per_testcase(_Case, Config) ->
WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
[{watchdog, WatchDog}| Config].
-fin_per_testcase(_Case, Config) ->
+end_per_testcase(_Case, Config) ->
WatchDog = ?config(watchdog, Config),
test_server:timetrap_cancel(WatchDog).
-all(doc) ->
- "Test of ssl verification and peer certificate retrieval.";
-all(suite) ->
- {conf,
- config,
- [cinit_plain,
- cinit_both_verify,
- cinit_cnocert],
- finish}.
-
-config(doc) ->
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+ [cinit_plain, cinit_both_verify, cinit_cnocert].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+
+init_per_suite(doc) ->
"Want to se what Config contains.";
-config(suite) ->
+init_per_suite(suite) ->
[];
-config(Config) ->
+init_per_suite(Config) ->
io:format("Config: ~p~n", [Config]),
%% Check if SSL exists. If this case fails, all other cases are skipped
- crypto:start(),
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config.
-
-finish(doc) ->
+ case catch crypto:start() of
+ ok ->
+ application:start(public_key),
+ case ssl:start() of
+ ok -> ssl:stop();
+ {error, {already_started, _}} -> ssl:stop();
+ Error -> ?t:fail({failed_starting_ssl,Error})
+ end,
+ Config;
+ _Else ->
+ {skip,"Could not start crypto"}
+ end.
+
+end_per_suite(doc) ->
"This test case has no mission other than closing the conf case";
-finish(suite) ->
+end_per_suite(suite) ->
[];
-finish(Config) ->
+end_per_suite(Config) ->
+ crypto:stop(),
Config.
cinit_plain(doc) ->
diff --git a/lib/ssl/test/old_ssl_protocol_SUITE.erl b/lib/ssl/test/old_ssl_protocol_SUITE.erl
index efdbf45a3d..9b9937c210 100644
--- a/lib/ssl/test/old_ssl_protocol_SUITE.erl
+++ b/lib/ssl/test/old_ssl_protocol_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2005-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -20,13 +20,15 @@
%%
-module(old_ssl_protocol_SUITE).
--export([all/1, init_per_testcase/2, fin_per_testcase/2, config/1,
- finish/1, sslv2/1, sslv3/1, tlsv1/1, sslv2_sslv3/1,
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
+ init_per_group/2,end_per_group/2,
+ init_per_testcase/2, end_per_testcase/2,
+ sslv2/1, sslv3/1, tlsv1/1, sslv2_sslv3/1,
sslv2_tlsv1/1, sslv3_tlsv1/1, sslv2_sslv3_tlsv1/1]).
-import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
test_server_only/6]).
--include("test_server.hrl").
+-include_lib("test_server/include/test_server.hrl").
-include("ssl_test_MACHINE.hrl").
@@ -34,41 +36,53 @@ init_per_testcase(_Case, Config) ->
WatchDog = test_server:timetrap(?DEFAULT_TIMEOUT),
[{watchdog, WatchDog}| Config].
-fin_per_testcase(_Case, Config) ->
+end_per_testcase(_Case, Config) ->
WatchDog = ?config(watchdog, Config),
test_server:timetrap_cancel(WatchDog).
-all(doc) ->
- "Test of configuration protocol_version.";
-all(suite) ->
- {conf,
- config,
- [sslv2, sslv3, tlsv1, sslv2_sslv3, sslv2_tlsv1, sslv3_tlsv1,
- sslv2_sslv3_tlsv1],
- finish}.
+suite() -> [{ct_hooks,[ts_install_cth]}].
-config(doc) ->
+all() ->
+ [sslv2, sslv3, tlsv1, sslv2_sslv3, sslv2_tlsv1,
+ sslv3_tlsv1, sslv2_sslv3_tlsv1].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+
+init_per_suite(doc) ->
"Want to se what Config contains.";
-config(suite) ->
+init_per_suite(suite) ->
[];
-config(Config) ->
+init_per_suite(Config) ->
io:format("Config: ~p~n", [Config]),
%% Check if SSL exists. If this case fails, all other cases are skipped
- crypto:start(),
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config.
-
-finish(doc) ->
+ case catch crypto:start() of
+ ok ->
+ application:start(public_key),
+ case ssl:start() of
+ ok -> ssl:stop();
+ {error, {already_started, _}} -> ssl:stop();
+ Error -> ?t:fail({failed_starting_ssl,Error})
+ end,
+ Config;
+ _Else ->
+ {skip,"Could not start crypto"}
+ end.
+
+end_per_suite(doc) ->
"This test case has no other purpose than closing the conf case.";
-finish(suite) ->
+end_per_suite(suite) ->
[];
-finish(Config) ->
+end_per_suite(Config) ->
+ crypto:stop(),
Config.
%%%%%
diff --git a/lib/ssl/test/old_ssl_verify_SUITE.erl b/lib/ssl/test/old_ssl_verify_SUITE.erl
index 7a8cd1578a..4c11ea6850 100644
--- a/lib/ssl/test/old_ssl_verify_SUITE.erl
+++ b/lib/ssl/test/old_ssl_verify_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 1999-2010. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -20,18 +20,17 @@
%%
-module(old_ssl_verify_SUITE).
--export([all/1,
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
+ init_per_group/2,end_per_group/2,
init_per_testcase/2,
- fin_per_testcase/2,
- config/1,
- finish/1,
+ end_per_testcase/2,
cinit_both_verify/1,
cinit_cnocert/1
]).
-import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
test_server_only/6]).
--include("test_server.hrl").
+-include_lib("test_server/include/test_server.hrl").
-include("ssl_test_MACHINE.hrl").
@@ -39,41 +38,52 @@ init_per_testcase(_Case, Config) ->
WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
[{watchdog, WatchDog}| Config].
-fin_per_testcase(_Case, Config) ->
+end_per_testcase(_Case, Config) ->
WatchDog = ?config(watchdog, Config),
test_server:timetrap_cancel(WatchDog).
-all(doc) ->
- "Test of ssl.erl interface in active mode.";
-all(suite) ->
- {conf,
- config,
- [cinit_both_verify,
- cinit_cnocert],
- finish}.
+suite() -> [{ct_hooks,[ts_install_cth]}].
-config(doc) ->
+all() ->
+ [cinit_both_verify, cinit_cnocert].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+
+init_per_suite(doc) ->
"Want to se what Config contains.";
-config(suite) ->
+init_per_suite(suite) ->
[];
-config(Config) ->
+init_per_suite(Config) ->
io:format("Config: ~p~n", [Config]),
%% Check if SSL exists. If this case fails, all other cases are skipped
- crypto:start(),
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config.
-
-finish(doc) ->
+ case catch crypto:start() of
+ ok ->
+ application:start(public_key),
+ case ssl:start() of
+ ok -> ssl:stop();
+ {error, {already_started, _}} -> ssl:stop();
+ Error -> ?t:fail({failed_starting_ssl,Error})
+ end,
+ Config;
+ _Else ->
+ {skip,"Could not start crypto"}
+ end.
+
+end_per_suite(doc) ->
"This test case has no mission other than closing the conf case";
-finish(suite) ->
+end_per_suite(suite) ->
[];
-finish(Config) ->
+end_per_suite(Config) ->
+ crypto:stop(),
Config.
cinit_both_verify(doc) ->
diff --git a/lib/ssl/test/old_transport_accept_SUITE.erl b/lib/ssl/test/old_transport_accept_SUITE.erl
index 71c1d9e181..6f0c8e456b 100644
--- a/lib/ssl/test/old_transport_accept_SUITE.erl
+++ b/lib/ssl/test/old_transport_accept_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -19,16 +19,17 @@
%%
-module(old_transport_accept_SUITE).
--include("test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
-include("test_server_line.hrl").
%% Default timetrap timeout (set in init_per_testcase).
-define(default_timeout, ?t:minutes(1)).
-define(application, ssh).
--export([all/1,
+-export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
+ init_per_group/2,end_per_group/2,
init_per_testcase/2,
- fin_per_testcase/2,
+ end_per_testcase/2,
config/1,
echo_once/1,
echo_twice/1,
@@ -43,15 +44,37 @@ init_per_testcase(_Case, Config) ->
[{watchdog, WatchDog}, {protomod, gen_tcp}, {serialize_accept, true}|
Config].
-fin_per_testcase(_Case, Config) ->
+end_per_testcase(_Case, Config) ->
WatchDog = ?config(watchdog, Config),
test_server:timetrap_cancel(WatchDog).
-all(doc) ->
- "Test transport_accept and ssl_accept";
-all(suite) ->
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
[config, echo_once, echo_twice, close_before_ssl_accept].
+groups() ->
+ [].
+
+init_per_suite(Config) ->
+ try crypto:start() of
+ ok ->
+ Config
+ catch _:_ ->
+ {skip, "Crypto did not start"}
+ end.
+
+end_per_suite(_Config) ->
+ application:stop(crypto),
+ ok.
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+
config(doc) ->
"Want to se what Config contains.";
config(suite) ->
diff --git a/lib/ssl/test/ssl.cover b/lib/ssl/test/ssl.cover
index e8daa363c5..60774cc0f1 100644
--- a/lib/ssl/test/ssl.cover
+++ b/lib/ssl/test/ssl.cover
@@ -1,19 +1,21 @@
-{exclude, [ssl_pkix_oid,
- 'PKIX1Algorithms88',
- 'PKIX1Explicit88',
- 'PKIX1Implicit88',
- 'PKIXAttributeCertificate',
- 'SSL-PKIX',
- ssl_pem,
- ssl_pkix,
- ssl_base64,
- ssl_broker,
- ssl_broker_int,
- ssl_broker_sup,
- ssl_debug,
- ssl_server,
- ssl_prim,
- inet_ssl_dist,
- 'OTP-PKIX'
+{incl_app,ssl,details}.
+
+{excl_mods, ssl, [ssl_pkix_oid,
+ 'PKIX1Algorithms88',
+ 'PKIX1Explicit88',
+ 'PKIX1Implicit88',
+ 'PKIXAttributeCertificate',
+ 'SSL-PKIX',
+ ssl_pem,
+ ssl_pkix,
+ ssl_base64,
+ ssl_broker,
+ ssl_broker_int,
+ ssl_broker_sup,
+ ssl_debug,
+ ssl_server,
+ ssl_prim,
+ inet_ssl_dist,
+ 'OTP-PKIX'
]}.
diff --git a/lib/ssl/test/ssl.spec b/lib/ssl/test/ssl.spec
index 6ef4fb73db..fc7c1bbb82 100644
--- a/lib/ssl/test/ssl.spec
+++ b/lib/ssl/test/ssl.spec
@@ -1 +1 @@
-{topcase, {dir, "../ssl_test"}}.
+{suites,"../ssl_test",all}.
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 3cb9337775..4f0907027f 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -24,22 +24,19 @@
%% Note: This directive should only be used in test suites.
-compile(export_all).
--include("test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
-include("test_server_line.hrl").
