aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/test')
-rw-r--r--lib/ssl/test/Makefile16
-rw-r--r--lib/ssl/test/erl_make_certs.erl14
-rw-r--r--lib/ssl/test/old_ssl_active_SUITE.erl395
-rw-r--r--lib/ssl/test/old_ssl_active_once_SUITE.erl417
-rw-r--r--lib/ssl/test/old_ssl_misc_SUITE.erl117
-rw-r--r--lib/ssl/test/old_ssl_passive_SUITE.erl382
-rw-r--r--lib/ssl/test/old_ssl_peer_cert_SUITE.erl191
-rw-r--r--lib/ssl/test/old_ssl_protocol_SUITE.erl185
-rw-r--r--lib/ssl/test/old_ssl_verify_SUITE.erl153
-rw-r--r--lib/ssl/test/old_transport_accept_SUITE.erl258
-rw-r--r--lib/ssl/test/ssl.cover19
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl470
-rw-r--r--lib/ssl/test/ssl_cipher_SUITE.erl163
-rw-r--r--lib/ssl/test/ssl_dist_SUITE.erl (renamed from lib/ssl/test/old_ssl_dist_SUITE.erl)363
-rw-r--r--lib/ssl/test/ssl_dist_SUITE_data/dHParam.pem5
-rw-r--r--lib/ssl/test/ssl_packet_SUITE.erl46
-rw-r--r--lib/ssl/test/ssl_session_cache_SUITE.erl34
-rw-r--r--lib/ssl/test/ssl_test_MACHINE.erl940
-rw-r--r--lib/ssl/test/ssl_test_MACHINE.hrl39
-rw-r--r--lib/ssl/test/ssl_test_lib.erl35
-rw-r--r--lib/ssl/test/ssl_to_openssl_SUITE.erl132
21 files changed, 973 insertions, 3401 deletions
diff --git a/lib/ssl/test/Makefile b/lib/ssl/test/Makefile
index 922abea41b..6b1da63d08 100644
--- a/lib/ssl/test/Makefile
+++ b/lib/ssl/test/Makefile
@@ -39,32 +39,24 @@ MODULES = \
ssl_basic_SUITE \
ssl_handshake_SUITE \
ssl_packet_SUITE \
+ ssl_cipher_SUITE \
ssl_payload_SUITE \
ssl_to_openssl_SUITE \
ssl_session_cache_SUITE \
- ssl_test_MACHINE \
- old_ssl_active_SUITE \
- old_ssl_active_once_SUITE \
- old_ssl_passive_SUITE \
- old_ssl_verify_SUITE \
- old_ssl_peer_cert_SUITE \
- old_ssl_misc_SUITE \
- old_ssl_protocol_SUITE \
- old_transport_accept_SUITE \
- old_ssl_dist_SUITE \
+ ssl_dist_SUITE \
make_certs\
erl_make_certs
ERL_FILES = $(MODULES:%=%.erl)
-HRL_FILES = ssl_test_MACHINE.hrl
+HRL_FILES =
HRL_FILES_SRC = \
- ssl_int.hrl \
ssl_internal.hrl\
ssl_alert.hrl \
ssl_handshake.hrl \
+ ssl_cipher.hrl \
ssl_record.hrl
HRL_FILES_INC =
diff --git a/lib/ssl/test/erl_make_certs.erl b/lib/ssl/test/erl_make_certs.erl
index 8b01ca3ad4..254aa6d2f9 100644
--- a/lib/ssl/test/erl_make_certs.erl
+++ b/lib/ssl/test/erl_make_certs.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2010. All Rights Reserved.
+%% Copyright Ericsson AB 2011. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -175,7 +175,7 @@ issuer(true, Opts, SubjectKey) ->
issuer({Issuer, IssuerKey}, _Opts, _SubjectKey) when is_binary(Issuer) ->
{issuer_der(Issuer), decode_key(IssuerKey)};
issuer({File, IssuerKey}, _Opts, _SubjectKey) when is_list(File) ->
- {ok, [{cert, Cert, _}|_]} = public_key:pem_to_der(File),
+ {ok, [{cert, Cert, _}|_]} = pem_to_der(File),
{issuer_der(Cert), decode_key(IssuerKey)}.
issuer_der(Issuer) ->
@@ -185,7 +185,7 @@ issuer_der(Issuer) ->
Subject.
subject(undefined, IsRootCA) ->
- User = if IsRootCA -> "RootCA"; true -> os:getenv("USER") end,
+ User = if IsRootCA -> "RootCA"; true -> user() end,
Opts = [{email, User ++ "@erlang.org"},
{name, User},
{city, "Stockholm"},
@@ -196,6 +196,14 @@ subject(undefined, IsRootCA) ->
subject(Opts, _) ->
subject(Opts).
+user() ->
+ case os:getenv("USER") of
+ false ->
+ "test_user";
+ User ->
+ User
+ end.
+
subject(SubjectOpts) when is_list(SubjectOpts) ->
Encode = fun(Opt) ->
{Type,Value} = subject_enc(Opt),
diff --git a/lib/ssl/test/old_ssl_active_SUITE.erl b/lib/ssl/test/old_ssl_active_SUITE.erl
deleted file mode 100644
index 52ff0bcc5d..0000000000
--- a/lib/ssl/test/old_ssl_active_SUITE.erl
+++ /dev/null
@@ -1,395 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_active_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
- init_per_group/2,end_per_group/2,
- init_per_testcase/2,
- end_per_testcase/2,
- cinit_return_chkclose/1,
- sinit_return_chkclose/1,
- cinit_big_return_chkclose/1,
- sinit_big_return_chkclose/1,
- cinit_big_echo_chkclose/1,
- cinit_huge_echo_chkclose/1,
- sinit_big_echo_chkclose/1,
- cinit_few_echo_chkclose/1,
- cinit_many_echo_chkclose/1,
- cinit_cnocert/1
- ]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
- test_server_only/6]).
-
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
--define(MANYCONNS, ssl_test_MACHINE:many_conns()).
-
-init_per_testcase(_Case, Config) ->
- WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
- [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
- WatchDog = ?config(watchdog, Config),
- test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() ->
- [cinit_return_chkclose, sinit_return_chkclose,
- cinit_big_return_chkclose, sinit_big_return_chkclose,
- cinit_big_echo_chkclose, cinit_huge_echo_chkclose,
- sinit_big_echo_chkclose, cinit_few_echo_chkclose,
- cinit_many_echo_chkclose, cinit_cnocert].
-
-groups() ->
- [].
-
-init_per_group(_GroupName, Config) ->
- Config.
-
-end_per_group(_GroupName, Config) ->
- Config.
-
-
-init_per_suite(doc) ->
- "Want to se what Config contains, and record the number of available "
- "file descriptors";
-init_per_suite(suite) ->
- [];
-init_per_suite(Config) ->
- io:format("Config: ~p~n", [Config]),
- case os:type() of
- {unix, _} ->
- ?line io:format("Max fd value: ~s", [os:cmd("ulimit -n")]);
- _ ->
- ok
- end,
- %% XXX Also record: Erlang/SSL version, version of OpenSSL,
- %% operating system, version of OTP, Erts, kernel and stdlib.
-
- %% Check if SSL exists. If this case fails, all other cases are skipped
- case catch crypto:start() of
- ok ->
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config;
- _Else ->
- {skip,"Could not start crypto!"}
- end.
-
-end_per_suite(doc) ->
- "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
- [];
-end_per_suite(Config) ->
- crypto:stop(),
- Config.
-
-cinit_return_chkclose(doc) ->
- "Client sends 1000 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Both have certs.";
-cinit_return_chkclose(suite) ->
- [];
-cinit_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {recv, DataSize}, {send, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-sinit_return_chkclose(doc) ->
- "Server sends 1000 bytes to client, that receives them, sends them "
- "back, and closes. Server waits for close. Both have certs.";
-sinit_return_chkclose(suite) ->
- [];
-sinit_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, [{ssl_imp, old}|SsslOpts]},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {send, DataSize}, {recv, DataSize},
- await_close],
- CCmds = [{timeout, Timeout},
- {sslopts, [{ssl_imp, old}|CsslOpts]},
- {connect, {Host, LPort}},
- {recv, DataSize}, {send, DataSize},
- close],
-
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-cinit_big_return_chkclose(doc) ->
- "Client sends 50000 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Both have certs.";
-cinit_big_return_chkclose(suite) ->
- [];
-cinit_big_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {recv, DataSize}, {send, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-sinit_big_return_chkclose(doc) ->
- "Server sends 50000 bytes to client, that receives them, sends them "
- "back, and closes. Server waits for close. Both have certs.";
-sinit_big_return_chkclose(suite) ->
- [];
-sinit_big_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {send, DataSize}, {recv, DataSize},
- await_close],
- CCmds = [{timeout, Timeout},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {recv, DataSize}, {send, DataSize},
- close],
-
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-cinit_big_echo_chkclose(doc) ->
- "Client sends 50000 bytes to server, that echoes them back "
- "and closes. Client waits for close. Both have certs.";
-cinit_big_echo_chkclose(suite) ->
- [];
-cinit_big_echo_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {echo, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-cinit_huge_echo_chkclose(doc) ->
- "Client sends 500000 bytes to server, that echoes them back "
- "and closes. Client waits for close. Both have certs.";
-cinit_huge_echo_chkclose(suite) ->
- [];
-cinit_huge_echo_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 500000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {echo, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-sinit_big_echo_chkclose(doc) ->
- "Server sends 50000 bytes to client, that echoes them back "
- "and closes. Server waits for close. Both have certs.";
-sinit_big_echo_chkclose(suite) ->
- [];
-sinit_big_echo_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {send, DataSize}, {recv, DataSize},
- await_close],
- CCmds = [{timeout, Timeout},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {echo, DataSize},
- close],
-
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-
-%% This case is repeated several times.
-
-cinit_few_echo_chkclose(X) -> cinit_many_echo_chkclose(X, 7).
-
-cinit_many_echo_chkclose(X) -> cinit_many_echo_chkclose(X, ?MANYCONNS).
-
-cinit_many_echo_chkclose(doc, _NConns) ->
- "N client sends 10000 bytes to server, that echoes them back "
- "and closes. Clients wait for close. All have certs.";
-cinit_many_echo_chkclose(suite, _NConns) ->
- [];
-cinit_many_echo_chkclose(Config, NConns) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 10000, LPort = 3456,
- Timeout = 80000,
-
- io:format("~w connections", [NConns]),
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {echo, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-
-cinit_cnocert(doc) ->
- "Client sends 1000 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Client has no cert, "
- "but server has.";
-cinit_cnocert(suite) ->
- [];
-cinit_cnocert(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3457,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {_CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {recv, DataSize}, {send, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-
diff --git a/lib/ssl/test/old_ssl_active_once_SUITE.erl b/lib/ssl/test/old_ssl_active_once_SUITE.erl
deleted file mode 100644
index c7beadb301..0000000000
--- a/lib/ssl/test/old_ssl_active_once_SUITE.erl
+++ /dev/null
@@ -1,417 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2002-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_active_once_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
- init_per_group/2,end_per_group/2,
- init_per_testcase/2,
- end_per_testcase/2,
- server_accept_timeout/1,
- cinit_return_chkclose/1,
- sinit_return_chkclose/1,
- cinit_big_return_chkclose/1,
- sinit_big_return_chkclose/1,
- cinit_big_echo_chkclose/1,
- cinit_huge_echo_chkclose/1,
- sinit_big_echo_chkclose/1,
- cinit_few_echo_chkclose/1,
- cinit_many_echo_chkclose/1,
- cinit_cnocert/1
- ]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
- test_server_only/6]).
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
--define(MANYCONNS, ssl_test_MACHINE:many_conns()).
-
-init_per_testcase(_Case, Config) ->
- WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
- [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
- WatchDog = ?config(watchdog, Config),
- test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() ->
- [server_accept_timeout, cinit_return_chkclose,
- sinit_return_chkclose, cinit_big_return_chkclose,
- sinit_big_return_chkclose, cinit_big_echo_chkclose,
- cinit_huge_echo_chkclose, sinit_big_echo_chkclose,
- cinit_few_echo_chkclose, cinit_many_echo_chkclose,
- cinit_cnocert].
-
-groups() ->
- [].
-
-init_per_group(_GroupName, Config) ->
- Config.
-
-end_per_group(_GroupName, Config) ->
- Config.
-
-
-init_per_suite(doc) ->
- "Want to se what Config contains.";
-init_per_suite(suite) ->
- [];
-init_per_suite(Config) ->
- io:format("Config: ~p~n", [Config]),
-
- %% Check if SSL exists. If this case fails, all other cases are skipped
- case catch crypto:start() of
- ok ->
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config;
- _Else ->
- {skip,"Could not start crypto"}
- end.
-
-end_per_suite(doc) ->
- "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
- [];
-end_per_suite(Config) ->
- crypto:stop(),
- Config.
-
-server_accept_timeout(doc) ->
- "Server has one pending accept with timeout. Checks that return "
- "value is {error, timeout}.";
-server_accept_timeout(suite) ->
- [];
-server_accept_timeout(Config) when list(Config) ->
- process_flag(trap_exit, true),
- LPort = 3456,
- Timeout = 40000, NConns = 1,
- AccTimeout = 3000,
-
- ?line {ok, {_, SsslOpts}} = mk_ssl_cert_opts(Config),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, AccTimeout},
- accept_timeout],
- ?line test_server_only(NConns, LCmds, ACmds, Timeout, ?MODULE,
- Config).
-
-cinit_return_chkclose(doc) ->
- "Client sends 1000 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Both have certs.";
-cinit_return_chkclose(suite) ->
- [];
-cinit_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {recv, DataSize}, {send, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, once}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-sinit_return_chkclose(doc) ->
- "Server sends 1000 bytes to client, that receives them, sends them "
- "back, and closes. Server waits for close. Both have certs.";
-sinit_return_chkclose(suite) ->
- [];
-sinit_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {send, DataSize}, {recv, DataSize},
- await_close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, once}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {recv, DataSize}, {send, DataSize},
- close],
-
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-cinit_big_return_chkclose(doc) ->
- "Client sends 50000 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Both have certs.";
-cinit_big_return_chkclose(suite) ->
- [];
-cinit_big_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- %% Set {active, false} so that accept is passive to begin with.
- LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {sockopts, [{active, once}]}, % {active, once} here.
- {recv, DataSize}, {send, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, once}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-sinit_big_return_chkclose(doc) ->
- "Server sends 50000 bytes to client, that receives them, sends them "
- "back, and closes. Server waits for close. Both have certs.";
-sinit_big_return_chkclose(suite) ->
- [];
-sinit_big_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {send, DataSize}, {recv, DataSize},
- await_close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, once}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {recv, DataSize}, {send, DataSize},
- close],
-
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-cinit_big_echo_chkclose(doc) ->
- "Client sends 50000 bytes to server, that echoes them back "
- "and closes. Client waits for close. Both have certs.";
-cinit_big_echo_chkclose(suite) ->
- [];
-cinit_big_echo_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {echo, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, once}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-cinit_huge_echo_chkclose(doc) ->
- "Client sends 500000 bytes to server, that echoes them back "
- "and closes. Client waits for close. Both have certs.";
-cinit_huge_echo_chkclose(suite) ->
- [];
-cinit_huge_echo_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 500000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {echo, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, once}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-sinit_big_echo_chkclose(doc) ->
- "Server sends 50000 bytes to client, that echoes them back "
- "and closes. Server waits for close. Both have certs.";
-sinit_big_echo_chkclose(suite) ->
- [];
-sinit_big_echo_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {send, DataSize}, {recv, DataSize},
- await_close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, once}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {echo, DataSize},
- close],
-
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-cinit_few_echo_chkclose(X) -> cinit_many_echo_chkclose(X, 7).
-
-cinit_many_echo_chkclose(X) -> cinit_many_echo_chkclose(X, ?MANYCONNS).
-
-cinit_many_echo_chkclose(doc, _NConns) ->
- "client send 10000 bytes to server, that echoes them back "
- "and closes. Clients wait for close. All have certs.";
-cinit_many_echo_chkclose(suite, _NConns) ->
- [];
-cinit_many_echo_chkclose(Config, NConns) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 10000, LPort = 3456,
- Timeout = 80000,
-
- io:format("~w connections", [NConns]),
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {echo, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, once}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-cinit_cnocert(doc) ->
- "Client sends 1000 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Client has no cert, "
- "but server has.";
-cinit_cnocert(suite) ->
- [];
-cinit_cnocert(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3457,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {_CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, once}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {recv, DataSize}, {send, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, once}]},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-
diff --git a/lib/ssl/test/old_ssl_misc_SUITE.erl b/lib/ssl/test/old_ssl_misc_SUITE.erl
deleted file mode 100644
index ea03e83867..0000000000
--- a/lib/ssl/test/old_ssl_misc_SUITE.erl
+++ /dev/null
@@ -1,117 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_misc_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
- init_per_group/2,end_per_group/2,
- init_per_testcase/2,
- end_per_testcase/2,
- seed/1,
- app/1
- ]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
- test_server_only/6]).