-include_lib("public_key/include/public_key.hrl").
+
-include("ssl_alert.hrl").
+-include("ssl_int.hrl").
-define('24H_in_sec', 86400).
-define(TIMEOUT, 60000).
+-define(LONG_TIMEOUT, 600000).
-define(EXPIRE, 10).
-define(SLEEP, 500).
--behaviour(ssl_session_cache_api).
-
-%% For the session cache tests
--export([init/1, terminate/1, lookup/2, update/3,
- delete/2, foldl/3, select_session/2]).
-
%% Test server callback functions
%%--------------------------------------------------------------------
%% Function: init_per_suite(Config) -> Config
@@ -51,21 +48,24 @@
%% variable, but should NOT alter/remove any existing entries.
%%--------------------------------------------------------------------
init_per_suite(Config0) ->
- Dog = ssl_test_lib:timetrap(?TIMEOUT *2),
- crypto:start(),
- application:start(public_key),
- ssl:start(),
-
- %% make rsa certs using oppenssl
- Result =
- (catch make_certs:all(?config(data_dir, Config0),
- ?config(priv_dir, Config0))),
- test_server:format("Make certs ~p~n", [Result]),
-
- Config1 = ssl_test_lib:make_dsa_cert(Config0),
- Config = ssl_test_lib:cert_options(Config1),
- [{watchdog, Dog} | Config].
-
+ Dog = ssl_test_lib:timetrap(?LONG_TIMEOUT *2),
+ try crypto:start() of
+ ok ->
+ application:start(public_key),
+ ssl:start(),
+
+ %% make rsa certs using oppenssl
+ Result =
+ (catch make_certs:all(?config(data_dir, Config0),
+ ?config(priv_dir, Config0))),
+ test_server:format("Make certs ~p~n", [Result]),
+
+ Config1 = ssl_test_lib:make_dsa_cert(Config0),
+ Config = ssl_test_lib:cert_options(Config1),
+ [{watchdog, Dog} | Config]
+ catch _:_ ->
+ {skip, "Crypto did not start"}
+ end.
%%--------------------------------------------------------------------
%% Function: end_per_suite(Config) -> _
%% Config - [tuple()]
@@ -74,7 +74,7 @@ init_per_suite(Config0) ->
%%--------------------------------------------------------------------
end_per_suite(_Config) ->
ssl:stop(),
- crypto:stop().
+ application:stop(crypto).
%%--------------------------------------------------------------------
%% Function: init_per_testcase(TestCase, Config) -> Config
@@ -137,6 +137,9 @@ init_per_testcase(empty_protocol_versions, Config) ->
ssl:start(),
Config;
+init_per_testcase(different_ca_peer_sign, Config0) ->
+ ssl_test_lib:make_mix_cert(Config0);
+
init_per_testcase(_TestCase, Config0) ->
Config = lists:keydelete(watchdog, 1, Config0),
Dog = test_server:timetrap(?TIMEOUT),
@@ -198,47 +201,69 @@ end_per_testcase(_TestCase, Config) ->
%% Name of a test case.
%% Description: Returns a list of all test cases in this test suite
%%--------------------------------------------------------------------
-all(doc) ->
- ["Test the basic ssl functionality"];
+suite() -> [{ct_hooks,[ts_install_cth]}].
-all(suite) ->
+all() ->
[app, alerts, connection_info, protocol_versions,
- empty_protocol_versions, controlling_process, controller_dies,
- client_closes_socket, peercert, connect_dist, peername, sockname,
- socket_options, misc_ssl_options, versions, cipher_suites,
- upgrade, upgrade_with_timeout, tcp_connect, ipv6, ekeyfile,
- ecertfile, ecacertfile, eoptions, shutdown, shutdown_write,
- shutdown_both, shutdown_error,
+ empty_protocol_versions, controlling_process,
+ controller_dies, client_closes_socket, peercert,
+ connect_dist, peername, sockname, socket_options,
+ misc_ssl_options, versions, cipher_suites, upgrade,
+ upgrade_with_timeout, tcp_connect, ipv6, ekeyfile,
+ ecertfile, ecacertfile, eoptions, shutdown,
+ shutdown_write, shutdown_both, shutdown_error,
ciphers_rsa_signed_certs, ciphers_rsa_signed_certs_ssl3,
ciphers_rsa_signed_certs_openssl_names,
ciphers_rsa_signed_certs_openssl_names_ssl3,
- ciphers_dsa_signed_certs,
- ciphers_dsa_signed_certs_ssl3,
+ ciphers_dsa_signed_certs, ciphers_dsa_signed_certs_ssl3,
ciphers_dsa_signed_certs_openssl_names,
ciphers_dsa_signed_certs_openssl_names_ssl3,
+ anonymous_cipher_suites,
+ default_reject_anonymous,
send_close,
- close_transport_accept, dh_params, server_verify_peer_passive,
- server_verify_peer_active, server_verify_peer_active_once,
+ close_transport_accept, dh_params,
+ server_verify_peer_passive, server_verify_peer_active,
+ server_verify_peer_active_once,
server_verify_none_passive, server_verify_none_active,
- server_verify_none_active_once, server_verify_no_cacerts,
- server_require_peer_cert_ok, server_require_peer_cert_fail,
+ server_verify_none_active_once,
+ server_verify_no_cacerts, server_require_peer_cert_ok,
+ server_require_peer_cert_fail,
server_verify_client_once_passive,
server_verify_client_once_active,
- server_verify_client_once_active_once, client_verify_none_passive,
- client_verify_none_active, client_verify_none_active_once,
- session_cache_process_list, session_cache_process_mnesia,
- reuse_session, reuse_session_expired,
- server_does_not_want_to_reuse_session, client_renegotiate,
- server_renegotiate, client_renegotiate_reused_session,
- server_renegotiate_reused_session, client_no_wrap_sequence_number,
- server_no_wrap_sequence_number, extended_key_usage,
- no_authority_key_identifier,
- invalid_signature_client, invalid_signature_server, cert_expired,
- client_with_cert_cipher_suites_handshake, unknown_server_ca_fail,
- der_input, unknown_server_ca_accept_verify_none, unknown_server_ca_accept_verify_peer,
- unknown_server_ca_accept_backwardscompatibilty
+ server_verify_client_once_active_once,
+ client_verify_none_passive, client_verify_none_active,
+ client_verify_none_active_once,
+ reuse_session,
+ reuse_session_expired,
+ server_does_not_want_to_reuse_session,
+ client_renegotiate, server_renegotiate,
+ client_renegotiate_reused_session,
+ server_renegotiate_reused_session,
+ client_no_wrap_sequence_number,
+ server_no_wrap_sequence_number, extended_key_usage_verify_peer,
+ extended_key_usage_verify_none,
+ no_authority_key_identifier, invalid_signature_client,
+ invalid_signature_server, cert_expired,
+ client_with_cert_cipher_suites_handshake,
+ unknown_server_ca_fail, der_input,
+ unknown_server_ca_accept_verify_none,
+ unknown_server_ca_accept_verify_peer,
+ unknown_server_ca_accept_backwardscompatibilty,
+ %%different_ca_peer_sign,
+ no_reuses_session_server_restart_new_cert,
+ no_reuses_session_server_restart_new_cert_file, reuseaddr,
+ hibernate
].
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
%% Test cases starts here.
%%--------------------------------------------------------------------
app(doc) ->
@@ -352,7 +377,6 @@ basic_test(Config) ->
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
-
%%--------------------------------------------------------------------
controlling_process(doc) ->
@@ -552,9 +576,7 @@ client_closes_socket(Config) when is_list(Config) ->
_Client = spawn_link(Connect),
- ssl_test_lib:check_result(Server, {error,closed}),
-
- ssl_test_lib:close(Server).
+ ssl_test_lib:check_result(Server, {error,closed}).
%%--------------------------------------------------------------------
@@ -769,7 +791,6 @@ socket_options(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok, Client, ok),
ssl_test_lib:close(Server),
- ssl_test_lib:close(Client),
{ok, Listen} = ssl:listen(0, ServerOpts),
{ok,[{mode,list}]} = ssl:getopts(Listen, [mode]),
@@ -872,6 +893,7 @@ send_recv(Config) when is_list(Config) ->
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
+%%--------------------------------------------------------------------
send_close(doc) ->
[""];
@@ -898,8 +920,7 @@ send_close(Config) when is_list(Config) ->
ok = ssl:send(SslS, "Hello world"),
{ok,<<"Hello world">>} = ssl:recv(SslS, 11),
gen_tcp:close(TcpS),
- {error, _} = ssl:send(SslS, "Hello world"),
- ssl_test_lib:close(Server).
+ {error, _} = ssl:send(SslS, "Hello world").
%%--------------------------------------------------------------------
close_transport_accept(doc) ->
@@ -1074,8 +1095,7 @@ tcp_connect(Config) when is_list(Config) ->
{Server, {error, Error}} ->
test_server:format("Error ~p", [Error])
end
- end,
- ssl_test_lib:close(Server).
+ end.
dummy(_Socket) ->
@@ -1084,6 +1104,8 @@ dummy(_Socket) ->
exit(kill).
%%--------------------------------------------------------------------
+ipv6() ->
+ [{require, ipv6_hosts}].
ipv6(doc) ->
["Test ipv6."];
ipv6(suite) ->
@@ -1091,7 +1113,7 @@ ipv6(suite) ->
ipv6(Config) when is_list(Config) ->
{ok, Hostname0} = inet:gethostname(),
- case lists:member(list_to_atom(Hostname0), ?config(ipv6_hosts, Config)) of
+ case lists:member(list_to_atom(Hostname0), ct:get_config(ipv6_hosts)) of
true ->
ClientOpts = ?config(client_opts, Config),
ServerOpts = ?config(server_opts, Config),
@@ -1165,13 +1187,13 @@ ecertfile(Config) when is_list(Config) ->
Server =
ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
{from, self()},
- {options, ServerBadOpts}]),
+ {options, ServerBadOpts}]),
Port = ssl_test_lib:inet_port(Server),
Client =
ssl_test_lib:start_client_error([{node, ClientNode},
- {port, Port}, {host, Hostname},
+ {port, Port}, {host, Hostname},
{from, self()},
{options, ClientOpts}]),
@@ -1180,13 +1202,13 @@ ecertfile(Config) when is_list(Config) ->
%%--------------------------------------------------------------------
-ecacertfile(doc) ->
+ecacertfile(doc) ->
["Test what happens with an invalid cacert file"];
-ecacertfile(suite) ->
+ecacertfile(suite) ->
[];
-ecacertfile(Config) when is_list(Config) ->
+ecacertfile(Config) when is_list(Config) ->
ClientOpts = [{reuseaddr, true}|?config(client_opts, Config)],
ServerBadOpts = [{reuseaddr, true}|?config(server_bad_ca, Config)],
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -1522,6 +1544,14 @@ ciphers_dsa_signed_certs_openssl_names_ssl3(Config) when is_list(Config) ->
Ciphers = ssl_test_lib:openssl_dsa_suites(),
run_suites(Ciphers, Version, Config, dsa).
+anonymous_cipher_suites(doc)->
+ ["Test the anonymous ciphersuites"];
+anonymous_cipher_suites(suite) ->
+ [];
+anonymous_cipher_suites(Config) when is_list(Config) ->
+ Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+ Ciphers = ssl_test_lib:anonymous_suites(),
+ run_suites(Ciphers, Version, Config, anonymous).
run_suites(Ciphers, Version, Config, Type) ->
{ClientOpts, ServerOpts} =
@@ -1531,8 +1561,12 @@ run_suites(Ciphers, Version, Config, Type) ->
?config(server_opts, Config)};
dsa ->
{?config(client_opts, Config),
- ?config(server_dsa_opts, Config)}
- end,
+ ?config(server_dsa_opts, Config)};
+ anonymous ->
+ %% No certs in opts!
+ {?config(client_opts, Config),
+ ?config(server_anon, Config)}
+ end,
Result = lists:map(fun(Cipher) ->
cipher(Cipher, Version, Config, ClientOpts, ServerOpts) end,
@@ -1551,7 +1585,7 @@ erlang_cipher_suite(Suite) ->
Suite.
cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
- process_flag(trap_exit, true),
+ %% process_flag(trap_exit, true),
test_server:format("Testing CipherSuite ~p~n", [CipherSuite]),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -1575,16 +1609,8 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
Result = ssl_test_lib:wait_for_result(Server, ok, Client, ok),
ssl_test_lib:close(Server),
- receive
- {'EXIT', Server, normal} ->
- ok
- end,
ssl_test_lib:close(Client),
- receive
- {'EXIT', Client, normal} ->
- ok
- end,
- process_flag(trap_exit, false),
+
case Result of
ok ->
[];
@@ -1593,6 +1619,32 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
end.
%%--------------------------------------------------------------------
+default_reject_anonymous(doc)->
+ ["Test that by default anonymous cipher suites are rejected "];
+default_reject_anonymous(suite) ->
+ [];
+default_reject_anonymous(Config) when is_list(Config) ->
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+ ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ?config(server_opts, Config),
+
+ [Cipher | _] = ssl_test_lib:anonymous_suites(),
+
+ Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {options,
+ [{ciphers,[Cipher]} |
+ ClientOpts]}]),
+
+ ssl_test_lib:check_result(Server, {error, "insufficient security"},
+ Client, {error, "insufficient security"}).
+
+%%--------------------------------------------------------------------
reuse_session(doc) ->
["Test reuse of sessions (short handshake)"];
@@ -1600,7 +1652,6 @@ reuse_session(suite) ->
[];
reuse_session(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
ClientOpts = ?config(client_opts, Config),
ServerOpts = ?config(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -1608,13 +1659,13 @@ reuse_session(Config) when is_list(Config) ->
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
- {mfa, {?MODULE, session_info_result, []}},
- {options, ServerOpts}]),
+ {mfa, {?MODULE, session_info_result, []}},
+ {options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
Client0 =
ssl_test_lib:start_client([{node, ClientNode},
{port, Port}, {host, Hostname},
- {mfa, {ssl_test_lib, no_result, []}},
+ {mfa, {ssl_test_lib, no_result, []}},
{from, self()}, {options, ClientOpts}]),
SessionInfo =
receive
@@ -1622,16 +1673,16 @@ reuse_session(Config) when is_list(Config) ->
Info
end,
- Server ! listen,
+ Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
%% Make sure session is registered
test_server:sleep(?SLEEP),
Client1 =
- ssl_test_lib:start_client([{node, ClientNode},
- {port, Port}, {host, Hostname},
- {mfa, {?MODULE, session_info_result, []}},
- {from, self()}, {options, ClientOpts}]),
+ ssl_test_lib:start_client([{node, ClientNode},
+ {port, Port}, {host, Hostname},
+ {mfa, {?MODULE, session_info_result, []}},
+ {from, self()}, {options, ClientOpts}]),
receive
{Client1, SessionInfo} ->
ok;
@@ -1641,10 +1692,10 @@ reuse_session(Config) when is_list(Config) ->
test_server:fail(session_not_reused)
end,
- Server ! listen,
+ Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
Client2 =
- ssl_test_lib:start_client([{node, ClientNode},
+ ssl_test_lib:start_client([{node, ClientNode},
{port, Port}, {host, Hostname},
{mfa, {?MODULE, session_info_result, []}},
{from, self()}, {options, [{reuse_sessions, false}
@@ -1658,10 +1709,6 @@ reuse_session(Config) when is_list(Config) ->
end,
ssl_test_lib:close(Server),
- ssl_test_lib:close(Client0),
- ssl_test_lib:close(Client1),
- ssl_test_lib:close(Client2),
-
Server1 =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -1673,7 +1720,7 @@ reuse_session(Config) when is_list(Config) ->
Client3 =
ssl_test_lib:start_client([{node, ClientNode},
{port, Port1}, {host, Hostname},
- {mfa, {?MODULE, session_info_result, []}},
+ {mfa, {ssl_test_lib, no_result, []}},
{from, self()}, {options, ClientOpts}]),
SessionInfo1 =
@@ -1682,7 +1729,7 @@ reuse_session(Config) when is_list(Config) ->
Info1
end,
- Server1 ! listen,
+ Server1 ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
%% Make sure session is registered
test_server:sleep(?SLEEP),
@@ -1698,14 +1745,16 @@ reuse_session(Config) when is_list(Config) ->
test_server:fail(
session_reused_when_session_reuse_disabled_by_server);
{Client4, _Other} ->
+ test_server:format("OTHER: ~p ~n", [_Other]),
ok
end,
-
+
ssl_test_lib:close(Server1),
+ ssl_test_lib:close(Client0),
+ ssl_test_lib:close(Client1),
+ ssl_test_lib:close(Client2),
ssl_test_lib:close(Client3),
- ssl_test_lib:close(Client4),
- process_flag(trap_exit, false).
-
+ ssl_test_lib:close(Client4).
session_info_result(Socket) ->
ssl:session_info(Socket).
@@ -1718,7 +1767,6 @@ reuse_session_expired(suite) ->
[];
reuse_session_expired(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
ClientOpts = ?config(client_opts, Config),
ServerOpts = ?config(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -1739,8 +1787,8 @@ reuse_session_expired(Config) when is_list(Config) ->
{Server, Info} ->
Info
end,
-
- Server ! listen,
+
+ Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
%% Make sure session is registered
test_server:sleep(?SLEEP),
@@ -1760,7 +1808,7 @@ reuse_session_expired(Config) when is_list(Config) ->
end,
Server ! listen,
-
+
%% Make sure session is unregistered due to expiration
test_server:sleep((?EXPIRE+1) * 1000),
@@ -1775,12 +1823,12 @@ reuse_session_expired(Config) when is_list(Config) ->
{Client2, _} ->
ok
end,
-
+ process_flag(trap_exit, false),
ssl_test_lib:close(Server),
ssl_test_lib:close(Client0),
ssl_test_lib:close(Client1),
- ssl_test_lib:close(Client2),
- process_flag(trap_exit, false).
+ ssl_test_lib:close(Client2).
+
%%--------------------------------------------------------------------
server_does_not_want_to_reuse_session(doc) ->
["Test reuse of sessions (short handshake)"];
@@ -1813,10 +1861,11 @@ server_does_not_want_to_reuse_session(Config) when is_list(Config) ->
Info
end,
- Server ! listen,
+ Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
%% Make sure session is registered
test_server:sleep(?SLEEP),
+ ssl_test_lib:close(Client0),
Client1 =
ssl_test_lib:start_client([{node, ClientNode},
@@ -1829,11 +1878,9 @@ server_does_not_want_to_reuse_session(Config) when is_list(Config) ->
{Client1, _Other} ->
ok
end,
-
+
ssl_test_lib:close(Server),
- ssl_test_lib:close(Client0),
- ssl_test_lib:close(Client1),
- process_flag(trap_exit, false).
+ ssl_test_lib:close(Client1).
%%--------------------------------------------------------------------
@@ -2000,6 +2047,7 @@ server_verify_none_active_once(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok, Client, ok),
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
+
%%--------------------------------------------------------------------
server_verify_client_once_passive(doc) ->
@@ -2027,7 +2075,7 @@ server_verify_client_once_passive(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok, Client0, ok),
ssl_test_lib:close(Client0),
- Server ! listen,
+ Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
@@ -2065,7 +2113,7 @@ server_verify_client_once_active(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok, Client0, ok),
ssl_test_lib:close(Client0),
- Server ! listen,
+ Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
@@ -2076,7 +2124,6 @@ server_verify_client_once_active(Config) when is_list(Config) ->
ssl_test_lib:close(Server),
ssl_test_lib:close(Client1).
-
%%--------------------------------------------------------------------
server_verify_client_once_active_once(doc) ->
@@ -2104,18 +2151,17 @@ server_verify_client_once_active_once(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok, Client0, ok),
ssl_test_lib:close(Client0),
- Server ! listen,
-
+ Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
- {host, Hostname},
- {from, self()},
- {mfa, {?MODULE, result_ok, []}},
- {options, [{active, once} | ClientOpts]}]),
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE, result_ok, []}},
+ {options, [{active, once} | ClientOpts]}]),
ssl_test_lib:check_result(Client1, ok),
ssl_test_lib:close(Server),
ssl_test_lib:close(Client1).
-
+
%%--------------------------------------------------------------------
server_verify_no_cacerts(doc) ->
@@ -2123,9 +2169,8 @@ server_verify_no_cacerts(doc) ->
server_verify_no_cacerts(suite) ->
[];
-
server_verify_no_cacerts(Config) when is_list(Config) ->
- ServerOpts = ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ?config(server_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
{from, self()},
@@ -2286,8 +2331,6 @@ client_verify_none_active_once(Config) when is_list(Config) ->
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
-
-
%%--------------------------------------------------------------------
client_renegotiate(doc) ->
["Test ssl:renegotiate/1 on client."];
@@ -2296,7 +2339,6 @@ client_renegotiate(suite) ->
[];
client_renegotiate(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
ServerOpts = ?config(server_opts, Config),
ClientOpts = ?config(client_opts, Config),
@@ -2319,11 +2361,9 @@ client_renegotiate(Config) when is_list(Config) ->
{options, [{reuse_sessions, false} | ClientOpts]}]),
ssl_test_lib:check_result(Client, ok, Server, ok),
-
ssl_test_lib:close(Server),
- ssl_test_lib:close(Client),
- process_flag(trap_exit, false),
- ok.
+ ssl_test_lib:close(Client).