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
--define(MANYCONNS, 5).
-
-init_per_testcase(_Case, Config) ->
- WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
- [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
- WatchDog = ?config(watchdog, Config),
- test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() ->
- [seed, app].
-
-groups() ->
- [].
-
-init_per_group(_GroupName, Config) ->
- Config.
-
-end_per_group(_GroupName, Config) ->
- Config.
-
-
-init_per_suite(doc) ->
- "Want to se what Config contains.";
-init_per_suite(suite) ->
- [];
-init_per_suite(Config) ->
- io:format("Config: ~p~n", [Config]),
-
- %% Check if SSL exists. If this case fails, all other cases are skipped
- case catch crypto:start() of
- ok ->
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config;
- _Else ->
- {skip,"Could not start crypto!"}
- end.
-
-end_per_suite(doc) ->
- "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
- [];
-end_per_suite(Config) ->
- crypto:stop(),
- Config.
-
-seed(doc) ->
- "Test that ssl:seed/1 works.";
-seed(suite) ->
- [];
-seed(Config) when list(Config) ->
- process_flag(trap_exit, true),
- LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {_, SsslOpts}} = mk_ssl_cert_opts(Config),
-
- LCmds = [{seed, "tjosan"},
- {sockopts, [{backlog, NConns}, {active, once}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ?line test_server_only(NConns, LCmds, [], Timeout, ?MODULE,
- Config).
-
-app(doc) ->
- "Test that the ssl app file is ok";
-app(suite) ->
- [];
-app(Config) when list(Config) ->
- ?line ok = test_server:app_test(ssl).
-
-
diff --git a/lib/ssl/test/old_ssl_passive_SUITE.erl b/lib/ssl/test/old_ssl_passive_SUITE.erl
deleted file mode 100644
index 7b54fe876a..0000000000
--- a/lib/ssl/test/old_ssl_passive_SUITE.erl
+++ /dev/null
@@ -1,382 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_passive_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1,
- end_per_suite/1, init_per_group/2,end_per_group/2,
- init_per_testcase/2,
- end_per_testcase/2,
- server_accept_timeout/1,
- cinit_return_chkclose/1,
- sinit_return_chkclose/1,
- cinit_big_return_chkclose/1,
- sinit_big_return_chkclose/1,
- cinit_big_echo_chkclose/1,
- sinit_big_echo_chkclose/1,
- cinit_few_echo_chkclose/1,
- cinit_many_echo_chkclose/1,
- cinit_cnocert/1
- ]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
- test_server_only/6]).
-
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
--define(MANYCONNS, ssl_test_MACHINE:many_conns()).
-
-init_per_testcase(_Case, Config) ->
- WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
- [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
- WatchDog = ?config(watchdog, Config),
- test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() ->
- [server_accept_timeout, cinit_return_chkclose,
- sinit_return_chkclose, cinit_big_return_chkclose,
- sinit_big_return_chkclose, cinit_big_echo_chkclose,
- sinit_big_echo_chkclose, cinit_few_echo_chkclose,
- cinit_many_echo_chkclose, cinit_cnocert].
-
-groups() ->
- [].
-
-init_per_group(_GroupName, Config) ->
- Config.
-
-end_per_group(_GroupName, Config) ->
- Config.
-
-
-init_per_suite(doc) ->
- "Want to se what Config contains.";
-init_per_suite(suite) ->
- [];
-init_per_suite(Config) ->
- io:format("Config: ~p~n", [Config]),
-
- %% Check if SSL exists. If this case fails, all other cases are skipped
- case catch crypto:start() of
- ok ->
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config;
- _Else ->
- {skip,"Could not start crypto"}
- end.
-
-end_per_suite(doc) ->
- "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
- [];
-end_per_suite(Config) ->
- crypto:stop(),
- Config.
-
-server_accept_timeout(doc) ->
- "Server has one pending accept with timeout. Checks that return "
- "value is {error, timeout}.";
-server_accept_timeout(suite) ->
- [];
-server_accept_timeout(Config) when list(Config) ->
- process_flag(trap_exit, true),
- LPort = 3456,
- Timeout = 40000, NConns = 1,
- AccTimeout = 3000,
-
- ?line {ok, {_, SsslOpts}} = mk_ssl_cert_opts(Config),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, AccTimeout},
- accept_timeout],
- ?line test_server_only(NConns, LCmds, ACmds, Timeout, ?MODULE, Config).
-
-cinit_return_chkclose(doc) ->
- "Client sends 1000 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Both have certs.";
-cinit_return_chkclose(suite) ->
- [];
-cinit_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {recv, DataSize}, {send, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, false}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-sinit_return_chkclose(doc) ->
- "Server sends 1000 bytes to client, that receives them, sends them "
- "back, and closes. Server waits for close. Both have certs.";
-sinit_return_chkclose(suite) ->
- [];
-sinit_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {send, DataSize}, {recv, DataSize},
- await_close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, false}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {recv, DataSize}, {send, DataSize},
- close],
-
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-cinit_big_return_chkclose(doc) ->
- "Client sends 50000 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Both have certs.";
-cinit_big_return_chkclose(suite) ->
- [];
-cinit_big_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {recv, DataSize}, {send, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, false}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-sinit_big_return_chkclose(doc) ->
- "Server sends 50000 bytes to client, that receives them, sends them "
- "back, and closes. Server waits for close. Both have certs.";
-sinit_big_return_chkclose(suite) ->
- [];
-sinit_big_return_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {send, DataSize}, {recv, DataSize},
- await_close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, false}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {recv, DataSize}, {send, DataSize},
- close],
-
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-cinit_big_echo_chkclose(doc) ->
- "Client sends 50000 bytes to server, that echoes them back "
- "and closes. Client waits for close. Both have certs.";
-cinit_big_echo_chkclose(suite) ->
- [];
-cinit_big_echo_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {echo, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, false}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-sinit_big_echo_chkclose(doc) ->
- "Server sends 50000 bytes to client, that echoes them back "
- "and closes. Server waits for close. Both have certs.";
-sinit_big_echo_chkclose(suite) ->
- [];
-sinit_big_echo_chkclose(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 50000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {send, DataSize}, {recv, DataSize},
- await_close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, false}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {echo, DataSize},
- close],
-
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-
-cinit_few_echo_chkclose(X) -> cinit_many_echo_chkclose(X, 7).
-
-cinit_many_echo_chkclose(X) -> cinit_many_echo_chkclose(X, ?MANYCONNS).
-
-cinit_many_echo_chkclose(doc, _NConns) ->
- "clients send 10000 bytes to server, that echoes them back "
- "and closes. Clients wait for close. All have certs.";
-cinit_many_echo_chkclose(suite, _NConns) ->
- [];
-cinit_many_echo_chkclose(Config, NConns) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 10000, LPort = 3456,
- Timeout = 80000,
-
- io:format("~w connections", [NConns]),
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {echo, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, false}]},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
-cinit_cnocert(doc) ->
- "Client sends 1000 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Client has no cert, "
- "but server has.";
-cinit_cnocert(suite) ->
- [];
-cinit_cnocert(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3457,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {_CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}, {active, false}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {recv, DataSize}, {send, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sockopts, [{active, false}]},
- {connect, {Host, LPort}},
- {send, DataSize}, {recv, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, ?MODULE,
- Config).
-
diff --git a/lib/ssl/test/old_ssl_peer_cert_SUITE.erl b/lib/ssl/test/old_ssl_peer_cert_SUITE.erl
deleted file mode 100644
index ee19bad175..0000000000
--- a/lib/ssl/test/old_ssl_peer_cert_SUITE.erl
+++ /dev/null
@@ -1,191 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2003-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_peer_cert_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
- init_per_group/2,end_per_group/2,
- init_per_testcase/2,
- end_per_testcase/2,
- cinit_plain/1,
- cinit_both_verify/1,
- cinit_cnocert/1
- ]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
- test_server_only/6]).
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
-
-init_per_testcase(_Case, Config) ->
- WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
- [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
- WatchDog = ?config(watchdog, Config),
- test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() ->
- [cinit_plain, cinit_both_verify, cinit_cnocert].
-
-groups() ->
- [].
-
-init_per_group(_GroupName, Config) ->
- Config.
-
-end_per_group(_GroupName, Config) ->
- Config.
-
-
-init_per_suite(doc) ->
- "Want to se what Config contains.";
-init_per_suite(suite) ->
- [];
-init_per_suite(Config) ->
- io:format("Config: ~p~n", [Config]),
-
- %% Check if SSL exists. If this case fails, all other cases are skipped
- case catch crypto:start() of
- ok ->
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config;
- _Else ->
- {skip,"Could not start crypto"}
- end.
-
-end_per_suite(doc) ->
- "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
- [];
-end_per_suite(Config) ->
- crypto:stop(),
- Config.
-
-cinit_plain(doc) ->
- "Server closes after accept, Client waits for close. Both have certs "
- "but both use the defaults for verify and depth, but still tries "
- "to retreive each others certificates.";
-cinit_plain(suite) ->
- [];
-cinit_plain(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts, SsslOpts}} = mk_ssl_cert_opts(Config),
-
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- nopeercert,
- {recv, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- peercert,
- {send, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout,
- ?MODULE, Config).
-
-cinit_both_verify(doc) ->
- "Server closes after accept, Client waits for close. Both have certs "
- "and both verify each other.";
-cinit_both_verify(suite) ->
- [];
-cinit_both_verify(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts0, SsslOpts0}} = mk_ssl_cert_opts(Config),
- ?line CsslOpts = [{verify, 2}, {depth, 2} | CsslOpts0],
- ?line SsslOpts = [{verify, 2}, {depth, 3} | SsslOpts0],
-
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- peercert,
- {recv, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- peercert,
- {send, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout,
- ?MODULE, Config).
-
-cinit_cnocert(doc) ->
- "Client has no cert. Nor the client, nor the server is verifying its "
- "peer. Server closes, client waits for close.";
-cinit_cnocert(suite) ->
- [];
-cinit_cnocert(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3457,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {_, SsslOpts0}} = mk_ssl_cert_opts(Config),
- ?line SsslOpts = [{verify, 0}, {depth, 2} | SsslOpts0],
-
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {recv, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {connect, {Host, LPort}},
- peercert,
- {send, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout,
- ?MODULE, Config).
-
-
diff --git a/lib/ssl/test/old_ssl_protocol_SUITE.erl b/lib/ssl/test/old_ssl_protocol_SUITE.erl
deleted file mode 100644
index 9b9937c210..0000000000
--- a/lib/ssl/test/old_ssl_protocol_SUITE.erl
+++ /dev/null
@@ -1,185 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2005-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_protocol_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
- init_per_group/2,end_per_group/2,
- init_per_testcase/2, end_per_testcase/2,
- sslv2/1, sslv3/1, tlsv1/1, sslv2_sslv3/1,
- sslv2_tlsv1/1, sslv3_tlsv1/1, sslv2_sslv3_tlsv1/1]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
- test_server_only/6]).
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
-
-init_per_testcase(_Case, Config) ->
- WatchDog = test_server:timetrap(?DEFAULT_TIMEOUT),
- [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
- WatchDog = ?config(watchdog, Config),
- test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() ->
- [sslv2, sslv3, tlsv1, sslv2_sslv3, sslv2_tlsv1,
- sslv3_tlsv1, sslv2_sslv3_tlsv1].
-
-groups() ->
- [].
-
-init_per_group(_GroupName, Config) ->
- Config.
-
-end_per_group(_GroupName, Config) ->
- Config.
-
-
-init_per_suite(doc) ->
- "Want to se what Config contains.";
-init_per_suite(suite) ->
- [];
-init_per_suite(Config) ->
- io:format("Config: ~p~n", [Config]),
-
- %% Check if SSL exists. If this case fails, all other cases are skipped
- case catch crypto:start() of
- ok ->
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config;
- _Else ->
- {skip,"Could not start crypto"}
- end.
-
-end_per_suite(doc) ->
- "This test case has no other purpose than closing the conf case.";
-end_per_suite(suite) ->
- [];
-end_per_suite(Config) ->
- crypto:stop(),
- Config.
-
-%%%%%
-
-sslv2(doc) ->
- "Client has no cert. Nor the client, nor the server is verifying its "
- "peer. Server closes, client waits for close. "
- "Client and server choose SSLv2.";
-sslv2(suite) ->
- [];
-sslv2(Config) when list(Config) ->
- do_run_test(Config, [sslv2]).
-
-sslv3(doc) ->
- "Client has no cert. Nor the client, nor the server is verifying its "
- "peer. Server closes, client waits for close. "
- "Client and server choose SSLv3.";
-sslv3(suite) ->
- [];
-sslv3(Config) when list(Config) ->
- do_run_test(Config, [sslv3]).
-
-tlsv1(doc) ->
- "Client has no cert. Nor the client, nor the server is verifying its "
- "peer. Server closes, client waits for close. "
- "Client and server choose TLSv1.";
-tlsv1(suite) ->
- [];
-tlsv1(Config) when list(Config) ->
- do_run_test(Config, [tlsv1]).
-
-sslv2_sslv3(doc) ->
- "Client has no cert. Nor the client, nor the server is verifying its "
- "peer. Server closes, client waits for close. "
- "Client and server choose between SSLv2 and SSLv3.";
-sslv2_sslv3(suite) ->
- [];
-sslv2_sslv3(Config) when list(Config) ->
- do_run_test(Config, [sslv2, sslv3]).
-
-sslv2_tlsv1(doc) ->
- "Client has no cert. Nor the client, nor the server is verifying its "
- "peer. Server closes, client waits for close. "
- "Client and server choose between SSLv2 and TLSv1.";
-sslv2_tlsv1(suite) ->
- [];
-sslv2_tlsv1(Config) when list(Config) ->
- do_run_test(Config, [sslv2, tlsv1]).
-
-sslv3_tlsv1(doc) ->
- "Client has no cert. Nor the client, nor the server is verifying its "
- "peer. Server closes, client waits for close. "
- "Client and server choose between SSLv3 and TLSv1.";
-sslv3_tlsv1(suite) ->
- [];
-sslv3_tlsv1(Config) when list(Config) ->
- do_run_test(Config, [sslv3, tlsv1]).
-
-sslv2_sslv3_tlsv1(doc) ->
- "Client has no cert. Nor the client, nor the server is verifying its "
- "peer. Server closes, client waits for close. "
- "Client and server choose between SSLv2, SSLv3, and TLSv1.";
-sslv2_sslv3_tlsv1(suite) ->
- [];
-sslv2_sslv3_tlsv1(Config) when list(Config) ->
- do_run_test(Config, [sslv2, sslv3, tlsv1]).
-
-%%%%
-
-do_run_test(Config0, Protocols) ->
- process_flag(trap_exit, true),
- LPort = 3456,
- Timeout = 40000, NConns = 1,
- DataSize = 10,
-
- ?line {ok, {_, SsslOpts0}} = mk_ssl_cert_opts(Config0),
- ?line SsslOpts = [{verify, 0}, {depth, 2} | SsslOpts0],
-
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- connection_info,
- {recv, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {connect, {Host, LPort}},
- connection_info,
- {send, DataSize},
- await_close],
- Config1 = [{env, [{protocol_version, Protocols}]} | Config0],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout,
- ?MODULE, Config1).
-
-
diff --git a/lib/ssl/test/old_ssl_verify_SUITE.erl b/lib/ssl/test/old_ssl_verify_SUITE.erl
deleted file mode 100644
index 4c11ea6850..0000000000
--- a/lib/ssl/test/old_ssl_verify_SUITE.erl
+++ /dev/null
@@ -1,153 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 1999-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_ssl_verify_SUITE).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
- init_per_group/2,end_per_group/2,
- init_per_testcase/2,
- end_per_testcase/2,
- cinit_both_verify/1,
- cinit_cnocert/1
- ]).
-
--import(ssl_test_MACHINE, [mk_ssl_cert_opts/1, test_one_listener/7,
- test_server_only/6]).
--include_lib("test_server/include/test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
-
-init_per_testcase(_Case, Config) ->
- WatchDog = ssl_test_lib:timetrap(?DEFAULT_TIMEOUT),
- [{watchdog, WatchDog}| Config].
-
-end_per_testcase(_Case, Config) ->
- WatchDog = ?config(watchdog, Config),
- test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() ->
- [cinit_both_verify, cinit_cnocert].
-
-groups() ->
- [].
-
-init_per_group(_GroupName, Config) ->
- Config.
-
-end_per_group(_GroupName, Config) ->
- Config.
-
-
-init_per_suite(doc) ->
- "Want to se what Config contains.";
-init_per_suite(suite) ->
- [];
-init_per_suite(Config) ->
- io:format("Config: ~p~n", [Config]),
-
- %% Check if SSL exists. If this case fails, all other cases are skipped
- case catch crypto:start() of
- ok ->
- application:start(public_key),
- case ssl:start() of
- ok -> ssl:stop();
- {error, {already_started, _}} -> ssl:stop();
- Error -> ?t:fail({failed_starting_ssl,Error})
- end,
- Config;
- _Else ->
- {skip,"Could not start crypto"}
- end.