+
%%--------------------------------------------------------------------
server_renegotiate(doc) ->
["Test ssl:renegotiate/1 on server."];
@@ -2332,7 +2372,6 @@ server_renegotiate(suite) ->
[];
server_renegotiate(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
ServerOpts = ?config(server_opts, Config),
ClientOpts = ?config(client_opts, Config),
@@ -2355,8 +2394,7 @@ server_renegotiate(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok, Client, ok),
ssl_test_lib:close(Server),
- ssl_test_lib:close(Client),
- ok.
+ ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
client_renegotiate_reused_session(doc) ->
@@ -2366,7 +2404,6 @@ client_renegotiate_reused_session(suite) ->
[];
client_renegotiate_reused_session(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
ServerOpts = ?config(server_opts, Config),
ClientOpts = ?config(client_opts, Config),
@@ -2389,11 +2426,8 @@ client_renegotiate_reused_session(Config) when is_list(Config) ->
{options, [{reuse_sessions, true} | ClientOpts]}]),
ssl_test_lib:check_result(Client, ok, Server, ok),
-
ssl_test_lib:close(Server),
- ssl_test_lib:close(Client),
- process_flag(trap_exit, false),
- ok.
+ ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
server_renegotiate_reused_session(doc) ->
["Test ssl:renegotiate/1 on server when the ssl session will be reused."];
@@ -2402,7 +2436,6 @@ server_renegotiate_reused_session(suite) ->
[];
server_renegotiate_reused_session(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
ServerOpts = ?config(server_opts, Config),
ClientOpts = ?config(client_opts, Config),
@@ -2425,9 +2458,7 @@ server_renegotiate_reused_session(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok, Client, ok),
ssl_test_lib:close(Server),
- ssl_test_lib:close(Client),
- ok.
-
+ ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
client_no_wrap_sequence_number(doc) ->
["Test that erlang client will renegotiate session when",
@@ -2439,7 +2470,6 @@ client_no_wrap_sequence_number(suite) ->
[];
client_no_wrap_sequence_number(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
ServerOpts = ?config(server_opts, Config),
ClientOpts = ?config(client_opts, Config),
@@ -2464,11 +2494,8 @@ client_no_wrap_sequence_number(Config) when is_list(Config) ->
{renegotiate_at, N} | ClientOpts]}]),
ssl_test_lib:check_result(Client, ok),
-
ssl_test_lib:close(Server),
- ssl_test_lib:close(Client),
- process_flag(trap_exit, false),
- ok.
+ ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
server_no_wrap_sequence_number(doc) ->
["Test that erlang server will renegotiate session when",
@@ -2480,7 +2507,6 @@ server_no_wrap_sequence_number(suite) ->
[];
server_no_wrap_sequence_number(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
ServerOpts = ?config(server_opts, Config),
ClientOpts = ?config(client_opts, Config),
@@ -2504,17 +2530,15 @@ server_no_wrap_sequence_number(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok),
ssl_test_lib:close(Server),
- ssl_test_lib:close(Client),
- ok.
-
+ ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
-extended_key_usage(doc) ->
- ["Test cert that has a critical extended_key_usage extension"];
+extended_key_usage_verify_peer(doc) ->
+ ["Test cert that has a critical extended_key_usage extension in verify_peer mode"];
-extended_key_usage(suite) ->
+extended_key_usage_verify_peer(suite) ->
[];
-extended_key_usage(Config) when is_list(Config) ->
+extended_key_usage_verify_peer(Config) when is_list(Config) ->
ClientOpts = ?config(client_verification_opts, Config),
ServerOpts = ?config(server_verification_opts, Config),
PrivDir = ?config(priv_dir, Config),
@@ -2530,13 +2554,13 @@ extended_key_usage(Config) when is_list(Config) ->
ServerExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-serverAuth']},
ServerOTPTbsCert = ServerOTPCert#'OTPCertificate'.tbsCertificate,
ServerExtensions = ServerOTPTbsCert#'OTPTBSCertificate'.extensions,
- NewServerOTPTbsCert = ServerOTPTbsCert#'OTPTBSCertificate'{extensions =
- [ServerExtKeyUsageExt |
+ NewServerOTPTbsCert = ServerOTPTbsCert#'OTPTBSCertificate'{extensions =
+ [ServerExtKeyUsageExt |
ServerExtensions]},
- NewServerDerCert = public_key:pkix_sign(NewServerOTPTbsCert, Key),
+ NewServerDerCert = public_key:pkix_sign(NewServerOTPTbsCert, Key),
ssl_test_lib:der_to_pem(NewServerCertFile, [{'Certificate', NewServerDerCert, not_encrypted}]),
NewServerOpts = [{certfile, NewServerCertFile} | proplists:delete(certfile, ServerOpts)],
-
+
ClientCertFile = proplists:get_value(certfile, ClientOpts),
NewClientCertFile = filename:join(PrivDir, "client/new_cert.pem"),
[{'Certificate', ClientDerCert, _}] = ssl_test_lib:pem_to_der(ClientCertFile),
@@ -2544,28 +2568,90 @@ extended_key_usage(Config) when is_list(Config) ->
ClientExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-clientAuth']},
ClientOTPTbsCert = ClientOTPCert#'OTPCertificate'.tbsCertificate,
ClientExtensions = ClientOTPTbsCert#'OTPTBSCertificate'.extensions,
- NewClientOTPTbsCert = ClientOTPTbsCert#'OTPTBSCertificate'{extensions =
+ NewClientOTPTbsCert = ClientOTPTbsCert#'OTPTBSCertificate'{extensions =
[ClientExtKeyUsageExt |
ClientExtensions]},
- NewClientDerCert = public_key:pkix_sign(NewClientOTPTbsCert, Key),
+ NewClientDerCert = public_key:pkix_sign(NewClientOTPTbsCert, Key),
ssl_test_lib:der_to_pem(NewClientCertFile, [{'Certificate', NewClientDerCert, not_encrypted}]),
NewClientOpts = [{certfile, NewClientCertFile} | proplists:delete(certfile, ClientOpts)],
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-
- Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
- {from, self()},
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
{mfa, {?MODULE, send_recv_result_active, []}},
{options, [{verify, verify_peer} | NewServerOpts]}]),
Port = ssl_test_lib:inet_port(Server),
- Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
- {from, self()},
+ {from, self()},
{mfa, {?MODULE, send_recv_result_active, []}},
{options, [{verify, verify_peer} | NewClientOpts]}]),
-
+
ssl_test_lib:check_result(Server, ok, Client, ok),
-
+
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+extended_key_usage_verify_none(doc) ->
+ ["Test cert that has a critical extended_key_usage extension in verify_none mode"];
+
+extended_key_usage_verify_none(suite) ->
+ [];
+
+extended_key_usage_verify_none(Config) when is_list(Config) ->
+ ClientOpts = ?config(client_verification_opts, Config),
+ ServerOpts = ?config(server_verification_opts, Config),
+ PrivDir = ?config(priv_dir, Config),
+
+ KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
+ [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
+ Key = public_key:pem_entry_decode(KeyEntry),
+
+ ServerCertFile = proplists:get_value(certfile, ServerOpts),
+ NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
+ [{'Certificate', ServerDerCert, _}] = ssl_test_lib:pem_to_der(ServerCertFile),
+ ServerOTPCert = public_key:pkix_decode_cert(ServerDerCert, otp),
+ ServerExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-serverAuth']},
+ ServerOTPTbsCert = ServerOTPCert#'OTPCertificate'.tbsCertificate,
+ ServerExtensions = ServerOTPTbsCert#'OTPTBSCertificate'.extensions,
+ NewServerOTPTbsCert = ServerOTPTbsCert#'OTPTBSCertificate'{extensions =
+ [ServerExtKeyUsageExt |
+ ServerExtensions]},
+ NewServerDerCert = public_key:pkix_sign(NewServerOTPTbsCert, Key),
+ ssl_test_lib:der_to_pem(NewServerCertFile, [{'Certificate', NewServerDerCert, not_encrypted}]),
+ NewServerOpts = [{certfile, NewServerCertFile} | proplists:delete(certfile, ServerOpts)],
+
+ ClientCertFile = proplists:get_value(certfile, ClientOpts),
+ NewClientCertFile = filename:join(PrivDir, "client/new_cert.pem"),
+ [{'Certificate', ClientDerCert, _}] = ssl_test_lib:pem_to_der(ClientCertFile),
+ ClientOTPCert = public_key:pkix_decode_cert(ClientDerCert, otp),
+ ClientExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-clientAuth']},
+ ClientOTPTbsCert = ClientOTPCert#'OTPCertificate'.tbsCertificate,
+ ClientExtensions = ClientOTPTbsCert#'OTPTBSCertificate'.extensions,
+ NewClientOTPTbsCert = ClientOTPTbsCert#'OTPTBSCertificate'{extensions =
+ [ClientExtKeyUsageExt |
+ ClientExtensions]},
+ NewClientDerCert = public_key:pkix_sign(NewClientOTPTbsCert, Key),
+ ssl_test_lib:der_to_pem(NewClientCertFile, [{'Certificate', NewClientDerCert, not_encrypted}]),
+ NewClientOpts = [{certfile, NewClientCertFile} | proplists:delete(certfile, ClientOpts)],
+
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result_active, []}},
+ {options, [{verify, verify_none} | NewServerOpts]}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result_active, []}},
+ {options, [{verify, verify_none} | NewClientOpts]}]),
+
+ ssl_test_lib:check_result(Server, ok, Client, ok),
+
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
@@ -2857,11 +2943,13 @@ unknown_server_ca_fail(Config) when is_list(Config) ->
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
- FunAndState = {fun(_,{bad_cert, _} = Reason, _) ->
+ FunAndState = {fun(_,{bad_cert, unknown_ca} = Reason, _) ->
{fail, Reason};
(_,{extension, _}, UserState) ->
{unknown, UserState};
(_, valid, UserState) ->
+ {valid, [test_to_update_user_state | UserState]};
+ (_, valid_peer, UserState) ->
{valid, UserState}
end, []},
@@ -2876,9 +2964,7 @@ unknown_server_ca_fail(Config) when is_list(Config) ->
| ClientOpts]}]),
ssl_test_lib:check_result(Server, {error,"unknown ca"},
- Client, {error, "unknown ca"}),
- ssl_test_lib:close(Server),
- ssl_test_lib:close(Client).
+ Client, {error, "unknown ca"}).
%%--------------------------------------------------------------------
unknown_server_ca_accept_verify_none(doc) ->
@@ -2930,6 +3016,8 @@ unknown_server_ca_accept_verify_peer(Config) when is_list(Config) ->
(_,{extension, _}, UserState) ->
{unknown, UserState};
(_, valid, UserState) ->
+ {valid, UserState};
+ (_, valid_peer, UserState) ->
{valid, UserState}
end, []},
@@ -2948,7 +3036,7 @@ unknown_server_ca_accept_verify_peer(Config) when is_list(Config) ->
%%--------------------------------------------------------------------
unknown_server_ca_accept_backwardscompatibilty(doc) ->
- ["Test that the client succeds if the ca is unknown in verify_none mode"];
+ ["Test that old style verify_funs will work"];
unknown_server_ca_accept_backwardscompatibilty(suite) ->
[];
unknown_server_ca_accept_backwardscompatibilty(Config) when is_list(Config) ->
@@ -3041,6 +3129,238 @@ der_input_opts(Opts) ->
{Cert, {rsa, Key}, CaCerts, DHParams}.
%%--------------------------------------------------------------------
+%% different_ca_peer_sign(doc) ->
+%% ["Check that a CA can have a different signature algorithm than the peer cert."];
+
+%% different_ca_peer_sign(suite) ->
+%% [];
+
+%% different_ca_peer_sign(Config) when is_list(Config) ->
+%% ClientOpts = ?config(client_mix_opts, Config),
+%% ServerOpts = ?config(server_mix_verify_opts, Config),
+
+%% {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+%% Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+%% {from, self()},
+%% {mfa, {?MODULE, send_recv_result_active_once, []}},
+%% {options, [{active, once},
+%% {verify, verify_peer} | ServerOpts]}]),
+%% Port = ssl_test_lib:inet_port(Server),
+
+%% Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+%% {host, Hostname},
+%% {from, self()},
+%% {mfa, {?MODULE,
+%% send_recv_result_active_once,
+%% []}},
+%% {options, [{active, once},
+%% {verify, verify_peer}
+%% | ClientOpts]}]),
+
+%% ssl_test_lib:check_result(Server, ok, Client, ok),
+%% ssl_test_lib:close(Server),
+%% ssl_test_lib:close(Client).
+
+
+%%--------------------------------------------------------------------
+no_reuses_session_server_restart_new_cert(doc) ->
+ ["Check that a session is not reused if the server is restarted with a new cert."];
+
+no_reuses_session_server_restart_new_cert(suite) ->
+ [];
+
+no_reuses_session_server_restart_new_cert(Config) when is_list(Config) ->
+
+ ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ?config(server_opts, Config),
+ DsaServerOpts = ?config(server_dsa_opts, Config),
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, session_info_result, []}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client0 =
+ ssl_test_lib:start_client([{node, ClientNode},
+ {port, Port}, {host, Hostname},
+ {mfa, {ssl_test_lib, no_result, []}},
+ {from, self()}, {options, ClientOpts}]),
+ SessionInfo =
+ receive
+ {Server, Info} ->
+ Info
+ end,
+
+ %% Make sure session is registered
+ test_server:sleep(?SLEEP),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client0),
+
+ Server1 =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
+ {from, self()},
+ {mfa, {ssl_test_lib, no_result, []}},
+ {options, DsaServerOpts}]),
+
+ Client1 =
+ ssl_test_lib:start_client([{node, ClientNode},
+ {port, Port}, {host, Hostname},
+ {mfa, {?MODULE, session_info_result, []}},
+ {from, self()}, {options, ClientOpts}]),
+ receive
+ {Client1, SessionInfo} ->
+ test_server:fail(session_reused_when_server_has_new_cert);
+ {Client1, _Other} ->
+ ok
+ end,
+ ssl_test_lib:close(Server1),
+ ssl_test_lib:close(Client1).
+
+%%--------------------------------------------------------------------
+no_reuses_session_server_restart_new_cert_file(doc) ->
+ ["Check that a session is not reused if a server is restarted with a new "
+ "cert contained in a file with the same name as the old cert."];
+
+no_reuses_session_server_restart_new_cert_file(suite) ->
+ [];
+
+no_reuses_session_server_restart_new_cert_file(Config) when is_list(Config) ->
+ ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ?config(server_verification_opts, Config),
+ DsaServerOpts = ?config(server_dsa_opts, Config),
+ PrivDir = ?config(priv_dir, Config),
+
+ NewServerOpts = new_config(PrivDir, ServerOpts),
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, session_info_result, []}},
+ {options, NewServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client0 =
+ ssl_test_lib:start_client([{node, ClientNode},
+ {port, Port}, {host, Hostname},
+ {mfa, {ssl_test_lib, no_result, []}},
+ {from, self()}, {options, ClientOpts}]),
+ SessionInfo =
+ receive
+ {Server, Info} ->
+ Info
+ end,
+
+ %% Make sure session is registered and we get
+ %% new file time stamp when calling new_config!
+ test_server:sleep(?SLEEP* 2),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client0),
+
+ NewServerOpts = new_config(PrivDir, DsaServerOpts),
+
+ Server1 =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
+ {from, self()},
+ {mfa, {ssl_test_lib, no_result, []}},
+ {options, NewServerOpts}]),
+ Client1 =
+ ssl_test_lib:start_client([{node, ClientNode},
+ {port, Port}, {host, Hostname},
+ {mfa, {?MODULE, session_info_result, []}},
+ {from, self()}, {options, ClientOpts}]),
+ receive
+ {Client1, SessionInfo} ->
+ test_server:fail(session_reused_when_server_has_new_cert);
+ {Client1, _Other} ->
+ ok
+ end,
+ ssl_test_lib:close(Server1),
+ ssl_test_lib:close(Client1).
+
+%%--------------------------------------------------------------------
+reuseaddr(doc) ->
+ [""];
+
+reuseaddr(suite) ->
+ [];
+
+reuseaddr(Config) when is_list(Config) ->
+ ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ?config(server_opts, Config),
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+ Server =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {ssl_test_lib, no_result, []}},
+ {options, [{active, false} | ServerOpts]}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client =
+ ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {ssl_test_lib, no_result, []}},
+ {options, [{active, false} | ClientOpts]}]),
+ test_server:sleep(?SLEEP),
+ ssl_test_lib:close(Server),
+
+ Server1 =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result, []}},
+ {options, [{active, false} | ServerOpts]}]),
+ Client1 =
+ ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result, []}},
+ {options, [{active, false} | ClientOpts]}]),
+
+ ssl_test_lib:check_result(Server1, ok, Client1, ok),
+ ssl_test_lib:close(Server1),
+ ssl_test_lib:close(Client1).
+
+%%--------------------------------------------------------------------
+
+hibernate(doc) ->
+ ["Check that an SSL connection that is started with option "
+ "{hibernate_after, 1000} indeed hibernates after 1000ms of "
+ "inactivity"];
+
+hibernate(suite) ->
+ [];
+
+hibernate(Config) ->
+ ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ?config(server_opts, Config),
+
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result_active, []}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+ {Client, #sslsocket{pid=Pid}} = ssl_test_lib:start_client([return_socket,
+ {node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result_active, []}},
+ {options, [{hibernate_after, 1000}|ClientOpts]}]),
+
+ { current_function, { _M, _F, _A } } =
+ process_info(Pid, current_function),
+
+ timer:sleep(1100),
+
+ { current_function, { erlang, hibernate, 3} } =
+ process_info(Pid, current_function),
+
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
%%% Internal functions
%%--------------------------------------------------------------------
send_recv_result(Socket) ->
@@ -3065,7 +3385,6 @@ send_recv_result_active_once(Socket) ->
result_ok(_Socket) ->
ok.
-
renegotiate(Socket, Data) ->
test_server:format("Renegotiating ~n", []),
Result = ssl:renegotiate(Socket),
@@ -3082,7 +3401,27 @@ renegotiate_reuse_session(Socket, Data) ->
%% Make sure session is registerd
test_server:sleep(?SLEEP),
renegotiate(Socket, Data).
-
+
+new_config(PrivDir, ServerOpts0) ->
+ CaCertFile = proplists:get_value(cacertfile, ServerOpts0),
+ CertFile = proplists:get_value(certfile, ServerOpts0),
+ KeyFile = proplists:get_value(keyfile, ServerOpts0),
+ NewCaCertFile = filename:join(PrivDir, "new_ca.pem"),
+ NewCertFile = filename:join(PrivDir, "new_cert.pem"),
+ NewKeyFile = filename:join(PrivDir, "new_key.pem"),
+ file:copy(CaCertFile, NewCaCertFile),
+ file:copy(CertFile, NewCertFile),
+ file:copy(KeyFile, NewKeyFile),
+ ServerOpts1 = proplists:delete(cacertfile, ServerOpts0),
+ ServerOpts2 = proplists:delete(certfile, ServerOpts1),
+ ServerOpts = proplists:delete(keyfile, ServerOpts2),
+
+ {ok, PEM} = file:read_file(NewCaCertFile),
+ test_server:format("CA file content: ~p~n", [public_key:pem_decode(PEM)]),
+
+ [{cacertfile, NewCaCertFile}, {certfile, NewCertFile},
+ {keyfile, NewKeyFile} | ServerOpts].
+
session_cache_process_list(doc) ->
["Test reuse of sessions (short handshake)"];
@@ -3099,7 +3438,7 @@ session_cache_process_mnesia(suite) ->
session_cache_process_mnesia(Config) when is_list(Config) ->
session_cache_process(mnesia,Config).
-session_cache_process(_Type,Config) when is_list(Config) ->
+session_cache_process(Type,Config) when is_list(Config) ->
reuse_session(Config).
init([Type]) ->
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index 88d2d99ef8..d22d5d2954 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -23,7 +23,7 @@
%% Note: This directive should only be used in test suites.
-compile(export_all).
--include("test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
-define(BYTE(X), X:8/unsigned-big-integer).
-define(UINT16(X), X:16/unsigned-big-integer).
@@ -53,15 +53,18 @@
%% variable, but should NOT alter/remove any existing entries.
%%--------------------------------------------------------------------
init_per_suite(Config) ->
- crypto:start(),
- application:start(public_key),
- ssl:start(),
- Result =
- (catch make_certs:all(?config(data_dir, Config),
- ?config(priv_dir, Config))),
- test_server:format("Make certs ~p~n", [Result]),
- ssl_test_lib:cert_options(Config).
-
+ try crypto:start() of
+ ok ->
+ application:start(public_key),
+ ssl:start(),
+ Result =
+ (catch make_certs:all(?config(data_dir, Config),
+ ?config(priv_dir, Config))),
+ test_server:format("Make certs ~p~n", [Result]),
+ ssl_test_lib:cert_options(Config)
+ catch _:_ ->
+ {skip, "Crypto did not start"}
+ end.
%%--------------------------------------------------------------------
%% Function: end_per_suite(Config) -> _
%% Config - [tuple()]
@@ -70,7 +73,7 @@ init_per_suite(Config) ->
%%--------------------------------------------------------------------
end_per_suite(_Config) ->
ssl:stop(),
- crypto:stop().
+ application:stop(crypto).
%%--------------------------------------------------------------------
%% Function: init_per_testcase(TestCase, Config) -> Config
@@ -115,56 +118,56 @@ end_per_testcase(_TestCase, Config) ->
%% Name of a test case.
%% Description: Returns a list of all test cases in this test suite
%%--------------------------------------------------------------------
-all(doc) ->
- ["Test that erlang:decode_packet/3 seems to be handled correctly."