-
-end_per_suite(doc) ->
- "This test case has no mission other than closing the conf case";
-end_per_suite(suite) ->
- [];
-end_per_suite(Config) ->
- crypto:stop(),
- Config.
-
-cinit_both_verify(doc) ->
- "Server closes after accept, Client waits for close. Both have certs "
- "and both verify each other.";
-cinit_both_verify(suite) ->
- [];
-cinit_both_verify(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3456,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {CsslOpts0, SsslOpts0}} = mk_ssl_cert_opts(Config),
- ?line CsslOpts = [{verify, 2}, {depth, 2} | CsslOpts0],
- ?line SsslOpts = [{verify, 2}, {depth, 3} | SsslOpts0],
-
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {recv, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {sslopts, CsslOpts},
- {connect, {Host, LPort}},
- {send, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout,
- ?MODULE, Config).
-
-cinit_cnocert(doc) ->
- "Client has no cert. Nor the client, nor the server is verifying its "
- "peer. Server closes, client waits for close.";
-cinit_cnocert(suite) ->
- [];
-cinit_cnocert(Config) when list(Config) ->
- process_flag(trap_exit, true),
- DataSize = 1000, LPort = 3457,
- Timeout = 40000, NConns = 1,
-
- ?line {ok, {_, SsslOpts0}} = mk_ssl_cert_opts(Config),
- ?line SsslOpts = [{verify, 0}, {depth, 2} | SsslOpts0],
-
- ?line {ok, Host} = inet:gethostname(),
-
- LCmds = [{sockopts, [{backlog, NConns}]},
- {sslopts, SsslOpts},
- {listen, LPort},
- wait_sync,
- lclose],
- ACmds = [{timeout, Timeout},
- accept,
- {recv, DataSize},
- close],
- CCmds = [{timeout, Timeout},
- {connect, {Host, LPort}},
- {send, DataSize},
- await_close],
- ?line test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout,
- ?MODULE, Config).
-
-
diff --git a/lib/ssl/test/old_transport_accept_SUITE.erl b/lib/ssl/test/old_transport_accept_SUITE.erl
deleted file mode 100644
index 6f0c8e456b..0000000000
--- a/lib/ssl/test/old_transport_accept_SUITE.erl
+++ /dev/null
@@ -1,258 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(old_transport_accept_SUITE).
--include_lib("common_test/include/ct.hrl").
--include("test_server_line.hrl").
-
-%% Default timetrap timeout (set in init_per_testcase).
--define(default_timeout, ?t:minutes(1)).
--define(application, ssh).
-
--export([all/0, suite/0,groups/0,init_per_suite/1, end_per_suite/1,
- init_per_group/2,end_per_group/2,
- init_per_testcase/2,
- end_per_testcase/2,
- config/1,
- echo_once/1,
- echo_twice/1,
- close_before_ssl_accept/1,
- server/5,
- tolerant_server/5,
- client/5
- ]).
-
-init_per_testcase(_Case, Config) ->
- WatchDog = ssl_test_lib:timetrap(?default_timeout),
- [{watchdog, WatchDog}, {protomod, gen_tcp}, {serialize_accept, true}|
- Config].
-
-end_per_testcase(_Case, Config) ->
- WatchDog = ?config(watchdog, Config),
- test_server:timetrap_cancel(WatchDog).
-
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() ->
- [config, echo_once, echo_twice, close_before_ssl_accept].
-
-groups() ->
- [].
-
-init_per_suite(Config) ->
- try crypto:start() of
- ok ->
- Config
- catch _:_ ->
- {skip, "Crypto did not start"}
- end.
-
-end_per_suite(_Config) ->
- application:stop(crypto),
- ok.
-
-init_per_group(_GroupName, Config) ->
- Config.
-
-end_per_group(_GroupName, Config) ->
- Config.
-
-
-config(doc) ->
- "Want to se what Config contains.";
-config(suite) ->
- [];
-config(Config) ->
- io:format("Config: ~p~n", [Config]),
- ok.
-
-echo_once(doc) ->
- "Client sends 256 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Both have certs.";
-echo_once(suite) ->
- [];
-echo_once(Config) when list(Config) ->
- process_flag(trap_exit, true),
- LPort = 3456,
- {ok, Host} = inet:gethostname(),
- {ok, {COpts, SOpts}} = ssl_test_MACHINE:mk_ssl_cert_opts(Config),
- N = 1,
- Msg = lists:seq(0, 255),
- Self = self(),
- Params = "-pa " ++ filename:dirname(code:which(?MODULE)),
- Node = start_node(server, Params),
- CNode = start_node(client, Params),
- Server = spawn_link(Node, ?MODULE, server, [Self, LPort, SOpts, Msg, N]),
- Client = spawn_link(Node, ?MODULE, client, [Host, LPort, COpts, Msg, N]),
- ok = receive
- {Server, listening} ->
- Client ! {Server, listening},
- ok;
- E ->
- io:format("bad receive (1) ~p\n", [E]),
- E
- end,
- receive
- {Server, done} ->
- ok
- end,
- test_server:stop_node(Node),
- test_server:stop_node(CNode).
-
-close_before_ssl_accept(doc) ->
- "Client sends 256 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Both have certs.";
-close_before_ssl_accept(suite) ->
- [];
-close_before_ssl_accept(Config) when list(Config) ->
- process_flag(trap_exit, true),
- LPort = 3456,
- {ok, Host} = inet:gethostname(),
- {ok, {COpts, SOpts}} = ssl_test_MACHINE:mk_ssl_cert_opts(Config),
- Msg = lists:seq(0, 255),
- Self = self(),
- Params = "-pa " ++ filename:dirname(code:which(?MODULE)),
- Node = start_node(server, Params),
- CNode = start_node(client, Params),
- Server = spawn_link(Node, ?MODULE, tolerant_server,
- [Self, LPort, SOpts, Msg, 2]),
- Client = spawn_link(Node, ?MODULE, client,
- [Host, LPort, COpts, Msg, 1]),
- ok = receive
- {Server, listening} ->
- {ok, S} = gen_tcp:connect(Host, LPort, []),
- gen_tcp:close(S),
- Client ! {Server, listening},
- ok;
- E ->
- io:format("bad receive (1) ~p\n", [E]),
- E
- end,
- receive
- {Server, done} ->
- ok
- end,
- test_server:stop_node(Node),
- test_server:stop_node(CNode).
-
-client(Host, LPort, COpts, Msg, N) ->
- ok = receive
- {_Server, listening} ->
- ok;
- E ->
- io:format("bad receive (2) ~p\n", [E]),
- E
- end,
- Opts = COpts ++ [{packet, raw}, {active, false}],
- app(),
- lists:foreach(fun(_) ->
- {ok, S} = ssl:connect(Host, LPort, Opts),
- ssl:send(S, Msg),
- {ok, Msg} = ssl:recv(S, length(Msg)),
- ssl:close(S)
- end, lists:seq(1, N)).
-
-echo_twice(doc) ->
- "Two clients sends 256 bytes to server, that receives them, sends them "
- "back, and closes. Client waits for close. Both have certs.";
-echo_twice(suite) ->
- [];
-echo_twice(Config) when list(Config) ->
- process_flag(trap_exit, true),
- LPort = 3456,
- {ok, Host} = inet:gethostname(),
- {ok, {COpts, SOpts}} = ssl_test_MACHINE:mk_ssl_cert_opts(Config),
- N = 2,
- Msg = lists:seq(0, 255),
- Self = self(),
- Params = "-pa " ++ filename:dirname(code:which(?MODULE)),
- Node = start_node(server, Params),
- CNode = start_node(client, Params),
- Server = spawn_link(Node, ?MODULE, server,
- [Self, LPort, SOpts, Msg, N]),
- Client = spawn_link(Node, ?MODULE, client,
- [Host, LPort, COpts, Msg, N]),
- ok = receive
- {Server, listening} ->
- Client ! {Server, listening},
- ok;
- E ->
- io:format("bad receive (3) ~p\n", [E]),
- E
- end,
- receive
- {Server, done} ->
- ok
- end,
- test_server:stop_node(Node),
- test_server:stop_node(CNode).
-
-server(Client, Port, SOpts, Msg, N) ->
- app(),
- process_flag(trap_exit, true),
- Opts = SOpts ++ [{packet, raw}, {active, false}],
- {ok, LSock} = ssl:listen(Port, Opts),
- Client ! {self(), listening},
- server_loop(Client, LSock, Msg, N).
-
-server_loop(Client, _, _, 0) ->
- Client ! {self(), done};
-server_loop(Client, LSock, Msg, N) ->
- {ok, S} = ssl:transport_accept(LSock),
- ok = ssl:ssl_accept(S),
- %% P = ssl:controlling_process(S, Proxy),
- {ok, Msg} = ssl:recv(S, length(Msg)),
- ok = ssl:send(S, Msg),
- ok = ssl:close(S),
- server_loop(Client, LSock, Msg, N-1).
-
-tolerant_server(Client, Port, SOpts, Msg, N) ->
- app(),
- process_flag(trap_exit, true),
- Opts = SOpts ++ [{packet, raw}, {active, false}],
- {ok, LSock} = ssl:listen(Port, Opts),
- Client ! {self(), listening},
- tolerant_server_loop(Client, LSock, Msg, N).
-
-tolerant_server_loop(Client, _, _, 0) ->
- Client ! {self(), done};
-tolerant_server_loop(Client, LSock, Msg, N) ->
- {ok, S} = ssl:transport_accept(LSock),
- case ssl:ssl_accept(S) of
- ok ->
- %% P = ssl:controlling_process(S, Proxy),
- {ok, Msg} = ssl:recv(S, length(Msg)),
- ok = ssl:send(S, Msg),
- ok = ssl:close(S);
- E ->
- io:format("ssl_accept error: ~p\n", [E])
- end,
- tolerant_server_loop(Client, LSock, Msg, N-1).
-
-app() ->
- crypto:start(),
- application:start(public_key),
- ssl:start().
-
-start_node(Kind, Params) ->
- S = atom_to_list(?MODULE)++"_" ++ atom_to_list(Kind),
- {ok, Node} = test_server:start_node(list_to_atom(S), slave, [{args, Params}]),
- Node.
-
diff --git a/lib/ssl/test/ssl.cover b/lib/ssl/test/ssl.cover
index 60774cc0f1..6b13e07a37 100644
--- a/lib/ssl/test/ssl.cover
+++ b/lib/ssl/test/ssl.cover
@@ -1,21 +1,4 @@
{incl_app,ssl,details}.
-{excl_mods, ssl, [ssl_pkix_oid,
- 'PKIX1Algorithms88',
- 'PKIX1Explicit88',
- 'PKIX1Implicit88',
- 'PKIXAttributeCertificate',
- 'SSL-PKIX',
- ssl_pem,
- ssl_pkix,
- ssl_base64,
- ssl_broker,
- ssl_broker_int,
- ssl_broker_sup,
- ssl_debug,
- ssl_server,
- ssl_prim,
- inet_ssl_dist,
- 'OTP-PKIX'
- ]}.
+{excl_mods, ssl, [ssl_debug]}.
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 8da1d947d3..527263363c 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -28,7 +28,6 @@
-include_lib("public_key/include/public_key.hrl").
-include("ssl_alert.hrl").
--include("ssl_int.hrl").
-include("ssl_internal.hrl").
-include("ssl_record.hrl").
@@ -37,6 +36,7 @@
-define(LONG_TIMEOUT, 600000).
-define(EXPIRE, 10).
-define(SLEEP, 500).
+-define(RENEGOTIATION_DISABLE_TIME, 12000).
%% Test server callback functions
%%--------------------------------------------------------------------
@@ -207,8 +207,8 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
all() ->
[app, alerts, connection_info, protocol_versions,
empty_protocol_versions, controlling_process,
- controller_dies, client_closes_socket, peercert,
- connect_dist, peername, sockname, socket_options,
+ controller_dies, client_closes_socket,
+ connect_dist, peername, peercert, sockname, socket_options,
invalid_inet_get_option, invalid_inet_get_option_not_list,
invalid_inet_get_option_improper_list,
invalid_inet_set_option, invalid_inet_set_option_not_list,
@@ -257,7 +257,9 @@ all() ->
%%different_ca_peer_sign,
no_reuses_session_server_restart_new_cert,
no_reuses_session_server_restart_new_cert_file, reuseaddr,
- hibernate, connect_twice
+ hibernate, connect_twice, renegotiate_dos_mitigate_active,
+ renegotiate_dos_mitigate_passive,
+ tcp_error_propagation_in_active_mode, rizzo, no_rizzo_rc4
].
groups() ->
@@ -394,8 +396,8 @@ controlling_process(Config) when is_list(Config) ->
ClientOpts = ?config(client_opts, Config),
ServerOpts = ?config(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
- ClientMsg = "Hello server",
- ServerMsg = "Hello client",
+ ClientMsg = "Server hello",
+ ServerMsg = "Client hello",
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -416,11 +418,15 @@ controlling_process(Config) when is_list(Config) ->
[self(), Client, Server]),
receive
+ {ssl, _, "S"} ->
+ receive_s_rizzo_duong_beast();
{ssl, _, ServerMsg} ->
receive
{ssl, _, ClientMsg} ->
ok
end;
+ {ssl, _, "C"} ->
+ receive_c_rizzo_duong_beast();
{ssl, _, ClientMsg} ->
receive
{ssl, _, ServerMsg} ->
@@ -441,6 +447,28 @@ controlling_process_result(Socket, Pid, Msg) ->
ssl:send(Socket, Msg),
no_result_msg.
+receive_s_rizzo_duong_beast() ->
+ receive
+ {ssl, _, "erver hello"} ->
+ receive
+ {ssl, _, "C"} ->
+ receive
+ {ssl, _, "lient hello"} ->
+ ok
+ end
+ end
+ end.
+receive_c_rizzo_duong_beast() ->
+ receive
+ {ssl, _, "lient hello"} ->
+ receive
+ {ssl, _, "S"} ->
+ receive
+ {ssl, _, "erver hello"} ->
+ ok
+ end
+ end
+ end.
%%--------------------------------------------------------------------
controller_dies(doc) ->
["Test that the socket is closed after controlling process dies"];
@@ -584,50 +612,6 @@ client_closes_socket(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, {error,closed}).
%%--------------------------------------------------------------------
-
-peercert(doc) ->
- [""];
-
-peercert(suite) ->
- [];
-
-peercert(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
- {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-
- Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
- {from, self()},
- {mfa, {?MODULE, peercert_result, []}},
- {options, ServerOpts}]),
- Port = ssl_test_lib:inet_port(Server),
- Client = ssl_test_lib:start_client([{node, ServerNode}, {port, Port},
- {host, Hostname},
- {from, self()},
- {mfa, {?MODULE, peercert_result, []}},
- {options, ClientOpts}]),
-
- CertFile = proplists:get_value(certfile, ServerOpts),
- [{'Certificate', BinCert, _}]= ssl_test_lib:pem_to_der(CertFile),
- ErlCert = public_key:pkix_decode_cert(BinCert, otp),
-
- ServerMsg = {{error, no_peercert}, {error, no_peercert}},
- ClientMsg = {{ok, BinCert}, {ok, ErlCert}},
-
- test_server:format("Testcase ~p, Client ~p Server ~p ~n",
- [self(), Client, Server]),
-
- ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
-
- ssl_test_lib:close(Server),
- ssl_test_lib:close(Client).
-
-peercert_result(Socket) ->
- Result1 = ssl:peercert(Socket),
- Result2 = ssl:peercert(Socket, [ssl]),
- {Result1, Result2}.
-
-%%--------------------------------------------------------------------
connect_dist(doc) ->
["Test a simple connect as is used by distribution"];
@@ -708,6 +692,44 @@ peername_result(S) ->
ssl:peername(S).
%%--------------------------------------------------------------------
+peercert(doc) ->
+ [""];
+peercert(suite) ->
+ [];
+peercert(Config) when is_list(Config) ->
+ ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ?config(server_opts, Config),
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, peercert_result, []}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client = ssl_test_lib:start_client([{node, ServerNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE, peercert_result, []}},
+ {options, ClientOpts}]),
+
+ CertFile = proplists:get_value(certfile, ServerOpts),
+ [{'Certificate', BinCert, _}]= ssl_test_lib:pem_to_der(CertFile),
+
+ ServerMsg = {error, no_peercert},
+ ClientMsg = {ok, BinCert},
+
+ test_server:format("Testcase ~p, Client ~p Server ~p ~n",
+ [self(), Client, Server]),
+
+ ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
+
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client).
+
+peercert_result(Socket) ->
+ ssl:peercert(Socket).
+
+%%--------------------------------------------------------------------
sockname(doc) ->
["Test API function sockname/1"];
@@ -1238,6 +1260,11 @@ upgrade_result(Socket) ->
%% Make sure binary is inherited from tcp socket and that we do
%% not get the list default!
receive
+ {ssl, _, <<"H">>} ->
+ receive
+ {ssl, _, <<"ello world">>} ->
+ ok
+ end;
{ssl, _, <<"Hello world">>} ->
ok
end.