- "We only use the most basic packet types in our tests as testing of"
- "the packet types are for inet to verify"
- ];
-
-all(suite) ->
- [packet_raw_passive_many_small,
- packet_0_passive_many_small, packet_1_passive_many_small,
- packet_2_passive_many_small, packet_4_passive_many_small,
- packet_raw_passive_some_big, packet_0_passive_some_big,
- packet_1_passive_some_big,
- packet_2_passive_some_big, packet_4_passive_some_big,
- packet_raw_active_once_many_small,
- packet_0_active_once_many_small, packet_1_active_once_many_small,
- packet_2_active_once_many_small, packet_4_active_once_many_small,
- packet_raw_active_once_some_big,
- packet_0_active_once_some_big, packet_1_active_once_some_big,
- packet_2_active_once_some_big, packet_4_active_once_some_big,
- packet_raw_active_many_small, packet_0_active_many_small,
- packet_1_active_many_small,
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+ [packet_raw_passive_many_small,
+ packet_0_passive_many_small,
+ packet_1_passive_many_small,
+ packet_2_passive_many_small,
+ packet_4_passive_many_small,
+ packet_raw_passive_some_big, packet_0_passive_some_big,
+ packet_1_passive_some_big, packet_2_passive_some_big,
+ packet_4_passive_some_big,
+ packet_raw_active_once_many_small,
+ packet_0_active_once_many_small,
+ packet_1_active_once_many_small,
+ packet_2_active_once_many_small,
+ packet_4_active_once_many_small,
+ packet_raw_active_once_some_big,
+ packet_0_active_once_some_big,
+ packet_1_active_once_some_big,
+ packet_2_active_once_some_big,
+ packet_4_active_once_some_big,
+ packet_raw_active_many_small,
+ packet_0_active_many_small, packet_1_active_many_small,
packet_2_active_many_small, packet_4_active_many_small,
- packet_raw_active_some_big, packet_0_active_some_big,
- packet_1_active_some_big, packet_2_active_some_big,
- packet_4_active_some_big,
- packet_send_to_large,
+ packet_raw_active_some_big, packet_0_active_some_big,
+ packet_1_active_some_big, packet_2_active_some_big,
+ packet_4_active_some_big, packet_send_to_large,
packet_wait_passive, packet_wait_active,
packet_baddata_passive, packet_baddata_active,
packet_size_passive, packet_size_active,
- packet_cdr_decode,
- packet_cdr_decode_list,
- packet_http_decode,
- packet_http_decode_list,
- packet_http_bin_decode_multi,
- packet_http_error_passive,
- packet_line_decode,
- packet_line_decode_list,
- packet_asn1_decode,
- packet_asn1_decode_list,
- packet_tpkt_decode,
- packet_tpkt_decode_list,
- %packet_fcgi_decode,
- packet_sunrm_decode,
- packet_sunrm_decode_list,
- header_decode_one_byte,
- header_decode_two_bytes,
+ packet_cdr_decode, packet_cdr_decode_list,
+ packet_http_decode, packet_http_decode_list,
+ packet_http_bin_decode_multi, packet_http_error_passive,
+ packet_line_decode, packet_line_decode_list,
+ packet_asn1_decode, packet_asn1_decode_list,
+ packet_tpkt_decode, packet_tpkt_decode_list,
+ packet_sunrm_decode, packet_sunrm_decode_list,
+ header_decode_one_byte, header_decode_two_bytes,
header_decode_two_bytes_one_sent,
- header_decode_two_bytes_two_sent
+ header_decode_two_bytes_two_sent].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
- ].
%% Test cases starts here.
%%--------------------------------------------------------------------
diff --git a/lib/ssl/test/ssl_payload_SUITE.erl b/lib/ssl/test/ssl_payload_SUITE.erl
index d80df0bfbd..24e86b3913 100644
--- a/lib/ssl/test/ssl_payload_SUITE.erl
+++ b/lib/ssl/test/ssl_payload_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -22,7 +22,7 @@
%% Note: This directive should only be used in test suites.
-compile(export_all).
--include("test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
-define(TIMEOUT, 600000).
@@ -37,12 +37,15 @@
%% variable, but should NOT alter/remove any existing entries.
%%--------------------------------------------------------------------
init_per_suite(Config) ->
- crypto:start(),
- application:start(public_key),
- ssl:start(),
- make_certs:all(?config(data_dir, Config), ?config(priv_dir, Config)),
- ssl_test_lib:cert_options(Config).
-
+ try crypto:start() of
+ ok ->
+ application:start(public_key),
+ ssl:start(),
+ make_certs:all(?config(data_dir, Config), ?config(priv_dir, Config)),
+ ssl_test_lib:cert_options(Config)
+ catch _:_ ->
+ {skip, "Crypto did not start"}
+ end.
%%--------------------------------------------------------------------
%% Function: end_per_suite(Config) -> _
%% Config - [tuple()]
@@ -51,7 +54,7 @@ init_per_suite(Config) ->
%%--------------------------------------------------------------------
end_per_suite(_Config) ->
ssl:stop(),
- crypto:stop().
+ application:stop(crypto).
%%--------------------------------------------------------------------
%% Function: init_per_testcase(TestCase, Config) -> Config
@@ -96,24 +99,30 @@ end_per_testcase(_TestCase, Config) ->
%% Name of a test case.
%% Description: Returns a list of all test cases in this test suite
%%--------------------------------------------------------------------
-all(doc) ->
- ["Test payload over ssl in all socket modes, active, active_once,"
- "and passive mode."];
-
-all(suite) ->
- [server_echos_passive_small, server_echos_active_once_small,
- server_echos_active_small,
- client_echos_passive_small, client_echos_active_once_small,
- client_echos_active_small,
- server_echos_passive_big, server_echos_active_once_big,
- server_echos_active_big,
- client_echos_passive_big, client_echos_active_once_big,
- client_echos_active_big,
- server_echos_passive_huge, server_echos_active_once_huge,
- server_echos_active_huge,
- client_echos_passive_huge, client_echos_active_once_huge,
- client_echos_active_huge
- ].
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+ [server_echos_passive_small,
+ server_echos_active_once_small,
+ server_echos_active_small, client_echos_passive_small,
+ client_echos_active_once_small,
+ client_echos_active_small, server_echos_passive_big,
+ server_echos_active_once_big, server_echos_active_big,
+ client_echos_passive_big, client_echos_active_once_big,
+ client_echos_active_big, server_echos_passive_huge,
+ server_echos_active_once_huge, server_echos_active_huge,
+ client_echos_passive_huge,
+ client_echos_active_once_huge, client_echos_active_huge].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
%% Test cases starts here.
%%--------------------------------------------------------------------
diff --git a/lib/ssl/test/ssl_session_cache_SUITE.erl b/lib/ssl/test/ssl_session_cache_SUITE.erl
new file mode 100644
index 0000000000..a43b9ab586
--- /dev/null
+++ b/lib/ssl/test/ssl_session_cache_SUITE.erl
@@ -0,0 +1,317 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2010-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.2
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%
+
+-module(ssl_session_cache_SUITE).
+
+%% Note: This directive should only be used in test suites.
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+-define(SLEEP, 500).
+-define(TIMEOUT, 60000).
+-define(LONG_TIMEOUT, 600000).
+-behaviour(ssl_session_cache_api).
+
+%% For the session cache tests
+-export([init/1, terminate/1, lookup/2, update/3,
+ delete/2, foldl/3, select_session/2]).
+
+%% Test server callback functions
+%%--------------------------------------------------------------------
+%% Function: init_per_suite(Config) -> Config
+%% Config - [tuple()]
+%% A list of key/value pairs, holding the test case configuration.
+%% Description: Initialization before the whole suite
+%%
+%% Note: This function is free to add any key/value pairs to the Config
+%% variable, but should NOT alter/remove any existing entries.
+%%--------------------------------------------------------------------
+init_per_suite(Config0) ->
+ Dog = ssl_test_lib:timetrap(?LONG_TIMEOUT *2),
+ try crypto:start() of
+ ok ->
+ application:start(public_key),
+ ssl:start(),
+
+ %% make rsa certs using oppenssl
+ Result =
+ (catch make_certs:all(?config(data_dir, Config0),
+ ?config(priv_dir, Config0))),
+ test_server:format("Make certs ~p~n", [Result]),
+
+ Config1 = ssl_test_lib:make_dsa_cert(Config0),
+ Config = ssl_test_lib:cert_options(Config1),
+ [{watchdog, Dog} | Config]
+ catch _:_ ->
+ {skip, "Crypto did not start"}
+ end.
+
+%%--------------------------------------------------------------------
+%% Function: end_per_suite(Config) -> _
+%% Config - [tuple()]
+%% A list of key/value pairs, holding the test case configuration.
+%% Description: Cleanup after the whole suite
+%%--------------------------------------------------------------------
+end_per_suite(_Config) ->
+ ssl:stop(),
+ application:stop(crypto).
+
+%%--------------------------------------------------------------------
+%% Function: init_per_testcase(TestCase, Config) -> Config
+%% Case - atom()
+%% Name of the test case that is about to be run.
+%% Config - [tuple()]
+%% A list of key/value pairs, holding the test case configuration.
+%%
+%% Description: Initialization before each test case
+%%
+%% Note: This function is free to add any key/value pairs to the Config
+%% variable, but should NOT alter/remove any existing entries.
+%% Description: Initialization before each test case
+%%--------------------------------------------------------------------
+init_per_testcase(session_cache_process_list, Config) ->
+ init_customized_session_cache(list, Config);
+
+init_per_testcase(session_cache_process_mnesia, Config) ->
+ mnesia:start(),
+ init_customized_session_cache(mnesia, Config);
+
+init_per_testcase(_TestCase, Config0) ->
+ Config = lists:keydelete(watchdog, 1, Config0),
+ Dog = test_server:timetrap(?TIMEOUT),
+ [{watchdog, Dog} | Config].
+
+init_customized_session_cache(Type, Config0) ->
+ Config = lists:keydelete(watchdog, 1, Config0),
+ Dog = test_server:timetrap(?TIMEOUT),
+ ssl:stop(),
+ application:load(ssl),
+ application:set_env(ssl, session_cb, ?MODULE),
+ application:set_env(ssl, session_cb_init_args, [Type]),
+ ssl:start(),
+ [{watchdog, Dog} | Config].
+
+%%--------------------------------------------------------------------
+%% Function: end_per_testcase(TestCase, Config) -> _
+%% Case - atom()
+%% Name of the test case that is about to be run.
+%% Config - [tuple()]
+%% A list of key/value pairs, holding the test case configuration.