@@ -1528,7 +1555,6 @@ eoptions(Config) when is_list(Config) ->
end,
TestOpts = [{versions, [sslv2, sslv3]},
- {ssl_imp, cool},
{verify, 4},
{verify_fun, function},
{fail_if_no_peer_cert, 0},
@@ -1540,14 +1566,14 @@ eoptions(Config) when is_list(Config) ->
{cacertfile, ""},
{dhfile,'dh.pem' },
{ciphers, [{foo, bar, sha, ignore}]},
- {reuse_session, foo},
- {reuse_sessions, 0},
+ {reuse_session, foo},
+ {reuse_sessions, 0},
{renegotiate_at, "10"},
- {debug, 1},
+ {debug, 1},
{mode, depech},
- {packet, 8.0},
- {packet_size, "2"},
- {header, a},
+ {packet, 8.0},
+ {packet_size, "2"},
+ {header, a},
{active, trice},
{key, 'key.pem' }],
@@ -2321,8 +2347,8 @@ server_verify_client_once_passive(Config) when is_list(Config) ->
{options, [{active, false} | ClientOpts]}]),
ssl_test_lib:check_result(Server, ok, Client0, ok),
- ssl_test_lib:close(Client0),
Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+ ssl_test_lib:close(Client0),
Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
@@ -2348,7 +2374,7 @@ server_verify_client_once_active(Config) when is_list(Config) ->
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
{mfa, {?MODULE, send_recv_result_active, []}},
- {options, [{active, once}, {verify, verify_peer},
+ {options, [{active, true}, {verify, verify_peer},
{verify_client_once, true}
| ServerOpts]}]),
Port = ssl_test_lib:inet_port(Server),
@@ -2359,8 +2385,8 @@ server_verify_client_once_active(Config) when is_list(Config) ->
{options, [{active, true} | ClientOpts]}]),
ssl_test_lib:check_result(Server, ok, Client0, ok),
- ssl_test_lib:close(Client0),
Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+ ssl_test_lib:close(Client0),
Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
@@ -2397,8 +2423,8 @@ server_verify_client_once_active_once(Config) when is_list(Config) ->
{options, [{active, once} | ClientOpts]}]),
ssl_test_lib:check_result(Server, ok, Client0, ok),
- ssl_test_lib:close(Client0),
Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
+ ssl_test_lib:close(Client0),
Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
@@ -2600,7 +2626,7 @@ client_renegotiate(Config) when is_list(Config) ->
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
- Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
{mfa, {?MODULE,
@@ -2732,17 +2758,28 @@ client_no_wrap_sequence_number(Config) when is_list(Config) ->
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
+ Version = ssl_record:highest_protocol_version(ssl_record:supported_protocol_versions()),
+
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
{mfa, {ssl_test_lib,
- trigger_renegotiate, [[ErlData, N+2]]}},
+ trigger_renegotiate, [[ErlData, treashold(N, Version)]]}},
{options, [{reuse_sessions, false},
{renegotiate_at, N} | ClientOpts]}]),
ssl_test_lib:check_result(Client, ok),
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
+
+ %% First two clauses handles 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+treashold(N, {3,0}) ->
+ (N div 2) + 1;
+treashold(N, {3,1}) ->
+ (N div 2) + 1;
+treashold(N, _) ->
+ N + 1.
+
%%--------------------------------------------------------------------
server_no_wrap_sequence_number(doc) ->
["Test that erlang server will renegotiate session when",
@@ -2792,7 +2829,7 @@ extended_key_usage_verify_peer(Config) when is_list(Config) ->
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
- Key = public_key:pem_entry_decode(KeyEntry),
+ Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
ServerCertFile = proplists:get_value(certfile, ServerOpts),
NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
@@ -2854,7 +2891,7 @@ extended_key_usage_verify_none(Config) when is_list(Config) ->
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
- Key = public_key:pem_entry_decode(KeyEntry),
+ Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
ServerCertFile = proplists:get_value(certfile, ServerOpts),
NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
@@ -2916,7 +2953,7 @@ no_authority_key_identifier(Config) when is_list(Config) ->
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
- Key = public_key:pem_entry_decode(KeyEntry),
+ Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
CertFile = proplists:get_value(certfile, ServerOpts),
NewCertFile = filename:join(PrivDir, "server/new_cert.pem"),
@@ -2974,7 +3011,7 @@ invalid_signature_server(Config) when is_list(Config) ->
KeyFile = filename:join(PrivDir, "server/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
- Key = public_key:pem_entry_decode(KeyEntry),
+ Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
ServerCertFile = proplists:get_value(certfile, ServerOpts),
NewServerCertFile = filename:join(PrivDir, "server/invalid_cert.pem"),
@@ -2996,8 +3033,8 @@ invalid_signature_server(Config) when is_list(Config) ->
{from, self()},
{options, [{verify, verify_peer} | ClientOpts]}]),
- ssl_test_lib:check_result(Server, {error, "bad certificate"},
- Client, {error,"bad certificate"}).
+ tcp_delivery_workaround(Server, {error, "bad certificate"},
+ Client, {error,"bad certificate"}).
%%--------------------------------------------------------------------
@@ -3014,7 +3051,7 @@ invalid_signature_client(Config) when is_list(Config) ->
KeyFile = filename:join(PrivDir, "client/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
- Key = public_key:pem_entry_decode(KeyEntry),
+ Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
ClientCertFile = proplists:get_value(certfile, ClientOpts),
NewClientCertFile = filename:join(PrivDir, "client/invalid_cert.pem"),
@@ -3042,41 +3079,47 @@ invalid_signature_client(Config) when is_list(Config) ->
tcp_delivery_workaround(Server, ServerMsg, Client, ClientMsg) ->
receive
{Server, ServerMsg} ->
- receive
- {Client, ClientMsg} ->
- ok;
- {Client, {error,closed}} ->
- test_server:format("client got close");
- Unexpected ->
- test_server:fail(Unexpected)
- end;
+ client_msg(Client, ClientMsg);
{Client, ClientMsg} ->
- receive
- {Server, ServerMsg} ->
- ok;
- Unexpected ->
- test_server:fail(Unexpected)
- end;
+ server_msg(Server, ServerMsg);
{Client, {error,closed}} ->
- receive
- {Server, ServerMsg} ->
- ok;
- Unexpected ->
- test_server:fail(Unexpected)
- end;
+ server_msg(Server, ServerMsg);
{Server, {error,closed}} ->
- receive
- {Client, ClientMsg} ->
- ok;
- {Client, {error,closed}} ->
- test_server:format("client got close"),
- ok;
- Unexpected ->
- test_server:fail(Unexpected)
- end;
+ client_msg(Client, ClientMsg);
+ {Client, {error, esslconnect}} ->
+ server_msg(Server, ServerMsg);
+ {Server, {error, esslaccept}} ->
+ client_msg(Client, ClientMsg)
+ end.
+
+client_msg(Client, ClientMsg) ->
+ receive
+ {Client, ClientMsg} ->
+ ok;
+ {Client, {error,closed}} ->
+ test_server:format("client got close"),
+ ok;
+ {Client, {error, esslconnect}} ->
+ test_server:format("client got econnaborted"),
+ ok;
Unexpected ->
test_server:fail(Unexpected)
end.
+
+server_msg(Server, ServerMsg) ->
+ receive
+ {Server, ServerMsg} ->
+ ok;
+ {Server, {error,closed}} ->
+ test_server:format("server got close"),
+ ok;
+ {Server, {error, esslaccept}} ->
+ test_server:format("server got econnaborted"),
+ ok;
+ Unexpected ->
+ test_server:fail(Unexpected)
+ end.
+
%%--------------------------------------------------------------------
cert_expired(doc) ->
["Test server with invalid signature"];
@@ -3091,7 +3134,7 @@ cert_expired(Config) when is_list(Config) ->
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
- Key = public_key:pem_entry_decode(KeyEntry),
+ Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
ServerCertFile = proplists:get_value(certfile, ServerOpts),
NewServerCertFile = filename:join(PrivDir, "server/expired_cert.pem"),
@@ -3366,14 +3409,14 @@ der_input_opts(Opts) ->
Keyfile = proplists:get_value(keyfile, Opts),
Dhfile = proplists:get_value(dhfile, Opts),
[{_, Cert, _}] = ssl_test_lib:pem_to_der(Certfile),
- [{_, Key, _}] = ssl_test_lib:pem_to_der(Keyfile),
+ [{Asn1Type, Key, _}] = ssl_test_lib:pem_to_der(Keyfile),
[{_, DHParams, _}] = ssl_test_lib:pem_to_der(Dhfile),
CaCerts =
lists:map(fun(Entry) ->
{_, CaCert, _} = Entry,
CaCert
end, ssl_test_lib:pem_to_der(CaCertsfile)),
- {Cert, {rsa, Key}, CaCerts, DHParams}.
+ {Cert, {Asn1Type, Key}, CaCerts, DHParams}.
%%--------------------------------------------------------------------
%% different_ca_peer_sign(doc) ->
@@ -3596,14 +3639,13 @@ hibernate(Config) ->
{from, self()},
{mfa, {?MODULE, send_recv_result_active, []}},
{options, [{hibernate_after, 1000}|ClientOpts]}]),
-
- { current_function, { _M, _F, _A } } =
+ {current_function, _} =
process_info(Pid, current_function),
timer:sleep(1100),
- { current_function, { erlang, hibernate, 3} } =
- process_info(Pid, current_function),
+ {current_function, {erlang, hibernate, 3}} =
+ process_info(Pid, current_function),
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
@@ -3655,6 +3697,166 @@ connect_twice(Config) when is_list(Config) ->
ssl_test_lib:close(Client),
ssl_test_lib:close(Client1).
+%%--------------------------------------------------------------------
+renegotiate_dos_mitigate_active(doc) ->
+ ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
+ "immediately after each other"];
+
+renegotiate_dos_mitigate_active(suite) ->
+ [];
+
+renegotiate_dos_mitigate_active(Config) when is_list(Config) ->
+ ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ?config(client_opts, Config),
+
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result_active, []}},
+ {options, [ServerOpts]}]),
+ Port = ssl_test_lib:inet_port(Server),
+
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE,
+ renegotiate_immediately, []}},
+ {options, ClientOpts}]),
+
+ ssl_test_lib:check_result(Client, ok, Server, ok),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+renegotiate_dos_mitigate_passive(doc) ->
+ ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
+ "immediately after each other"];
+
+renegotiate_dos_mitigate_passive(suite) ->
+ [];
+
+renegotiate_dos_mitigate_passive(Config) when is_list(Config) ->
+ ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ?config(client_opts, Config),
+
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {?MODULE, send_recv_result, []}},
+ {options, [{active, false} | ServerOpts]}]),
+ Port = ssl_test_lib:inet_port(Server),
+
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE,
+ renegotiate_immediately, []}},
+ {options, ClientOpts}]),
+
+ ssl_test_lib:check_result(Client, ok, Server, ok),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client).
+
+%%--------------------------------------------------------------------
+tcp_error_propagation_in_active_mode(doc) ->
+ ["Test that process recives {ssl_error, Socket, closed} when tcp error ocurres"];
+tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
+ ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ?config(server_opts, Config),
+
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {ssl_test_lib, no_result, []}},
+ {options, ServerOpts}]),
+ Port = ssl_test_lib:inet_port(Server),
+ {Client, #sslsocket{pid=Pid} = SslSocket} = ssl_test_lib:start_client([return_socket,
+ {node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE, receive_msg, []}},
+ {options, ClientOpts}]),
+
+ {status, _, _, StatusInfo} = sys:get_status(Pid),
+ [_, _,_, _, Prop] = StatusInfo,
+ State = ssl_test_lib:state(Prop),
+ Socket = element(10, State),
+
+ %% Fake tcp error
+ Pid ! {tcp_error, Socket, etimedout},
+
+ ssl_test_lib:check_result(Client, {ssl_closed, SslSocket}).
+%%--------------------------------------------------------------------
+
+rizzo(doc) -> ["Test that there is a 1/n-1-split for non RC4 in 'TLS < 1.1' as it is
+ vunrable to Rizzo/Dungon attack"];
+
+rizzo(Config) when is_list(Config) ->
+ Ciphers = [X || X ={_,Y,_} <- ssl:cipher_suites(), Y =/= rc4_128],
+ run_send_recv_rizzo(Ciphers, Config, sslv3,
+ {?MODULE, send_recv_result_active_rizzo, []}),
+ run_send_recv_rizzo(Ciphers, Config, tlsv1,
+ {?MODULE, send_recv_result_active_rizzo, []}).
+
+no_rizzo_rc4(doc) ->
+ ["Test that there is no 1/n-1-split for RC4 as it is not vunrable to Rizzo/Dungon attack"];
+
+no_rizzo_rc4(Config) when is_list(Config) ->
+ Ciphers = [X || X ={_,Y,_} <- ssl:cipher_suites(),Y == rc4_128],
+ run_send_recv_rizzo(Ciphers, Config, sslv3,
+ {?MODULE, send_recv_result_active_no_rizzo, []}),
+ run_send_recv_rizzo(Ciphers, Config, tlsv1,
+ {?MODULE, send_recv_result_active_no_rizzo, []}).
+
+run_send_recv_rizzo(Ciphers, Config, Version, Mfa) ->
+ Result = lists:map(fun(Cipher) ->
+ rizzo_test(Cipher, Config, Version, Mfa) end,
+ Ciphers),
+ case lists:flatten(Result) of
+ [] ->
+ ok;
+ Error ->
+ test_server:format("Cipher suite errors: ~p~n", [Error]),
+ test_server:fail(cipher_suite_failed_see_test_case_log)
+ end.
+
+rizzo_test(Cipher, Config, Version, Mfa) ->
+ {ClientOpts, ServerOpts} = client_server_opts(Cipher, Config),
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, Mfa},
+ {options, [{active, true}, {ciphers, [Cipher]},
+ {versions, [Version]}
+ | ServerOpts]}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, Mfa},
+ {options, [{active, true} | ClientOpts]}]),
+
+ Result = ssl_test_lib:check_result(Server, ok, Client, ok),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client),
+ case Result of
+ ok ->
+ [];
+ Error ->
+ [{Cipher, Error}]
+ end.
+
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == rsa orelse KeyAlgo == dhe_rsa ->
+ {?config(client_opts, Config),
+ ?config(server_opts, Config)};
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == dss orelse KeyAlgo == dhe_dss ->
+ {?config(client_dsa_opts, Config),
+ ?config(server_dsa_opts, Config)}.
%%--------------------------------------------------------------------
%%% Internal functions
@@ -3667,6 +3869,28 @@ send_recv_result(Socket) ->
send_recv_result_active(Socket) ->
ssl:send(Socket, "Hello world"),
receive
+ {ssl, Socket, "H"} ->
+ receive
+ {ssl, Socket, "ello world"} ->
+ ok
+ end;
+ {ssl, Socket, "Hello world"} ->
+ ok
+ end.
+
+send_recv_result_active_rizzo(Socket) ->
+ ssl:send(Socket, "Hello world"),
+ receive
+ {ssl, Socket, "H"} ->
+ receive
+ {ssl, Socket, "ello world"} ->
+ ok
+ end
+ end.
+
+send_recv_result_active_no_rizzo(Socket) ->
+ ssl:send(Socket, "Hello world"),
+ receive
{ssl, Socket, "Hello world"} ->
ok
end.
@@ -3674,6 +3898,12 @@ send_recv_result_active(Socket) ->
send_recv_result_active_once(Socket) ->
ssl:send(Socket, "Hello world"),
receive
+ {ssl, Socket, "H"} ->
+ ssl:setopts(Socket, [{active, once}]),
+ receive
+ {ssl, Socket, "ello world"} ->
+ ok
+ end;
{ssl, Socket, "Hello world"} ->
ok
end.
@@ -3698,6 +3928,25 @@ renegotiate_reuse_session(Socket, Data) ->
test_server:sleep(?SLEEP),
renegotiate(Socket, Data).
+renegotiate_immediately(Socket) ->
+ receive
+ {ssl, Socket, "Hello world"} ->
+ ok;
+ %% Handle 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+ {ssl, Socket, "H"} ->
+ receive
+ {ssl, Socket, "ello world"} ->
+ ok
+ end
+ end,
+ ok = ssl:renegotiate(Socket),
+ {error, renegotiation_rejected} = ssl:renegotiate(Socket),
+ test_server:sleep(?RENEGOTIATION_DISABLE_TIME +1),
+ ok = ssl:renegotiate(Socket),
+ test_server:format("Renegotiated again"),
+ ssl:send(Socket, "Hello world"),
+ ok.
+
new_config(PrivDir, ServerOpts0) ->
CaCertFile = proplists:get_value(cacertfile, ServerOpts0),
CertFile = proplists:get_value(certfile, ServerOpts0),
@@ -3871,8 +4120,17 @@ erlang_ssl_receive(Socket, Data) ->
{ssl, Socket, Data} ->
io:format("Received ~p~n",[Data]),
ok;
+ {ssl, Socket, Byte} when length(Byte) == 1 -> %% Handle 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+ io:format("Received ~p~n",[Byte]),
+ erlang_ssl_receive(Socket, tl(Data));
Other ->
test_server:fail({unexpected_message, Other})
after ?SLEEP * 3 ->
test_server:fail({did_not_get, Data})
end.
+
+receive_msg(_) ->
+ receive
+ Msg ->
+ Msg
+ end.
diff --git a/lib/ssl/test/ssl_cipher_SUITE.erl b/lib/ssl/test/ssl_cipher_SUITE.erl
new file mode 100644
index 0000000000..99bc21e820
--- /dev/null
+++ b/lib/ssl/test/ssl_cipher_SUITE.erl
@@ -0,0 +1,163 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
+%%
+%% The contents of this file are subject to the Erlang Public License,
+%% Version 1.1, (the "License"); you may not use this file except in
+%% compliance with the License. You should have received a copy of the
+%% Erlang Public License along with this software. If not, it can be
+%% retrieved online at http://www.erlang.org/.
+%%
+%% Software distributed under the License is distributed on an "AS IS"
+%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
+%% the License for the specific language governing rights and limitations
+%% under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(ssl_cipher_SUITE).
+
+%% Note: This directive should only be used in test suites.
+-compile(export_all).
+
+-include_lib("common_test/include/ct.hrl").
+
+-include("ssl_internal.hrl").
+-include("ssl_record.hrl").
+-include("ssl_cipher.hrl").
+
+-define(TIMEOUT, 600000).
+
+%% Test server callback functions
+%%--------------------------------------------------------------------
+%% Function: init_per_suite(Config) -> Config
+%% Config - [tuple()]
+%% A list of key/value pairs, holding the test case configuration.
+%% Description: Initialization before the whole suite
+%%
+%% Note: This function is free to add any key/value pairs to the Config
+%% variable, but should NOT alter/remove any existing entries.
+%%--------------------------------------------------------------------
+init_per_suite(Config) ->
+ try crypto:start() of
+ ok ->
+ Config
+ catch _:_ ->
+ {skip, "Crypto did not start"}
+ end.
+%%--------------------------------------------------------------------
+%% Function: end_per_suite(Config) -> _
+%% Config - [tuple()]
+%% A list of key/value pairs, holding the test case configuration.
+%% Description: Cleanup after the whole suite
+%%--------------------------------------------------------------------
+end_per_suite(_Config) ->
+ ssl:stop(),
+ application:stop(crypto).
+
+%%--------------------------------------------------------------------
+%% Function: init_per_testcase(TestCase, Config) -> Config
+%% Case - atom()
+%% Name of the test case that is about to be run.
+%% Config - [tuple()]
+%% A list of key/value pairs, holding the test case configuration.
+%%
+%% Description: Initialization before each test case
+%%
+%% Note: This function is free to add any key/value pairs to the Config
+%% variable, but should NOT alter/remove any existing entries.
+%% Description: Initialization before each test case
+%%--------------------------------------------------------------------
+init_per_testcase(_TestCase, Config0) ->
+ Config = lists:keydelete(watchdog, 1, Config0),
+ Dog = ssl_test_lib:timetrap(?TIMEOUT),
+ [{watchdog, Dog} | Config].
+
+%%--------------------------------------------------------------------
+%% Function: end_per_testcase(TestCase, Config) -> _
+%% Case - atom()
+%% Name of the test case that is about to be run.
+%% Config - [tuple()]
+%% A list of key/value pairs, holding the test case configuration.
+%% Description: Cleanup after each test case
+%%--------------------------------------------------------------------
+end_per_testcase(_TestCase, Config) ->
+ Dog = ?config(watchdog, Config),
+ case Dog of
+ undefined ->
+ ok;
+ _ ->
+ test_server:timetrap_cancel(Dog)
+ end.
+
+%%--------------------------------------------------------------------
+%% Function: all(Clause) -> TestCases
+%% Clause - atom() - suite | doc
+%% TestCases - [Case]
+%% Case - atom()
+%% Name of a test case.
+%% Description: Returns a list of all test cases in this test suite
+%%--------------------------------------------------------------------
+suite() -> [{ct_hooks,[ts_install_cth]}].
+
+all() ->
+ [aes_decipher_good, aes_decipher_fail].
+
+groups() ->
+ [].
+
+init_per_group(_GroupName, Config) ->
+ Config.
+
+end_per_group(_GroupName, Config) ->
+ Config.
+
+
+%% Test cases starts here.
+%%--------------------------------------------------------------------
+aes_decipher_good(doc) ->
+ ["Decipher a known cryptotext."];
+
+aes_decipher_good(suite) ->
+ [];
+
+aes_decipher_good(Config) when is_list(Config) ->
+ HashSz = 32,
+ CipherState = #cipher_state{iv = <<59,201,85,117,188,206,224,136,5,109,46,70,104,79,4,9>>,
+ key = <<72,196,247,97,62,213,222,109,210,204,217,186,172,184,197,148>>},
+ Fragment = <<220,193,179,139,171,33,143,245,202,47,123,251,13,232,114,8,
+ 190,162,74,31,186,227,119,155,94,74,119,79,169,193,240,160,
+ 198,181,81,19,98,162,213,228,74,224,253,168,156,59,195,122,
+ 108,101,107,242,20,15,169,150,163,107,101,94,93,104,241,165>>,
+ Version = {3,3},
+ Content = <<183,139,16,132,10,209,67,86,168,100,61,217,145,57,36,56,72,69,76,76,79,10>>,
+ Mac = <<71,136,212,107,223,200,70,232,127,116,148,205,232,35,158,113,237,174,15,217,192,168,35,8,6,107,107,233,25,174,90,111>>,
+ {Content, Mac, _} = ssl_cipher:decipher(?AES, HashSz, CipherState, Fragment, Version),
+ ok.
+
+%%--------------------------------------------------------------------
+
+aes_decipher_fail(doc) ->
+ ["Decipher a known cryptotext."];
+
+aes_decipher_fail(suite) ->
+ [];
+
+%% same as above, last byte of key replaced
+aes_decipher_fail(Config) when is_list(Config) ->
+ HashSz = 32,
+ CipherState = #cipher_state{iv = <<59,201,85,117,188,206,224,136,5,109,46,70,104,79,4,9>>,
+ key = <<72,196,247,97,62,213,222,109,210,204,217,186,172,184,197,254>>},
+ Fragment = <<220,193,179,139,171,33,143,245,202,47,123,251,13,232,114,8,
+ 190,162,74,31,186,227,119,155,94,74,119,79,169,193,240,160,
+ 198,181,81,19,98,162,213,228,74,224,253,168,156,59,195,122,
+ 108,101,107,242,20,15,169,150,163,107,101,94,93,104,241,165>>,
+ Version = {3,3},
+ {Content, Mac, _} = ssl_cipher:decipher(?AES, HashSz, CipherState, Fragment, Version),
+ 32 = byte_size(Content),
+ 32 = byte_size(Mac),
+ ok.
+
+%%--------------------------------------------------------------------
diff --git a/lib/ssl/test/old_ssl_dist_SUITE.erl b/lib/ssl/test/ssl_dist_SUITE.erl
index 4544fb616a..8fe55ee7a4 100644
--- a/lib/ssl/test/old_ssl_dist_SUITE.erl
+++ b/lib/ssl/test/ssl_dist_SUITE.erl
@@ -17,41 +17,32 @@
%% %CopyrightEnd%
%%
-%%
-
-
-%%%-------------------------------------------------------------------
-%%% File : ssl_dist_SUITE.erl
-%%% Author : Rickard Green
-%%% Description : Test that the Erlang distribution works over ssl.
-%%%
-%%% Created : 15 Nov 2007 by Rickard Green
-%%%-------------------------------------------------------------------
--module(old_ssl_dist_SUITE).
+-module(ssl_dist_SUITE).
-include_lib("test_server/include/test_server.hrl").
+%% Note: This directive should only be used in test suites.
+-compile(export_all).
+
-define(DEFAULT_TIMETRAP_SECS, 240).
-define(AWAIT_SLL_NODE_UP_TIMEOUT, 30000).
--export([all/0, suite/0,groups/0,init_per_group/2,end_per_group/2]).
--export([init_per_suite/1,
- end_per_suite/1,
- init_per_testcase/2,
- end_per_testcase/2]).
--export([cnct2tstsrvr/1]).
+-record(node_handle,
+ {connection_handler,
+ socket,
+ name,
+ nodename}
+ ).
--export([basic/1]).
+%% Test server callback functions
+suite() ->
+ [{ct_hooks,[ts_install_cth]}].
--record(node_handle, {connection_handler, socket, name, nodename}).
+all() ->
+ [basic, payload, plain_options, plain_verify_options].
-suite() -> [{ct_hooks,[ts_install_cth]}].
-
-all() ->
- [basic].
-
-groups() ->
+groups() ->
[].
init_per_group(_GroupName, Config) ->
@@ -60,11 +51,17 @@ init_per_group(_GroupName, Config) ->
end_per_group(_GroupName, Config) ->
Config.
-
-init_per_suite(Config) ->
+init_per_suite(Config0) ->
try crypto:start() of
ok ->
- add_ssl_opts_config(Config)
+ case test_server:is_cover() of
+ false ->
+ Config = add_ssl_opts_config(Config0),
+ setup_certs(Config),
+ Config;
+ true ->
+ {skip, "Can not be covered"}
+ end
catch _:_ ->
{skip, "Crypto did not start"}
end.
@@ -73,85 +70,184 @@ end_per_suite(Config) ->
application:stop(crypto),
Config.
-init_per_testcase(Case, Config) when list(Config) ->
+init_per_testcase(plain_verify_options = Case, Config) when is_list(Config) ->
+ SslFlags = setup_dist_opts([{many_verify_opts, true} | Config]),
+ Flags = case os:getenv("ERL_FLAGS") of
+ false ->
+ os:putenv("ERL_FLAGS", SslFlags),
+ "";
+ OldFlags ->
+ os:putenv("ERL_FLAGS", OldFlags ++ "" ++ SslFlags),
+ OldFlags
+ end,
+ common_init(Case, [{old_flags, Flags} | Config]);
+
+init_per_testcase(Case, Config) when is_list(Config) ->
+ common_init(Case, Config).
+
+common_init(Case, Config) ->
Dog = ?t:timetrap(?t:seconds(?DEFAULT_TIMETRAP_SECS)),
[{watchdog, Dog},{testcase, Case}|Config].
-end_per_testcase(_Case, Config) when list(Config) ->
+end_per_testcase(Case, Config) when is_list(Config) ->
+ Flags = proplists:get_value(old_flags, Config),
+ os:putenv("ERL_FLAGS", Flags),
+ common_end(Case, Config).
+
+common_end(_, Config) ->
Dog = ?config(watchdog, Config),
?t:timetrap_cancel(Dog),
ok.
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% %%
-%% Testcases %%
-%% %%
-
+%%--------------------------------------------------------------------
+%% Test cases starts here.
+%%--------------------------------------------------------------------
basic(doc) ->
["Test that two nodes can connect via ssl distribution"];
-basic(suite) ->
- [];
basic(Config) when is_list(Config) ->
- ?line NH1 = start_ssl_node(Config),
- ?line Node1 = NH1#node_handle.nodename,
- ?line NH2 = start_ssl_node(Config),
- ?line Node2 = NH2#node_handle.nodename,
+ NH1 = start_ssl_node(Config),
+ Node1 = NH1#node_handle.nodename,
+ NH2 = start_ssl_node(Config),
+ Node2 = NH2#node_handle.nodename,
- ?line pong = apply_on_ssl_node(NH1, fun () -> net_adm:ping(Node2) end),
+ pong = apply_on_ssl_node(NH1, fun () -> net_adm:ping(Node2) end),
- ?line [Node2] = apply_on_ssl_node(NH1, fun () -> nodes() end),
- ?line [Node1] = apply_on_ssl_node(NH2, fun () -> nodes() end),
+ [Node2] = apply_on_ssl_node(NH1, fun () -> nodes() end),
+ [Node1] = apply_on_ssl_node(NH2, fun () -> nodes() end),
%% The test_server node has the same cookie as the ssl nodes
%% but it should not be able to communicate with the ssl nodes
%% via the erlang distribution.
- ?line pang = net_adm:ping(Node1),
- ?line pang = net_adm:ping(Node2),
-
+ pang = net_adm:ping(Node1),
+ pang = net_adm:ping(Node2),
%%
%% Check that we are able to communicate over the erlang
%% distribution between the ssl nodes.
%%
- ?line Ref = make_ref(),
- ?line spawn(fun () ->
- apply_on_ssl_node(
- NH1,
- fun () ->
- tstsrvr_format("Hi from ~p!~n",
- [node()]),
- send_to_tstcntrl({Ref, self()}),
- receive
- {From, ping} ->
- From ! {self(), pong}
- end
- end)
- end),
- ?line receive
- {Ref, SslPid} ->
- ?line ok = apply_on_ssl_node(
- NH2,
- fun () ->
- tstsrvr_format("Hi from ~p!~n",
- [node()]),
- SslPid ! {self(), ping},
- receive
- {SslPid, pong} ->
- ok
- end
- end)
- end,
-
- ?line stop_ssl_node(NH1),
- ?line stop_ssl_node(NH2),
- ?line success(Config).
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% %%
-%% Internal functions %%
-%% %%
+ Ref = make_ref(),
+ spawn(fun () ->
+ apply_on_ssl_node(
+ NH1,
+ fun () ->
+ tstsrvr_format("Hi from ~p!~n", [node()]),
+ send_to_tstcntrl({Ref, self()}),
+ receive
+ {From, ping} ->
+ tstsrvr_format("Received ping ~p!~n", [node()]),
+ From ! {self(), pong}
+ end
+ end)
+ end),
+ receive
+ {Ref, SslPid} ->
+ ok = apply_on_ssl_node(
+ NH2,
+ fun () ->
+ tstsrvr_format("Hi from ~p!~n", [node()]),
+ SslPid ! {self(), ping},
+ receive
+ {SslPid, pong} ->
+ ok
+ end
+ end)
+ end,
+ stop_ssl_node(NH1),
+ stop_ssl_node(NH2),
+ success(Config).
+
+%%--------------------------------------------------------------------
+payload(doc) ->
+ ["Test that send a lot of data between the ssl distributed noes"];
+payload(Config) when is_list(Config) ->
+ NH1 = start_ssl_node(Config),
+ Node1 = NH1#node_handle.nodename,
+ NH2 = start_ssl_node(Config),
+ Node2 = NH2#node_handle.nodename,
+
+ pong = apply_on_ssl_node(NH1, fun () -> net_adm:ping(Node2) end),
+
+ [Node2] = apply_on_ssl_node(NH1, fun () -> nodes() end),
+ [Node1] = apply_on_ssl_node(NH2, fun () -> nodes() end),
+
+ Ref = make_ref(),
+ spawn(fun () ->
+ apply_on_ssl_node(
+ NH1,
+ fun () ->
+ send_to_tstcntrl({Ref, self()}),
+ receive
+ {From, Msg} ->
+ From ! {self(), Msg}
+ end
+ end)
+ end),
+ receive
+ {Ref, SslPid} ->
+ ok = apply_on_ssl_node(
+ NH2,
+ fun () ->
+ Msg = crypto:rand_bytes(100000),
+ SslPid ! {self(), Msg},
+ receive
+ {SslPid, Msg} ->
+ ok
+ end
+ end)
+ end,
+ stop_ssl_node(NH1),
+ stop_ssl_node(NH2),
+ success(Config).
+%%--------------------------------------------------------------------
+plain_options(doc) ->
+ ["Test specifying additional options"];
+plain_options(Config) when is_list(Config) ->
+ DistOpts = "-ssl_dist_opt server_secure_renegotiate true "
+ "client_secure_renegotiate true "
+ "server_reuse_sessions true client_reuse_sessions true "
+ "client_verify verify_none server_verify verify_none "
+ "server_depth 1 client_depth 1 "
+ "server_hibernate_after 500 client_hibernate_after 500",
+
+ NH1 = start_ssl_node([{additional_dist_opts, DistOpts} | Config]),
+ Node1 = NH1#node_handle.nodename,
+ NH2 = start_ssl_node([{additional_dist_opts, DistOpts} | Config]),
+ Node2 = NH2#node_handle.nodename,
+
+ pong = apply_on_ssl_node(NH1, fun () -> net_adm:ping(Node2) end),
+
+ [Node2] = apply_on_ssl_node(NH1, fun () -> nodes() end),
+ [Node1] = apply_on_ssl_node(NH2, fun () -> nodes() end),
+
+ stop_ssl_node(NH1),
+ stop_ssl_node(NH2),
+ success(Config).
+%%--------------------------------------------------------------------
+plain_verify_options(doc) ->
+ ["Test specifying additional options"];
+plain_verify_options(Config) when is_list(Config) ->
+ DistOpts = "-ssl_dist_opt server_secure_renegotiate true "
+ "client_secure_renegotiate true "
+ "server_reuse_sessions true client_reuse_sessions true "
+ "server_hibernate_after 500 client_hibernate_after 500",
+
+ NH1 = start_ssl_node([{additional_dist_opts, DistOpts} | Config]),
+ Node1 = NH1#node_handle.nodename,
+ NH2 = start_ssl_node([{additional_dist_opts, DistOpts} | Config]),
+ Node2 = NH2#node_handle.nodename,
+
+ pong = apply_on_ssl_node(NH1, fun () -> net_adm:ping(Node2) end),
+
+ [Node2] = apply_on_ssl_node(NH1, fun () -> nodes() end),
+ [Node1] = apply_on_ssl_node(NH2, fun () -> nodes() end),
+
+ stop_ssl_node(NH1),
+ stop_ssl_node(NH2),
+ success(Config).