+%% Description: Cleanup after each test case
+%%--------------------------------------------------------------------
+end_per_testcase(session_cache_process_list, Config) ->
+ application:unset_env(ssl, session_cb),
+ end_per_testcase(default_action, Config);
+end_per_testcase(session_cache_process_mnesia, Config) ->
+ application:unset_env(ssl, session_cb),
+ application:unset_env(ssl, session_cb_init_args),
+ mnesia:kill(),
+ ssl:stop(),
+ ssl:start(),
+ end_per_testcase(default_action, Config);
+end_per_testcase(_TestCase, Config) ->
+ Dog = ?config(watchdog, Config),
+ case Dog of
+ undefined ->
+ ok;
+ _ ->
+ test_server:timetrap_cancel(Dog)
+ end.
+
+%%--------------------------------------------------------------------
+%% Function: all(Clause) -> TestCases
+%% Clause - atom() - suite | doc
+%% TestCases - [Case]
+%% Case - atom()
+%% Name of a test case.
+%% Description: Returns a list of all test cases in this test suite
+%%--------------------------------------------------------------------
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+ [session_cache_process_list,
+ session_cache_process_mnesia].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+session_cache_process_list(doc) ->
+ ["Test reuse of sessions (short handshake)"];
+
+session_cache_process_list(suite) ->
+ [];
+session_cache_process_list(Config) when is_list(Config) ->
+ session_cache_process(list,Config).
+%%--------------------------------------------------------------------
+session_cache_process_mnesia(doc) ->
+ ["Test reuse of sessions (short handshake)"];
+
+session_cache_process_mnesia(suite) ->
+ [];
+session_cache_process_mnesia(Config) when is_list(Config) ->
+ session_cache_process(mnesia,Config).
+
+
+%%--------------------------------------------------------------------
+%%% Session cache API callbacks
+%%--------------------------------------------------------------------
+
+init([Type]) ->
+ ets:new(ssl_test, [named_table, public, set]),
+ ets:insert(ssl_test, {type, Type}),
+ case Type of
+ list ->
+ spawn(fun() -> session_loop([]) end);
+ mnesia ->
+ mnesia:start(),
+ {atomic,ok} = mnesia:create_table(sess_cache, []),
+ sess_cache
+ end.
+
+session_cb() ->
+ [{type, Type}] = ets:lookup(ssl_test, type),
+ Type.
+
+terminate(Cache) ->
+ case session_cb() of
+ list ->
+ Cache ! terminate;
+ mnesia ->
+ catch {atomic,ok} =
+ mnesia:delete_table(sess_cache)
+ end.
+
+lookup(Cache, Key) ->
+ case session_cb() of
+ list ->
+ Cache ! {self(), lookup, Key},
+ receive {Cache, Res} -> Res end;
+ mnesia ->
+ case mnesia:transaction(fun() ->
+ mnesia:read(sess_cache,
+ Key, read)
+ end) of
+ {atomic, [{sess_cache, Key, Value}]} ->
+ Value;
+ _ ->
+ undefined
+ end
+ end.
+
+update(Cache, Key, Value) ->
+ case session_cb() of
+ list ->
+ Cache ! {update, Key, Value};
+ mnesia ->
+ {atomic, ok} =
+ mnesia:transaction(fun() ->
+ mnesia:write(sess_cache,
+ {sess_cache, Key, Value}, write)
+ end)
+ end.
+
+delete(Cache, Key) ->
+ case session_cb() of
+ list ->
+ Cache ! {delete, Key};
+ mnesia ->
+ {atomic, ok} =
+ mnesia:transaction(fun() ->
+ mnesia:delete(sess_cache, Key)
+ end)
+ end.
+
+foldl(Fun, Acc, Cache) ->
+ case session_cb() of
+ list ->
+ Cache ! {self(),foldl,Fun,Acc},
+ receive {Cache, Res} -> Res end;
+ mnesia ->
+ Foldl = fun() ->
+ mnesia:foldl(Fun, Acc, sess_cache)
+ end,
+ {atomic, Res} = mnesia:transaction(Foldl),
+ Res
+ end.
+
+select_session(Cache, PartialKey) ->
+ case session_cb() of
+ list ->
+ Cache ! {self(),select_session, PartialKey},
+ receive
+ {Cache, Res} ->
+ Res
+ end;
+ mnesia ->
+ Sel = fun() ->
+ mnesia:select(Cache,
+ [{{sess_cache,{PartialKey,'$1'}, '$2'},
+ [],['$$']}])
+ end,
+ {atomic, Res} = mnesia:transaction(Sel),
+ Res
+ end.
+
+session_loop(Sess) ->
+ receive
+ terminate ->
+ ok;
+ {Pid, lookup, Key} ->
+ case lists:keysearch(Key,1,Sess) of
+ {value, {Key,Value}} ->
+ Pid ! {self(), Value};
+ _ ->
+ Pid ! {self(), undefined}
+ end,
+ session_loop(Sess);
+ {update, Key, Value} ->
+ NewSess = [{Key,Value}| lists:keydelete(Key,1,Sess)],
+ session_loop(NewSess);
+ {delete, Key} ->
+ session_loop(lists:keydelete(Key,1,Sess));
+ {Pid,foldl,Fun,Acc} ->
+ Res = lists:foldl(Fun, Acc,Sess),
+ Pid ! {self(), Res},
+ session_loop(Sess);
+ {Pid,select_session,PKey} ->
+ Sel = fun({{PKey0, Id},Session}, Acc) when PKey == PKey0 ->
+ [[Id, Session]|Acc];
+ (_,Acc) ->
+ Acc
+ end,
+ Sessions = lists:foldl(Sel, [], Sess),
+ Pid ! {self(), Sessions},
+ session_loop(Sess)
+ end.
+
+%%--------------------------------------------------------------------
+%%% Internal functions
+%%--------------------------------------------------------------------
+
+session_cache_process(_Type,Config) when is_list(Config) ->
+ ssl_basic_SUITE:reuse_session(Config).
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index ce164f7e4c..40bbdf1dbd 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -81,14 +81,20 @@ run_server(ListenSocket, Opts) ->
no_result_msg ->
ok;
Msg ->
- test_server:format("Msg: ~p ~n", [Msg]),
+ test_server:format("Server Msg: ~p ~n", [Msg]),
Pid ! {self(), Msg}
end,
- receive
+ receive
listen ->
run_server(ListenSocket, Opts);
+ {listen, MFA} ->
+ run_server(ListenSocket, [MFA | proplists:delete(mfa, Opts)]);
close ->
- ok = rpc:call(Node, ssl, close, [AcceptSocket])
+ test_server:format("Server closing ~p ~n", [self()]),
+ Result = rpc:call(Node, ssl, close, [AcceptSocket], 500),
+ test_server:format("Result ~p ~n", [Result]);
+ {ssl_closed, _} ->
+ ok
end.
%%% To enable to test with s_client -reconnect
@@ -122,12 +128,14 @@ remove_close_msg(ReconnectTimes) ->
remove_close_msg(ReconnectTimes -1)
end.
-
start_client(Args) ->
- Result = spawn_link(?MODULE, run_client, [Args]),
+ Result = spawn_link(?MODULE, run_client, [lists:delete(return_socket, Args)]),
receive
- connected ->
- Result
+ { connected, Socket } ->
+ case lists:member(return_socket, Args) of
+ true -> { Result, Socket };
+ false -> Result
+ end
end.
run_client(Opts) ->
@@ -139,7 +147,7 @@ run_client(Opts) ->
test_server:format("ssl:connect(~p, ~p, ~p)~n", [Host, Port, Options]),
case rpc:call(Node, ssl, connect, [Host, Port, Options]) of
{ok, Socket} ->
- Pid ! connected,
+ Pid ! { connected, Socket },
test_server:format("Client: connected~n", []),
%% In specail cases we want to know the client port, it will
%% be indicated by sending {port, 0} in options list!
@@ -151,19 +159,30 @@ run_client(Opts) ->
no_result_msg ->
ok;
Msg ->
+ test_server:format("Client Msg: ~p ~n", [Msg]),
Pid ! {self(), Msg}
end,
- receive
+ receive
close ->
- ok = rpc:call(Node, ssl, close, [Socket])
+ test_server:format("Client closing~n", []),
+ rpc:call(Node, ssl, close, [Socket]);
+ {ssl_closed, Socket} ->
+ ok
end;
{error, Reason} ->
- test_server:format("Client: connection failed: ~p ~n", [Reason]),
+ test_server:format("Client: connection failed: ~p ~n", [Reason]),
Pid ! {self(), {error, Reason}}
end.
close(Pid) ->
- Pid ! close.
+ test_server:format("Close ~p ~n", [Pid]),
+ Monitor = erlang:monitor(process, Pid),
+ Pid ! close,
+ receive
+ {'DOWN', Monitor, process, Pid, Reason} ->
+ erlang:demonitor(Monitor),
+ test_server:format("Pid: ~p down due to:~p ~n", [Pid, Reason])
+ end.
check_result(Server, ServerMsg, Client, ClientMsg) ->
receive
@@ -208,47 +227,27 @@ check_result(Pid, Msg) ->
test_server:fail(Reason)
end.
-check_result_ignore_renegotiation_reject(Pid, Msg) ->
- receive
- {Pid, fail_session_fatal_alert_during_renegotiation} ->
- test_server:comment("Server rejected old renegotiation"),
- ok;
- {ssl_error, _, esslconnect} ->
- test_server:comment("Server rejected old renegotiation"),
- ok;
- {Pid, Msg} ->
- ok;
- {Port, {data,Debug}} when is_port(Port) ->
- io:format("openssl ~s~n",[Debug]),
- check_result(Pid,Msg);
- Unexpected ->
- Reason = {{expected, {Pid, Msg}},
- {got, Unexpected}},
- test_server:fail(Reason)
- end.
-
-
wait_for_result(Server, ServerMsg, Client, ClientMsg) ->
receive
{Server, ServerMsg} ->
receive
{Client, ClientMsg} ->
- ok;
- Unexpected ->
- Unexpected
+ ok
+ %% Unexpected ->
+ %% Unexpected
end;
{Client, ClientMsg} ->
receive
{Server, ServerMsg} ->
- ok;
- Unexpected ->
- Unexpected
+ ok
+ %% Unexpected ->
+ %% Unexpected
end;
{Port, {data,Debug}} when is_port(Port) ->
io:format("openssl ~s~n",[Debug]),
- wait_for_result(Server, ServerMsg, Client, ClientMsg);
- Unexpected ->
- Unexpected
+ wait_for_result(Server, ServerMsg, Client, ClientMsg)
+ %% Unexpected ->
+ %% Unexpected
end.