+
+%%--------------------------------------------------------------------
+%%% Internal functions
+%%--------------------------------------------------------------------
-%%
%% ssl_node side api
%%
@@ -166,7 +262,7 @@ send_to_tstcntrl(Message) ->
%% test_server side api
%%
-apply_on_ssl_node(Node, M, F, A) when atom(M), atom(F), list(A) ->
+apply_on_ssl_node(Node, M, F, A) when is_atom(M), is_atom(F), is_list(A) ->
Ref = make_ref(),
send_to_ssl_node(Node, {apply, self(), Ref, M, F, A}),
receive
@@ -208,7 +304,7 @@ start_ssl_node(Config) ->
start_ssl_node(Config, XArgs) ->
Name = mk_node_name(Config),
SSL = ?config(ssl_opts, Config),
- SSLDistOpts = setup_dist_opts(Name, ?config(priv_dir, Config)),
+ SSLDistOpts = setup_dist_opts(Config),
start_ssl_node_raw(Name, SSL ++ " " ++ SSLDistOpts ++ XArgs).
start_ssl_node_raw(Name, Args) ->
@@ -218,7 +314,7 @@ start_ssl_node_raw(Name, Args) ->
CmdLine = mk_node_cmdline(ListenPort, Name, Args),
?t:format("Attempting to start ssl node ~s: ~s~n", [Name, CmdLine]),
case open_port({spawn, CmdLine}, []) of
- Port when port(Port) ->
+ Port when is_port(Port) ->
unlink(Port),
erlang:port_close(Port),
case await_ssl_node_up(Name, LSock) of
@@ -270,8 +366,8 @@ mk_node_cmdline(ListenPort, Name, Args) ->
Prog ++ " "
++ Static ++ " "
++ NameSw ++ " " ++ Name ++ " "
- ++ "-pa " ++ Pa ++ " "
- ++ "-run application start crypto -run application start public_key "
+ ++ "-pa " ++ Pa ++ " "
+ ++ "-run application start crypto -run application start public_key "
++ "-run " ++ atom_to_list(?MODULE) ++ " cnct2tstsrvr "
++ host_name() ++ " "
++ integer_to_list(ListenPort) ++ " "
@@ -355,6 +451,7 @@ tstsrvr_con_loop(Name, Socket, Parent) ->
{format, FmtStr, ArgList} ->
?t:format(FmtStr, ArgList);
{message, Msg} ->
+ ?t:format("Got message ~p", [Msg]),
Parent ! Msg;
{apply_res, To, Ref, Res} ->
To ! {Ref, Res};
@@ -376,7 +473,7 @@ tstsrvr_con_loop(Name, Socket, Parent) ->
%%
% cnct2tstsrvr() is called via command line arg -run ...
-cnct2tstsrvr([Host, Port]) when list(Host), list(Port) ->
+cnct2tstsrvr([Host, Port]) when is_list(Host), is_list(Port) ->
%% Spawn connection handler on ssl node side
ConnHandler
= spawn(fun () ->
@@ -395,8 +492,10 @@ cnct2tstsrvr([Host, Port]) when list(Host), list(Port) ->
ets:insert(test_server_info,
{test_server_handler, self()}),
ssl_node_con_loop(Socket);
- _Error ->
- halt("Failed to connect to test server")
+ Error ->
+ halt("Failed to connect to test server " ++
+ lists:flatten(io_lib:format("Host:~p ~n Port:~p~n Error:~p~n",
+ [Host, Port, Error])))
end
end),
spawn(fun () ->
@@ -404,9 +503,8 @@ cnct2tstsrvr([Host, Port]) when list(Host), list(Port) ->
receive
{'DOWN', Mon, process, ConnHandler, Reason} ->
receive after 1000 -> ok end,
- halt("test server connection handler terminated: "
- ++
- lists:flatten(io_lib:format("~p", [Reason])))
+ halt("test server connection handler terminated: " ++
+ lists:flatten(io_lib:format("~p", [Reason])))
end
end).
@@ -419,7 +517,7 @@ notify_ssl_node_up(Socket) ->
send_to_tstsrvr(Term) ->
case catch ets:lookup_element(test_server_info, test_server_handler, 2) of
- Hndlr when pid(Hndlr) ->
+ Hndlr when is_pid(Hndlr) ->
Hndlr ! {relay_to_test_server, term_to_binary(Term)}, ok;
_ ->
receive after 200 -> ok end,
@@ -499,9 +597,10 @@ do_append_files([F|Fs], RF) ->
{ok, Data} = file:read_file(F),
ok = file:write(RF, Data),
do_append_files(Fs, RF).
-
-setup_dist_opts(Name, PrivDir) ->
- NodeDir = filename:join([PrivDir, Name]),
+
+setup_certs(Config) ->
+ PrivDir = ?config(priv_dir, Config),
+ NodeDir = filename:join([PrivDir, "Certs"]),
RGenDir = filename:join([NodeDir, "rand_gen"]),
ok = file:make_dir(NodeDir),
ok = file:make_dir(RGenDir),
@@ -516,11 +615,61 @@ setup_dist_opts(Name, PrivDir) ->
CC = filename:join([CDir, "cert.pem"]),
CK = filename:join([CDir, "key.pem"]),
CKC = filename:join([CDir, "keycert.pem"]),
- append_files([CK, CC], CKC),
- "-proto_dist inet_ssl "
- ++ "-ssl_dist_opt server_certfile " ++ SKC ++ " "
- ++ "-ssl_dist_opt client_certfile " ++ CKC ++ " "
-.% ++ "-ssl_dist_opt verify 1 depth 1".
+ append_files([CK, CC], CKC).
+
+setup_dist_opts(Config) ->
+ PrivDir = ?config(priv_dir, Config),
+ DataDir = ?config(data_dir, Config),
+ Dhfile = filename:join([DataDir, "dHParam.pem"]),
+ NodeDir = filename:join([PrivDir, "Certs"]),
+ SDir = filename:join([NodeDir, "server"]),
+ CDir = filename:join([NodeDir, "client"]),
+ SC = filename:join([SDir, "cert.pem"]),
+ SK = filename:join([SDir, "key.pem"]),
+ SKC = filename:join([SDir, "keycert.pem"]),
+ SCA = filename:join([CDir, "cacerts.pem"]),
+ CC = filename:join([CDir, "cert.pem"]),
+ CK = filename:join([CDir, "key.pem"]),
+ CKC = filename:join([CDir, "keycert.pem"]),
+ CCA = filename:join([SDir, "cacerts.pem"]),
+
+ DistOpts = case proplists:get_value(many_verify_opts, Config, false) of
+ false ->
+ "-proto_dist inet_tls "
+ ++ "-ssl_dist_opt server_certfile " ++ SKC ++ " "
+ ++ "-ssl_dist_opt client_certfile " ++ CKC ++ " ";
+ true ->
+ case os:type() of
+ {win32, _} ->
+ "-proto_dist inet_tls "
+ ++ "-ssl_dist_opt server_certfile " ++ SKC ++ " "
+ ++ "-ssl_dist_opt server_cacertfile " ++ SCA ++ " "
+ ++ "-ssl_dist_opt server_verify verify_peer "
+ ++ "-ssl_dist_opt server_fail_if_no_peer_cert true "
+ ++ "-ssl_dist_opt server_ciphers DHE-RSA-AES256-SHA\:DHE-RSA-AES128-SHA "
+ ++ "-ssl_dist_opt server_dhfile " ++ Dhfile ++ " "
+ ++ "-ssl_dist_opt client_certfile " ++ CKC ++ " "
+ ++ "-ssl_dist_opt client_cacertfile " ++ CCA ++ " "
+ ++ "-ssl_dist_opt client_verify verify_peer "
+ ++ "-ssl_dist_opt client_ciphers DHE-RSA-AES256-SHA\:DHE-RSA-AES128-SHA ";
+ _ ->
+ "-proto_dist inet_tls "
+ ++ "-ssl_dist_opt server_certfile " ++ SC ++ " "
+ ++ "-ssl_dist_opt server_keyfile " ++ SK ++ " "
+ ++ "-ssl_dist_opt server_cacertfile " ++ SCA ++ " "
+ ++ "-ssl_dist_opt server_verify verify_peer "
+ ++ "-ssl_dist_opt server_fail_if_no_peer_cert true "
+ ++ "-ssl_dist_opt server_ciphers DHE-RSA-AES256-SHA\:DHE-RSA-AES128-SHA "
+ ++ "-ssl_dist_opt server_dhfile " ++ Dhfile ++ " "
+ ++ "-ssl_dist_opt client_certfile " ++ CC ++ " "
+ ++ "-ssl_dist_opt client_keyfile " ++ CK ++ " "
+ ++ "-ssl_dist_opt client_cacertfile " ++ CCA ++ " "
+ ++ "-ssl_dist_opt client_verify verify_peer "
+ ++ "-ssl_dist_opt client_ciphers DHE-RSA-AES256-SHA\:DHE-RSA-AES128-SHA "
+ end
+ end,
+ MoreOpts = proplists:get_value(additional_dist_opts, Config, []),
+ DistOpts ++ MoreOpts.
%%
%% Start scripts etc...
@@ -544,7 +693,7 @@ add_ssl_opts_config(Config) ->
SSL_VSN = vsn(ssl),
VSN_CRYPTO = vsn(crypto),
VSN_PKEY = vsn(public_key),
-
+
SslDir = filename:join([LibDir, "ssl-" ++ SSL_VSN]),
{ok, _} = file:read_file_info(SslDir),
%% We are using an installed otp system, create the boot script.
diff --git a/lib/ssl/test/ssl_dist_SUITE_data/dHParam.pem b/lib/ssl/test/ssl_dist_SUITE_data/dHParam.pem
new file mode 100644
index 0000000000..feb581da30
--- /dev/null
+++ b/lib/ssl/test/ssl_dist_SUITE_data/dHParam.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAMY5VmCZ22ZEy/KO8kjt94PH7ZtSG0Z0zitlMlvd4VsNkDzXsVeu+wkH
+FGDC3h3vgv6iwXGCbmrSOVk/FPZbzLhwZ8aLnkUFOBbOvVvb1JptQwOt8mf+eScG
+M2gGBktheQV5Nf1IrzOctG7VGt+neiqb/Y86uYCcDdL+M8++0qnLAgEC
+-----END DH PARAMETERS-----
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index 9d2599b778..4b74f57a60 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -158,14 +158,24 @@ all() ->
packet_asn1_decode, packet_asn1_decode_list,
packet_tpkt_decode, packet_tpkt_decode_list,
packet_sunrm_decode, packet_sunrm_decode_list,
- header_decode_one_byte, header_decode_two_bytes,
- header_decode_two_bytes_one_sent,
- header_decode_two_bytes_two_sent].
+ {group, header}
+ ].
groups() ->
- [].
+ [{header, [], [ header_decode_one_byte,
+ header_decode_two_bytes,
+ header_decode_two_bytes_one_sent,
+ header_decode_two_bytes_two_sent]}].
+
+init_per_group(header, Config) ->
+ case ssl_record:highest_protocol_version(ssl_record:supported_protocol_versions()) of
+ {3, N} when N < 2 ->
+ {skip, ""};
+ _ ->
+ Config
+ end;
-init_per_group(_GroupName, Config) ->
+init_per_group(_, Config) ->
Config.
end_per_group(_GroupName, Config) ->
@@ -2626,6 +2636,13 @@ active_once_raw(_, _, 0, _) ->
ok;
active_once_raw(Socket, Data, N, Acc) ->
receive
+ {ssl, Socket, Byte} when length(Byte) == 1 ->
+ ssl:setopts(Socket, [{active, once}]),
+ receive
+ {ssl, Socket, _} ->
+ ssl:setopts(Socket, [{active, once}]),
+ active_once_raw(Socket, Data, N-1, [])
+ end;
{ssl, Socket, Data} ->
ssl:setopts(Socket, [{active, once}]),
active_once_raw(Socket, Data, N-1, []);
@@ -2648,7 +2665,14 @@ active_once_packet(Socket,_, 0) ->
{other, Other, ssl:session_info(Socket), 0}
end;
active_once_packet(Socket, Data, N) ->
- receive
+ receive
+ {ssl, Socket, Byte} when length(Byte) == 1 ->
+ ssl:setopts(Socket, [{active, once}]),
+ receive
+ {ssl, Socket, _} ->
+ ssl:setopts(Socket, [{active, once}]),
+ active_once_packet(Socket, Data, N-1)
+ end;
{ssl, Socket, Data} ->
ok
end,
@@ -2662,6 +2686,11 @@ active_raw(_Socket, _, 0, _) ->
ok;
active_raw(Socket, Data, N, Acc) ->
receive
+ {ssl, Socket, Byte} when length(Byte) == 1 ->
+ receive
+ {ssl, Socket, _} ->
+ active_raw(Socket, Data, N -1)
+ end;
{ssl, Socket, Data} ->
active_raw(Socket, Data, N-1, []);
{ssl, Socket, Other} ->
@@ -2682,6 +2711,11 @@ active_packet(Socket, _, 0) ->
end;
active_packet(Socket, Data, N) ->
receive
+ {ssl, Socket, Byte} when length(Byte) == 1 ->
+ receive
+ {ssl, Socket, _} ->
+ active_packet(Socket, Data, N -1)
+ end;
{ssl, Socket, Data} ->
active_packet(Socket, Data, N -1);
Other ->
diff --git a/lib/ssl/test/ssl_session_cache_SUITE.erl b/lib/ssl/test/ssl_session_cache_SUITE.erl
index 5ea45018e6..491aa893c2 100644
--- a/lib/ssl/test/ssl_session_cache_SUITE.erl
+++ b/lib/ssl/test/ssl_session_cache_SUITE.erl
@@ -210,7 +210,7 @@ session_cleanup(Config)when is_list(Config) ->
{status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
[_, _,_, _, Prop] = StatusInfo,
- State = state(Prop),
+ State = ssl_test_lib:state(Prop),
Cache = element(2, State),
SessionTimer = element(6, State),
@@ -225,11 +225,12 @@ session_cleanup(Config)when is_list(Config) ->
check_timer(SessionTimer),
test_server:sleep(?DELAY *2), %% Delay time + some extra time
- DelayTimer = get_delay_timer(),
+ {ServerDelayTimer, ClientDelayTimer} = get_delay_timers(),
- check_timer(DelayTimer),
+ check_timer(ServerDelayTimer),
+ check_timer(ClientDelayTimer),
- test_server:sleep(?SLEEP), %% Make sure clean has had to run
+ test_server:sleep(?SLEEP), %% Make sure clean has had time to run
undefined = ssl_session_cache:lookup(Cache, {{Hostname, Port}, Id}),
undefined = ssl_session_cache:lookup(Cache, {Port, Id}),
@@ -238,31 +239,34 @@ session_cleanup(Config)when is_list(Config) ->
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
-state([{data,[{"State", State}]} | _]) ->
- State;
-state([_ | Rest]) ->
- state(Rest).
-
check_timer(Timer) ->
case erlang:read_timer(Timer) of
false ->
{status, _, _, _} = sys:get_status(whereis(ssl_manager)),
+ timer:sleep(?SLEEP),
+ {status, _, _, _} = sys:get_status(whereis(ssl_manager)),
ok;
Int ->
test_server:sleep(Int),
check_timer(Timer)
end.
-get_delay_timer() ->
+get_delay_timers() ->
{status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
[_, _,_, _, Prop] = StatusInfo,
- State = state(Prop),
+ State = ssl_test_lib:state(Prop),
case element(7, State) of
- undefined ->
+ {undefined, undefined} ->
+ test_server:sleep(?SLEEP),
+ get_delay_timers();
+ {undefined, _} ->
+ test_server:sleep(?SLEEP),
+ get_delay_timers();
+ {_, undefined} ->
test_server:sleep(?SLEEP),
- get_delay_timer();
- DelayTimer ->
- DelayTimer
+ get_delay_timers();
+ DelayTimers ->
+ DelayTimers
end.
%%--------------------------------------------------------------------
session_cache_process_list(doc) ->
diff --git a/lib/ssl/test/ssl_test_MACHINE.erl b/lib/ssl/test/ssl_test_MACHINE.erl
deleted file mode 100644
index e0ffa15d80..0000000000
--- a/lib/ssl/test/ssl_test_MACHINE.erl
+++ /dev/null
@@ -1,940 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
-%%
--module(ssl_test_MACHINE).
-
--export([many_conns/0, mk_ssl_cert_opts/1, test_one_listener/7,
- test_server_only/6]).
-
--export([process_init/3, do_start/1]).
-
-
--include("test_server.hrl").
--include("ssl_test_MACHINE.hrl").
-
--define(WAIT_TIMEOUT, 10000).
--define(CLOSE_WAIT, 1000).
-
-%%
-%% many_conns() -> ManyConnections
-%%
-%% Choose a suitable number of "many connections" depending on platform
-%% and current limit for file descriptors.
-%%
-many_conns() ->
- case os:type() of
- {unix,_} -> many_conns_1();
- _ -> 10
- end.
-
-many_conns_1() ->
- N0 = os:cmd("ulimit -n"),
- N1 = lists:reverse(N0),
- N2 = lists:dropwhile(fun($\r) -> true;
- ($\n) -> true;
- (_) -> false
- end, N1),
- N = list_to_integer(lists:reverse(N2)),
- lists:min([(N - 10) div 2, 501]).
-
-%%
-%% mk_ssl_cert_opts(Config) -> {ok, {COpts, SOpts}}
-%%
-%%
-mk_ssl_cert_opts(_Config) ->
- Dir = filename:join([code:lib_dir(ssl), "examples", "certs", "etc"]),
- COpts = [{ssl_imp, old},
- {cacertfile, filename:join([Dir, "client", "cacerts.pem"])},
- {certfile, filename:join([Dir, "client", "cert.pem"])},
- {keyfile, filename:join([Dir, "client", "key.pem"])}],
- SOpts = [{ssl_imp, old},
- {cacertfile, filename:join([Dir, "server", "cacerts.pem"])},
- {certfile, filename:join([Dir, "server", "cert.pem"])},
- {keyfile, filename:join([Dir, "server", "key.pem"])}],
- {ok, {COpts, SOpts}}.
-
-%%
-%% Cmds:
-%% {protomod, gen_tcp | ssl} default = ssl
-%% {serialize_accept, true | false} default = false
-%% {timeout, Timeout}
-%% {sockopts, Opts}
-%% {sslopts, Opts}
-%% {protocols, Protocols} [sslv2|sslv3|tlsv1]
-%% {listen, Port}
-%% {lsock, LSock} listen socket for acceptor
-%% peercert
-%% accept
-%% {connect, {Host, Port}}
-%% {recv, N}
-%% {send, N}
-%% {echo, N} async echo back
-%% close close connection socket
-%% {close, Time} wait time and then close socket
-%% lclose close listen socket
-%% await_close wait for close
-%% wait_sync listener's wait for sync from parent
-%% connection_info
-%% {exit, Reason} exit
-%%
-%%
-%% We cannot have more than `backlog' acceptors at the same time.
-%%
-
-
-%%
-%% test_one_listener(NConns, LCmds, ACmds, CCmds, Timeout, Suite, Config)
-%%
-%% Creates one client and one server node, and runs one listener on
-%% the server node (according to LCmds), and creates NConns acceptors
-%% on the server node, and the same number of connectors on the client
-%% node. The acceptors and and connectors execute according to ACmds
-%% and CCmds, respectively.
-%%
-%% It is a good idea to have the backlog size in LCmds set to
-%% be at least as large as NConns.
-%%
-test_one_listener(NConns, LCmds0, ACmds0, CCmds0, Timeout, Suite, Config) ->
- ProtoMod = get_protomod(Config),
- SerializeAccept = get_serialize_accept(Config),
- ?line {ok, {CNode, SNode}} = start_client_server_nodes(Suite),
- case ProtoMod of
- ssl ->
- ?line ok = start_ssl([CNode, SNode], Config);
- gen_tcp ->
- ok
- end,
- LCmds = [{protomod, ProtoMod}| LCmds0],
- ACmds = [{protomod, ProtoMod}, {serialize_accept, SerializeAccept}|
- ACmds0],
- CCmds = [{protomod, ProtoMod}| CCmds0],
-
- ?line {ok, Listener} = start_process(SNode, self(), LCmds, listener),
- ?line {ok, LSock} = wait_lsock(Listener, ?WAIT_TIMEOUT),
- ?line {ok, Accs0} = start_processes(NConns, SNode, self(),
- [{lsock, LSock}| ACmds], acceptor),
- Accs = case ProtoMod of
- gen_tcp ->
- [Acc1| Accs1] = Accs0,
- Acc1 ! {continue_accept, self()},
- Accs1;
- ssl ->
- Accs0
- end,
- ?line {ok, Conns} = start_processes(NConns, CNode, self(),
- CCmds, connector),
- ?line case wait_ack(Accs, Accs0 ++ Conns, Timeout) of
- ok ->
- ?line sync([Listener]),
- ?line wait_ack([], [Listener], ?WAIT_TIMEOUT);
- {error, Reason} ->
- ?line stop_node(SNode),
- ?line stop_node(CNode),
- exit(Reason)
- end,
- ?line stop_node(SNode),
- ?line stop_node(CNode),
- ok.
-
-%%
-%% test_server_only(NConns, LCmds, ACmds, Timeout, Suite, Config)
-%%
-%% Creates only one server node, and runs one listener on
-%% the server node (according to LCmds), and creates NConns acceptors
-%% on the server node. The acceptors execute according to ACmds.
-%% There are no connectors.
-%%
-test_server_only(NConns, LCmds0, ACmds0, Timeout, Suite, Config) ->
- ProtoMod = get_protomod(Config),
- ?line {ok, SNode} = start_server_node(Suite),
- case ProtoMod of
- ssl ->
- ?line ok = start_ssl([SNode], Config);
- gen_tcp ->
- ok
- end,
- LCmds = [{protomod, ProtoMod}| LCmds0],
- ACmds = [{protomod, ProtoMod}| ACmds0],
- ?line {ok, Listener} = start_process(SNode, self(), LCmds, listener),
- ?line {ok, LSock} = wait_lsock(Listener, ?WAIT_TIMEOUT),
- ?line {ok, Accs0} = start_processes(NConns, SNode, self(),
- [{lsock, LSock}| ACmds], acceptor),
- Accs = case ProtoMod of
- gen_tcp ->
- [Acc1| Accs1] = Accs0,
- Acc1 ! {continue_accept, self()},
- Accs1;
- ssl ->
- Accs0
- end,
- ?line case wait_ack(Accs, Accs0, Timeout) of
- ok ->
- ?line sync([Listener]),
- ?line wait_ack([], [Listener], ?WAIT_TIMEOUT);
- {error, Reason} ->
- ?line stop_node(SNode),
- exit(Reason)
- end,
- ?line stop_node(SNode),
- ok.
-
-%%
-%% start_client_server_nodes(Suite) -> {ok, {CNode, SNode}}
-%%
-start_client_server_nodes(Suite) ->
- {ok, CNode} = start_client_node(Suite),
- {ok, SNode} = start_server_node(Suite),
- {ok, {CNode, SNode}}.
-
-start_client_node(Suite) ->
- start_node(lists:concat([Suite, "_client"])).
-
-start_server_node(Suite) ->
- start_node(lists:concat([Suite, "_server"])).
-
-%%
-%% start_ssl(Nodes, Config)
-%%
-start_ssl(Nodes, Config) ->
- Env0 = lists:flatten([Env00 || {env, Env00} <- Config]),
- Env1 = case os:getenv("SSL_DEBUG") of
- false ->
- [];
- _ ->
- Dir = ?config(priv_dir, Config),
- [{debug, true}, {debugdir, Dir}]
- end,
- Env = Env0 ++ Env1,
- lists:foreach(
- fun(Node) -> rpc:call(Node, ?MODULE, do_start, [Env]) end, Nodes),
- ok.
-
-do_start(Env) ->
- application:start(crypto),
- application:start(public_key),
- application:load(ssl),
- lists:foreach(
- fun({Par, Val}) -> application:set_env(ssl, Par, Val) end, Env),
- application:start(ssl).
-
-
-%%
-%% start_node(Name) -> {ok, Node}
-%% start_node(Name, ExtraParams) -> {ok, Node}
-%%
-start_node(Name) ->
- start_node(Name, []).
-start_node(Name, ExtraParams) ->
- Params = "-pa " ++ filename:dirname(code:which(?MODULE)) ++ " " ++
- ExtraParams,
- test_server:start_node(Name, slave, [{args, Params}]).
-
-stop_node(Node) ->
- test_server:stop_node(Node).
-
-%%
-%% start_processes(N, Node, Parent, Cmds, Type) -> {ok, Pids}
-%%
-start_processes(M, Node, Parent, Cmds, Type) ->
- start_processes1(0, M, Node, Parent, Cmds, Type, []).
-start_processes1(M, M, _, _, _, _, Pids) ->
- {ok, lists:reverse(Pids)};
-start_processes1(N, M, Node, Parent, Cmds, Type, Pids) ->
- {ok, Pid} = start_process(Node, Parent, Cmds, {Type, N + 1}),
- start_processes1(N + 1, M, Node, Parent, Cmds, Type, [Pid| Pids]).
-
-%%
-%% start_process(Node, Parent, Cmds, Type) -> {ok, Pid}
-%%
-start_process(Node, Parent, Cmds0, Type) ->
- Cmds = case os:type() of
- {win32, _} ->
- lists:map(fun(close) -> {close, ?CLOSE_WAIT};
- (Term) -> Term end, Cmds0);
- _ ->
- Cmds0
- end,
- Pid = spawn_link(Node, ?MODULE, process_init, [Parent, Cmds, Type]),
- {ok, Pid}.
-
-process_init(Parent, Cmds, Type) ->
- ?debug("#### ~w start~n", [{Type, self()}]),
- pre_main_loop(Cmds, #st{parent = Parent, type = Type}).
-
-%%
-%% pre_main_loop
-%%
-pre_main_loop([], St) ->
- ?debug("#### ~w end~n", [{St#st.type, self()}]),
- main_loop([], St);
-pre_main_loop(Cmds, St) ->
- ?debug("#### ~w -> ~w~n",
- [{St#st.type, self(), St#st.sock, St#st.port,
- St#st.peer, St#st.active}, hd(Cmds)]),
- main_loop(Cmds, St).
-
-%%
-%% main_loop(Cmds, St)
-%%
-main_loop([{protomod, ProtoMod}| Cmds], St) ->
- pre_main_loop(Cmds, St#st{protomod = ProtoMod});
-
-main_loop([{serialize_accept, Bool}| Cmds], St) ->
- pre_main_loop(Cmds, St#st{serialize_accept = Bool});
-
-main_loop([{sockopts, Opts}| Cmds], St) ->
- pre_main_loop(Cmds, St#st{sockopts = Opts});
-
-main_loop([{sslopts, Opts}| Cmds], St) ->
- pre_main_loop(Cmds, St#st{sslopts = Opts});
-
-main_loop([{protocols, Protocols}| Cmds], St) ->
- pre_main_loop(Cmds, St#st{protocols = Protocols});
-
-main_loop([{timeout, T}| Cmds], St) ->
- pre_main_loop(Cmds, St#st{timeout = T});
-
-main_loop([{lsock, LSock}| Cmds], St) ->
- pre_main_loop(Cmds, St#st{lsock = LSock});
-
-main_loop([{seed, Data}| Cmds], St) ->
- case ssl:seed("tjosan") of
- ok ->
- pre_main_loop(Cmds, St);
- {error, Reason} ->
- ?error("#### ~w(~w) in seed: error: ~w~n",
- [St#st.type, self(), Reason]),
- exit(Reason)
- end;
-
-main_loop([{listen, Port}| Cmds], St) ->
- case listen(St, Port) of
- {ok, LSock} ->
- ack_lsock(St#st.parent, LSock),
- NSt = get_active(St#st{port = Port, sock = LSock, lsock = LSock}),
- pre_main_loop(Cmds, St);
- {error, Reason} ->
- ?error("#### ~w(~w) in listen: error: ~w~n",
- [St#st.type, self(), Reason]),
- exit(Reason)
- end;
-
-main_loop([accept| Cmds], St) ->
- case St#st.serialize_accept of
- true ->
- Parent = St#st.parent,
- receive
- {continue_accept, Parent} ->
- ok
- end;
- false ->
- ok
- end,
- case accept(St) of
- {ok, Sock, Port, Peer} ->
- case St#st.serialize_accept of
- true ->
- St#st.parent ! {one_accept_done, self()};
- false ->
- ok
- end,
- NSt = get_active(St#st{sock = Sock, port = Port, peer = Peer}),
- pre_main_loop(Cmds, NSt);
- {error, Reason} ->
- ?error("#### ~w(~w) in accept: error: ~w~n",
- [St#st.type, self(), Reason]),
- exit(Reason)
- end;
-
-main_loop([accept_timeout| Cmds], St) ->
- case accept(St) of
- {error, timeout} ->
- pre_main_loop(Cmds, St);
- {error, Reason} ->
- ?error("#### ~w(~w) in accept_timeout: error: ~w~n",
- [St#st.type, self(), Reason]),
- exit(Reason)
- end;
-
-
-main_loop([{connect, {Host, Port}}| Cmds], St) ->
- case connect(St, Host, Port) of
- {ok, Sock, LPort, Peer} ->
- NSt = get_active(St#st{sock = Sock, port = LPort, peer = Peer}),
- pre_main_loop(Cmds, NSt);
- {error, Reason} ->
- ?error("#### ~w(~w) in connect: error: ~w~n",
- [St#st.type, self(), Reason]),
- exit(Reason)
- end;
-
-main_loop([connection_info| Cmds], St) ->
- case connection_info(St) of
- {ok, ProtoInfo} ->
- io:fwrite("Got connection_info:~n~p~n", [ProtoInfo]),
- pre_main_loop(Cmds, St);
- {error, Reason} ->
- ?error("#### ~w(~w) in connection_info: error: ~w~n",
- [St#st.type, self(), Reason]),
- exit(Reason)
- end;
-
-main_loop([peercert| Cmds], St) ->
- case peercert(St) of
- {ok, Cert} ->
- io:fwrite("Got cert:~n~p~n", [Cert]),
- pre_main_loop(Cmds, St);
- {error, Reason} ->
- ?error("#### ~w(~w) in peercert: error: ~w~n",
- [St#st.type, self(), Reason]),
- exit(Reason)
- end;
-
-main_loop([nopeercert| Cmds], St) ->
- case peercert(St) of
- {error, Reason} ->
- io:fwrite("Got no cert as expected. reason:~n~p~n", [Reason]),
- pre_main_loop(Cmds, St);
- {ok, Cert} ->
- ?error("#### ~w(~w) in peercert: error: got cert: ~p~n",
- [St#st.type, self(), Cert]),
- exit(peercert)
- end;
-
-main_loop([{recv, N}| Cmds], St) ->
- recv_loop([{recv, N}| Cmds], fun recv/1, St); % Returns to main_loop/2.
-
-main_loop([{send, N}| Cmds], St) ->
- Msg = mk_msg(N),
- case send(St, Msg) of
- ok ->
- pre_main_loop(Cmds, St);
- {error, Reason} ->
- ?error("#### ~w(~w) in send: error: ~w~n",
- [St#st.type, self(), Reason]),
- exit(Reason)
- end;
-
-main_loop([{echo, N}| Cmds], St) ->
- recv_loop([{echo, N}| Cmds], fun echo/1, St); % Returns to main_loop/2.
-
-main_loop([{close, WaitTime}| Cmds], St) ->
- wait(WaitTime),
- pre_main_loop([close| Cmds], St);
-
-main_loop([close| Cmds], St) ->
- case close(St) of
- ok ->
- pre_main_loop(Cmds, St#st{sock = nil});
- {error, Reason} ->
- ?error("#### ~w(~w) in close: error: ~w~n",
- [St#st.type, self(), Reason]),
- exit(Reason)
- end;
-
-main_loop([lclose| Cmds], St) ->
- case lclose(St) of
- ok ->
- pre_main_loop(Cmds, St#st{lsock = nil});
- {error, Reason} ->
- ?error("#### ~w(~w) in lclose: error: ~w~n",
- [St#st.type, self(), Reason]),
- exit(Reason)
- end;
-
-main_loop([await_close| Cmds], St) ->
- case await_close(St) of
- ok ->
- pre_main_loop(Cmds, St#st{sock = nil});
- {error, Reason} ->
- ?error("#### ~w(~w) in await_close: error: ~w~n",
- [St#st.type, self(), Reason]),
- exit(Reason)
- end;
-
-main_loop([wait_sync| Cmds], St) ->
- wait_sync(St),
- pre_main_loop(Cmds, St);
-
-main_loop({exit, Reason}, _St) ->
- exit(Reason);
-
-main_loop([], _St) ->
- ok.
-
-%%
-%% recv_loop(Cmds, F, St)
-%%
-%% F = recv/1 | echo/1
-%%
-recv_loop([{_Tag, 0}| Cmds], _, St) ->
- pre_main_loop(Cmds, St);
-recv_loop([{_Tag, N}| _Cmds], _, St) when N < 0 ->
- ?error("#### ~w(~w) in recv_loop: error: too much: ~w~n",
- [St#st.type, self(), N]),
- exit(toomuch); % XXX or {error, Reason}?