@@ -258,9 +257,9 @@ wait_for_result(Pid, Msg) ->
ok;
{Port, {data,Debug}} when is_port(Port) ->
io:format("openssl ~s~n",[Debug]),
- wait_for_result(Pid,Msg);
- Unexpected ->
- Unexpected
+ wait_for_result(Pid,Msg)
+ %% Unexpected ->
+ %% Unexpected
end.
cert_options(Config) ->
@@ -300,6 +299,7 @@ cert_options(Config) ->
{ssl_imp, new}]},
{server_opts, [{ssl_imp, new},{reuseaddr, true},
{certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
+ {server_anon, [{ssl_imp, new},{reuseaddr, true}, {ciphers, anonymous_suites()}]},
{server_verification_opts, [{ssl_imp, new},{reuseaddr, true},
{cacertfile, ServerCaCertFile},
{certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
@@ -326,8 +326,8 @@ cert_options(Config) ->
make_dsa_cert(Config) ->
- {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_dsa_cert_files("server", Config),
- {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_dsa_cert_files("client", Config),
+ {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, dsa, dsa, ""),
+ {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, dsa, dsa, ""),
[{server_dsa_opts, [{ssl_imp, new},{reuseaddr, true},
{cacertfile, ServerCaCertFile},
{certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
@@ -341,22 +341,41 @@ make_dsa_cert(Config) ->
| Config].
-
-make_dsa_cert_files(RoleStr, Config) ->
- CaInfo = {CaCert, _} = erl_make_certs:make_cert([{key, dsa}]),
- {Cert, CertKey} = erl_make_certs:make_cert([{key, dsa}, {issuer, CaInfo}]),
+make_mix_cert(Config) ->
+ {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_cert_files("server", Config, dsa,
+ rsa, "mix"),
+ {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_cert_files("client", Config, dsa,
+ rsa, "mix"),
+ [{server_mix_opts, [{ssl_imp, new},{reuseaddr, true},
+ {cacertfile, ServerCaCertFile},
+ {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
+ {server_mix_verify_opts, [{ssl_imp, new},{reuseaddr, true},
+ {cacertfile, ClientCaCertFile},
+ {certfile, ServerCertFile}, {keyfile, ServerKeyFile},
+ {verify, verify_peer}]},
+ {client_mix_opts, [{ssl_imp, new},{reuseaddr, true},
+ {cacertfile, ClientCaCertFile},
+ {certfile, ClientCertFile}, {keyfile, ClientKeyFile}]}
+ | Config].
+
+make_cert_files(RoleStr, Config, Alg1, Alg2, Prefix) ->
+ Alg1Str = atom_to_list(Alg1),
+ Alg2Str = atom_to_list(Alg2),
+ CaInfo = {CaCert, _} = erl_make_certs:make_cert([{key, Alg1}]),
+ {Cert, CertKey} = erl_make_certs:make_cert([{key, Alg2}, {issuer, CaInfo}]),
CaCertFile = filename:join([?config(priv_dir, Config),
- RoleStr, "dsa_cacerts.pem"]),
+ RoleStr, Prefix ++ Alg1Str ++ "_cacerts.pem"]),
CertFile = filename:join([?config(priv_dir, Config),
- RoleStr, "dsa_cert.pem"]),
+ RoleStr, Prefix ++ Alg2Str ++ "_cert.pem"]),
KeyFile = filename:join([?config(priv_dir, Config),
- RoleStr, "dsa_key.pem"]),
+ RoleStr, Prefix ++ Alg2Str ++ "_key.pem"]),
der_to_pem(CaCertFile, [{'Certificate', CaCert, not_encrypted}]),
der_to_pem(CertFile, [{'Certificate', Cert, not_encrypted}]),
der_to_pem(KeyFile, [CertKey]),
{CaCertFile, CertFile, KeyFile}.
+
start_upgrade_server(Args) ->
Result = spawn_link(?MODULE, run_upgrade_server, [Args]),
receive
@@ -394,10 +413,12 @@ run_upgrade_server(Opts) ->
end,
{Module, Function, Args} = proplists:get_value(mfa, Opts),
Msg = rpc:call(Node, Module, Function, [SslAcceptSocket | Args]),
+ test_server:format("Upgrade Server Msg: ~p ~n", [Msg]),
Pid ! {self(), Msg},
receive
close ->
- ok = rpc:call(Node, ssl, close, [SslAcceptSocket])
+ test_server:format("Upgrade Server closing~n", []),
+ rpc:call(Node, ssl, close, [SslAcceptSocket])
end
catch error:{badmatch, Error} ->
Pid ! {self(), Error}
@@ -427,10 +448,12 @@ run_upgrade_client(Opts) ->
test_server:format("apply(~p, ~p, ~p)~n",
[Module, Function, [SslSocket | Args]]),
Msg = rpc:call(Node, Module, Function, [SslSocket | Args]),
+ test_server:format("Upgrade Client Msg: ~p ~n", [Msg]),
Pid ! {self(), Msg},
receive
close ->
- ok = rpc:call(Node, ssl, close, [SslSocket])
+ test_server:format("Upgrade Client closing~n", []),
+ rpc:call(Node, ssl, close, [SslSocket])
end.
start_upgrade_server_error(Args) ->
@@ -616,6 +639,13 @@ openssl_dsa_suites() ->
end
end, Ciphers).
+anonymous_suites() ->
+ [{dh_anon, rc4_128, md5},
+ {dh_anon, des_cbc, sha},
+ {dh_anon, '3des_ede_cbc', sha},
+ {dh_anon, aes_128_cbc, sha},
+ {dh_anon, aes_256_cbc, sha}].
+
pem_to_der(File) ->
{ok, PemBin} = file:read_file(File),
public_key:pem_decode(PemBin).
@@ -633,7 +663,7 @@ cipher_result(Socket, Result) ->
receive
{ssl, Socket, "Hello\n"} ->
ssl:send(Socket, " world\n"),
- receive
+ receive
{ssl, Socket, " world\n"} ->
ok
end;
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 7f512f2ab9..64a6a9eaf8 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -24,9 +24,10 @@
%% Note: This directive should only be used in test suites.
-compile(export_all).
--include("test_server.hrl").
+-include_lib("common_test/include/ct.hrl").
-define(TIMEOUT, 120000).
+-define(LONG_TIMEOUT, 600000).
-define(SLEEP, 1000).
-define(OPENSSL_RENEGOTIATE, "r\n").
-define(OPENSSL_QUIT, "Q\n").
@@ -44,21 +45,25 @@
%% variable, but should NOT alter/remove any existing entries.
%%--------------------------------------------------------------------
init_per_suite(Config0) ->
- Dog = ssl_test_lib:timetrap(?TIMEOUT *2),
+ Dog = ssl_test_lib:timetrap(?LONG_TIMEOUT *2),
case os:find_executable("openssl") of
false ->
{skip, "Openssl not found"};
_ ->
- crypto:start(),
- application:start(public_key),
- ssl:start(),
- Result =
- (catch make_certs:all(?config(data_dir, Config0),
- ?config(priv_dir, Config0))),
- test_server:format("Make certs ~p~n", [Result]),
- Config1 = ssl_test_lib:make_dsa_cert(Config0),
- Config = ssl_test_lib:cert_options(Config1),
- [{watchdog, Dog} | Config]
+ try crypto:start() of
+ ok ->
+ application:start(public_key),
+ ssl:start(),
+ Result =
+ (catch make_certs:all(?config(data_dir, Config0),
+ ?config(priv_dir, Config0))),
+ test_server:format("Make certs ~p~n", [Result]),
+ Config1 = ssl_test_lib:make_dsa_cert(Config0),
+ Config = ssl_test_lib:cert_options(Config1),
+ [{watchdog, Dog} | Config]
+ catch _:_ ->
+ {skip, "Crypto did not start"}
+ end
end.
%%--------------------------------------------------------------------
@@ -69,7 +74,7 @@ init_per_suite(Config0) ->
%%--------------------------------------------------------------------
end_per_suite(_Config) ->
ssl:stop(),
- crypto:stop().
+ application:stop(crypto).
%%--------------------------------------------------------------------
%% Function: init_per_testcase(TestCase, Config) -> Config
@@ -138,11 +143,10 @@ end_per_testcase(_, Config) ->
%% Name of a test case.
%% Description: Returns a list of all test cases in this test suite
%%--------------------------------------------------------------------
-all(doc) ->
- ["Test erlangs ssl against openssl"];
+suite() -> [{ct_hooks,[ts_install_cth]}].
-all(suite) ->
- [erlang_client_openssl_server,
+all() ->
+ [erlang_client_openssl_server,
erlang_server_openssl_client,
tls1_erlang_client_openssl_server_dsa_cert,
tls1_erlang_server_openssl_client_dsa_cert,
@@ -153,22 +157,29 @@ all(suite) ->
erlang_client_openssl_server_no_wrap_sequence_number,
erlang_server_openssl_client_no_wrap_sequence_number,
erlang_client_openssl_server_no_server_ca_cert,
- ssl3_erlang_client_openssl_server,
+ ssl3_erlang_client_openssl_server,
ssl3_erlang_server_openssl_client,
ssl3_erlang_client_openssl_server_client_cert,
ssl3_erlang_server_openssl_client_client_cert,
ssl3_erlang_server_erlang_client_client_cert,
- tls1_erlang_client_openssl_server,
+ tls1_erlang_client_openssl_server,
tls1_erlang_server_openssl_client,
tls1_erlang_client_openssl_server_client_cert,
tls1_erlang_server_openssl_client_client_cert,
tls1_erlang_server_erlang_client_client_cert,
- ciphers_rsa_signed_certs,
- ciphers_dsa_signed_certs,
- erlang_client_bad_openssl_server,
- expired_session,
- ssl2_erlang_server_openssl_client
- ].
+ ciphers_rsa_signed_certs, ciphers_dsa_signed_certs,
+ erlang_client_bad_openssl_server, expired_session,
+ ssl2_erlang_server_openssl_client].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
%% Test cases starts here.
%%--------------------------------------------------------------------
@@ -1116,8 +1127,6 @@ run_suites(Ciphers, Version, Config, Type) ->
test_server:fail(cipher_suite_failed_see_test_case_log)
end.
-
-
cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
process_flag(trap_exit, true),
test_server:format("Testing CipherSuite ~p~n", [CipherSuite]),
@@ -1128,8 +1137,8 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
KeyFile = proplists:get_value(keyfile, ServerOpts),
Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++
- " -cert " ++ CertFile ++ " -key " ++ KeyFile ++ "",
-
+ " -cert " ++ CertFile ++ " -key " ++ KeyFile ++ "",
+
test_server:format("openssl cmd: ~p~n", [Cmd]),
OpenSslPort = open_port({spawn, Cmd}, [stderr_to_stdout]),
@@ -1140,11 +1149,11 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
- {from, self()},
- {mfa, {ssl_test_lib, cipher_result, [ConnectionInfo]}},
- {options,
- [{ciphers,[CipherSuite]} |
- ClientOpts]}]),
+ {from, self()},
+ {mfa, {ssl_test_lib, cipher_result, [ConnectionInfo]}},
+ {options,
+ [{ciphers,[CipherSuite]} |
+ ClientOpts]}]),
port_command(OpenSslPort, "Hello\n"),
@@ -1165,10 +1174,6 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
close_port(OpenSslPort),
%% Clean close down!
ssl_test_lib:close(Client),
- receive
- {'EXIT', Client, normal} ->
- ok
- end,
Return = case Result of
ok ->