-recv_loop([{Tag, N}| Cmds], F, St) ->
- case F(St) of
- {ok, Len} ->
- NSt = St#st{active = new_active(St#st.active)},
- if
- Len == N ->
- pre_main_loop(Cmds, NSt);
- true ->
- ?debug("#### ~w -> ~w~n",
- [{NSt#st.type, self(), NSt#st.sock, NSt#st.port,
- NSt#st.peer, NSt#st.active}, {Tag, N - Len}]),
- recv_loop([{Tag, N - Len}| Cmds], F, NSt)
- end;
- {error, Reason} ->
- ?error("#### ~w(~w) in recv_loop: error: ~w, ~w bytes remain~n",
- [St#st.type, self(), Reason, N]),
- exit(Reason)
- end.
-
-new_active(once) ->
- false;
-new_active(A) ->
- A.
-
-get_active(St) ->
- A = case proplists:get_value(active, St#st.sockopts, undefined) of
- undefined ->
- Mod = case St#st.protomod of
- ssl ->
- ssl;
- gen_tcp ->
- inet
- end,
- {ok, [{active, Ax}]} = Mod:getopts(St#st.sock, [active]),
- Ax;
- Ay ->
- Ay
- end,
- ?debug("#### ~w(~w) get_active: ~p\n", [St#st.type, self(), A]),
- St#st{active = A}.
-
-
-%%
-%% SOCKET FUNCTIONS
-%%
-
-%%
-%% ssl
-%%
-
-%%
-%% listen(St, LPort) -> {ok, LSock} | {error, Reason}
-%%
-listen(St, LPort) ->
- case St#st.protomod of
- ssl ->
- ssl:listen(LPort, [{ssl_imp, old} | St#st.sockopts ++ St#st.sslopts]);
- gen_tcp ->
- gen_tcp:listen(LPort, St#st.sockopts)
- end.
-
-%%
-%% accept(St) -> {ok, Sock} | {error, Reason}
-%%
-accept(St) ->
- case St#st.protomod of
- ssl ->
- case ssl:transport_accept(St#st.lsock, St#st.timeout) of
- {ok, Sock} ->
- case ssl:ssl_accept(Sock, St#st.timeout) of
- ok ->
- {ok, Port} = ssl:sockname(Sock),
- {ok, Peer} = ssl:peername(Sock),
- {ok, Sock, Port, Peer};
- Other ->
- Other
- end;
- Other ->
- Other
- end;
- gen_tcp ->
- case gen_tcp:accept(St#st.lsock, St#st.timeout) of
- {ok, Sock} ->
- {ok, Port} = inet:port(Sock),
- {ok, Peer} = inet:peername(Sock),
- {ok, Sock, Port, Peer};
- Other ->
- Other
- end
- end.
-
-%%
-%% connect(St, Host, Port) -> {ok, Sock} | {error, Reason}
-%%
-connect(St, Host, Port) ->
-
- case St#st.protomod of
- ssl ->
- case ssl:connect(Host, Port,
- [{ssl_imp, old} | St#st.sockopts ++ St#st.sslopts],
- St#st.timeout) of
- {ok, Sock} ->
- {ok, LPort} = ssl:sockname(Sock),
- {ok, Peer} = ssl:peername(Sock),
- {ok, Sock, LPort, Peer};
- Other ->
- Other
- end;
- gen_tcp ->
- case gen_tcp:connect(Host, Port, St#st.sockopts, St#st.timeout) of
- {ok, Sock} ->
- {ok, LPort} = inet:port(Sock),
- {ok, Peer} = inet:peername(Sock),
- {ok, Sock, LPort, Peer};
- Other ->
- Other
- end
- end.
-
-%%
-%% peercert(St) -> {ok, Cert} | {error, Reason}
-%%
-peercert(St) ->
- case St#st.protomod of
- ssl ->
- ssl:peercert(St#st.sock, [ssl]);
- gen_tcp ->
- {ok, <<>>}
- end.
-
-%%
-%% connection_info(St) -> {ok, ProtoInfo} | {error, Reason}
-%%
-connection_info(St) ->
- case St#st.protomod of
- ssl ->
- case ssl:connection_info(St#st.sock) of
- Res = {ok, {Proto, _}} ->
- case St#st.protocols of
- [] ->
- Res;
- Protocols ->
- case lists:member(Proto, Protocols) of
- true ->
- Res;
- false ->
- {error, Proto}
- end
- end;
- Error ->
- Error
- end;
- gen_tcp ->
- {ok, <<>>}
- end.
-
-%%
-%% close(St) -> ok | {error, Reason}
-%%
-
-close(St) ->
- Mod = St#st.protomod,
- case St#st.sock of
- nil ->
- ok;
- _ ->
- Mod:close(St#st.sock)
- end.
-
-%%
-%% lclose(St) -> ok | {error, Reason}
-%%
-lclose(St) ->
- Mod = St#st.protomod,
- case St#st.lsock of
- nil ->
- ok;
- _ ->
- Mod:close(St#st.lsock)
- end.
-
-%%
-%% recv(St) = {ok, Len} | {error, Reason}
-%%
-recv(St) ->
- case do_recv(St) of
- {ok, Msg} ->
- {ok, length(Msg)};
- {error, Reason} ->
- {error, Reason}
- end.
-
-do_recv(St) when St#st.active == false ->
- %% First check that we do *not* have any ssl/gen_tcp messages in the
- %% message queue, then call the receive function.
- Sock = St#st.sock,
- case St#st.protomod of
- ssl ->
- receive
- M = {ssl, Sock, _Msg} ->
- {error, {unexpected_messagex, M}};
- M = {ssl_closed, Sock} ->
- {error, {unexpected_message, M}};
- M = {ssl_error, Sock, _Reason} ->
- {error, {unexpected_message, M}}
- after 0 ->
- ssl:recv(St#st.sock, 0, St#st.timeout)
- end;
- gen_tcp ->
- receive
- M = {tcp, Sock, _Msg} ->
- {error, {unexpected_message, M}};
- M = {tcp_closed, Sock} ->
- {error, {unexpected_message, M}};
- M = {tcp_error, Sock, _Reason} ->
- {error, {unexpected_message, M}}
- after 0 ->
- gen_tcp:recv(St#st.sock, 0, St#st.timeout)
- end
- end;
-do_recv(St) ->
- Sock = St#st.sock,
- Timeout = St#st.timeout,
- case St#st.protomod of
- ssl ->
- receive
- {ssl, Sock, Msg} ->
- {ok, Msg};
- {ssl_closed, Sock} ->
- {error, closed};
- {ssl_error, Sock, Reason} ->
- {error, Reason}
- after Timeout ->
- {error, timeout}
- end;
- gen_tcp ->
- receive
- {tcp, Sock, Msg} ->
- {ok, Msg};
- {tcp_closed, Sock} ->
- {error, closed};
- {tcp_error, Sock, Reason} ->
- {error, Reason}
- after Timeout ->
- {error, timeout}
- end
- end.
-
-%%
-%% echo(St) = {ok, Len} | {error, Reason}
-%%
-echo(St) ->
- Sock = St#st.sock,
- case do_recv(St) of
- {ok, Msg} ->
- Mod = St#st.protomod,
- case Mod:send(Sock, Msg) of
- ok ->
- {ok, length(Msg)};
- {error, Reason} ->
- {error, Reason}
- end;
- {error, Reason} ->
- {error, Reason}
- end.
-
-%%
-%% send(St, Msg) -> ok | {error, Reason}
-%%
-send(St, Msg) ->
- Mod = St#st.protomod,
- Mod:send(St#st.sock, Msg).
-
-%%
-%% await_close(St) -> ok | {error, Reason}
-%%
-await_close(St) when St#st.active == false ->
- %% First check that we do *not* have any ssl/gen_tcp messages in the
- %% message queue, then call the receive function.
- Sock = St#st.sock,
- Res = case St#st.protomod of
- ssl ->
- receive
- M = {ssl, Sock, _Msg0} ->
- {error, {unexpected_message, M}};
- M = {ssl_closed, Sock} ->
- {error, {unexpected_message, M}};
- M = {ssl_error, Sock, _Reason} ->
- {error, {unexpected_message, M}}
- after 0 ->
- ok
- end;
- gen_tcp ->
- receive
- M = {tcp, Sock, _Msg0} ->
- {error, {unexpected_message, M}};
- M = {tcp_closed, Sock} ->
- {error, {unexpected_message, M}};
- M = {tcp_error, Sock, _Reason} ->
- {error, {unexpected_message, M}}
- after 0 ->
- ok
- end
- end,
- case Res of
- ok ->
- Mod = St#st.protomod,
- case Mod:recv(St#st.sock, 0, St#st.timeout) of
- {ok, _Msg} ->
- {error, toomuch};
- {error, _} ->
- ok
- end;
- _ ->
- Res
- end;
-await_close(St) ->
- Sock = St#st.sock,
- Timeout = St#st.timeout,
- case St#st.protomod of
- ssl ->
- receive
- {ssl, Sock, _Msg} ->
- {error, toomuch};
- {ssl_closed, Sock} ->
- ok;
- {ssl_error, Sock, Reason} ->
- {error, Reason}
- after Timeout ->
- {error, timeout}
- end;
- gen_tcp ->
- receive
- {tcp, Sock, _Msg} ->
- {error, toomuch};
- {tcp_closed, Sock} ->
- ok;
- {tcp_error, Sock, Reason} ->
- {error, Reason}
- after Timeout ->
- {error, timeout}
- end
- end.
-
-
-%%
-%% HELP FUNCTIONS
-%%
-
-wait_ack(_, [], _) ->
- ok;
-wait_ack(AccPids0, Pids, Timeout) ->
- ?debug("#### CONTROLLER: waiting for ~w~n", [Pids]),
- receive
- {one_accept_done, Pid} ->
- case lists:delete(Pid, AccPids0) of
- [] ->
- wait_ack([], Pids, Timeout);
- [AccPid| AccPids1] ->
- AccPid ! {continue_accept, self()},
- wait_ack(AccPids1, Pids, Timeout)
- end;
- {'EXIT', Pid, normal} ->
- wait_ack(AccPids0, lists:delete(Pid, Pids), Timeout);
- {'EXIT', Pid, Reason} ->
- ?error("#### CONTROLLER got abnormal exit: ~w, ~w~n",
- [Pid, Reason]),
- {error, Reason}
- after Timeout ->
- ?error("#### CONTROLLER exiting because of timeout = ~w~n",
- [Timeout]),
- {error, Timeout}
- end.
-
-
-%%
-%% ack_lsock(Pid, LSock)
-%%
-ack_lsock(Pid, LSock) ->
- Pid ! {lsock, self(), LSock}.
-
-wait_lsock(Pid, Timeout) ->
- receive
- {lsock, Pid, LSock} ->
- {ok, LSock}
- after Timeout ->
- exit(timeout)
- end.
-
-%%
-%% sync(Pids)
-%%
-sync(Pids) ->
- lists:foreach(fun (Pid) -> Pid ! {self(), sync} end, Pids).
-
-%%
-%% wait_sync(St)
-%%
-wait_sync(St) ->
- Pid = St#st.parent,
- receive
- {Pid, sync} ->
- ok
- end.
-
-%%
-%% wait(Time)
-%%
-wait(Time) ->
- receive
- after Time ->
- ok
- end.
-
-%%
-%% mk_msg(Size)
-%%
-mk_msg(Size) ->
- mk_msg(0, Size, []).
-
-mk_msg(_, 0, Acc) ->
- Acc;
-mk_msg(Pos, Size, Acc) ->
- C = (((Pos + Size) rem 256) - 1) band 255,
- mk_msg(Pos, Size - 1, [C| Acc]).
-
-%%
-%% get_protomod(Config)
-%%
-get_protomod(Config) ->
- case lists:keysearch(protomod, 1, Config) of
- {value, {_, ProtoMod}} ->
- ProtoMod;
- false ->
- ssl
- end.
-
-%%
-%% get_serialize_accept(Config)
-%%
-get_serialize_accept(Config) ->
- case lists:keysearch(serialize_accept, 1, Config) of
- {value, {_, Val}} ->
- Val;
- false ->
- false
- end.
-
diff --git a/lib/ssl/test/ssl_test_MACHINE.hrl b/lib/ssl/test/ssl_test_MACHINE.hrl
deleted file mode 100644
index e78b33f505..0000000000
--- a/lib/ssl/test/ssl_test_MACHINE.hrl
+++ /dev/null
@@ -1,39 +0,0 @@
-%%
-%% %CopyrightBegin%
-%%
-%% Copyright Ericsson AB 2003-2010. All Rights Reserved.
-%%
-%% The contents of this file are subject to the Erlang Public License,
-%% Version 1.1, (the "License"); you may not use this file except in
-%% compliance with the License. You should have received a copy of the
-%% Erlang Public License along with this software. If not, it can be
-%% retrieved online at http://www.erlang.org/.
-%%
-%% Software distributed under the License is distributed on an "AS IS"
-%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
-%% the License for the specific language governing rights and limitations
-%% under the License.
-%%
-%% %CopyrightEnd%
-%%
-
--record(st, {protomod = ssl,
- serialize_accept = false,
- parent = nil,
- type = nil,
- active = nil,
- port = 0,
- peer = nil,
- lsock = nil,
- sock = nil,
- timeout = infinity,
- sockopts = [],
- sslopts = [],
- protocols = []}).
-
-%%-define(debug(X, Y), io:format(X, Y)).
--define(debug(X, Y), ok).
--define(error(X, Y), io:format(X, Y)).
-
--define(DEFAULT_TIMEOUT, 240000).
-
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index b7916b96eb..fa8a1826f2 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -22,6 +22,7 @@
-include("test_server.hrl").
-include("test_server_line.hrl").
+-include_lib("public_key/include/public_key.hrl").
%% Note: This directive should only be used in test suites.
-compile(export_all).
@@ -661,6 +662,9 @@ cipher_result(Socket, Result) ->
%% to properly test "cipher state" handling
ssl:send(Socket, "Hello\n"),
receive
+ {ssl, Socket, "H"} ->
+ ssl:send(Socket, " world\n"),
+ receive_rizzo_duong_beast();
{ssl, Socket, "Hello\n"} ->
ssl:send(Socket, " world\n"),
receive
@@ -673,3 +677,34 @@ cipher_result(Socket, Result) ->
session_info_result(Socket) ->
ssl:session_info(Socket).
+
+
+public_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+ #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?rsaEncryption},
+ privateKey = Key}) ->
+ public_key:der_decode('RSAPrivateKey', iolist_to_binary(Key));
+
+public_key(#'PrivateKeyInfo'{privateKeyAlgorithm =
+ #'PrivateKeyInfo_privateKeyAlgorithm'{algorithm = ?'id-dsa'},
+ privateKey = Key}) ->
+ public_key:der_decode('DSAPrivateKey', iolist_to_binary(Key));
+public_key(Key) ->
+ Key.
+receive_rizzo_duong_beast() ->
+ receive
+ {ssl, _, "ello\n"} ->
+ receive
+ {ssl, _, " "} ->
+ receive
+ {ssl, _, "world\n"} ->
+ ok
+ end
+ end
+ end.
+
+state([{data,[{"State", State}]} | _]) ->
+ State;
+state([{data,[{"StateData", State}]} | _]) ->
+ State;
+state([_ | Rest]) ->
+ state(Rest).
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 64a6a9eaf8..f04ab9af50 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -109,6 +109,9 @@ special_init(TestCase, Config)
TestCase == erlang_server_openssl_client_no_wrap_sequence_number ->
check_sane_openssl_renegotaite(Config);
+special_init(ssl2_erlang_server_openssl_client, Config) ->
+ check_sane_openssl_sslv2(Config);
+
special_init(_, Config) ->
Config.
@@ -168,7 +171,8 @@ all() ->
tls1_erlang_server_openssl_client_client_cert,
tls1_erlang_server_erlang_client_client_cert,
ciphers_rsa_signed_certs, ciphers_dsa_signed_certs,
- erlang_client_bad_openssl_server, expired_session,
+ erlang_client_bad_openssl_server,
+ expired_session,
ssl2_erlang_server_openssl_client].
groups() ->
@@ -222,7 +226,6 @@ erlang_client_openssl_server(Config) when is_list(Config) ->
%% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
-
ssl_test_lib:close(Client),
process_flag(trap_exit, false),
ok.
@@ -256,9 +259,9 @@ erlang_server_openssl_client(Config) when is_list(Config) ->
port_command(OpenSslPort, Data),
ssl_test_lib:check_result(Server, ok),
-
- ssl_test_lib:close(Server),
+ %% Clean close down! Server needs to be closed first !!
+ ssl_test_lib:close(Server),
close_port(OpenSslPort),
process_flag(trap_exit, false),
ok.
@@ -306,7 +309,6 @@ tls1_erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
%% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
-
ssl_test_lib:close(Client),
process_flag(trap_exit, false),
ok.
@@ -346,8 +348,8 @@ tls1_erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok),
+ %% Clean close down! Server needs to be closed first !!
ssl_test_lib:close(Server),
-
close_port(OpenSslPort),
process_flag(trap_exit, false),
ok.
@@ -395,7 +397,6 @@ ssl3_erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
%% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
-
ssl_test_lib:close(Client),
process_flag(trap_exit, false),
ok.
@@ -435,8 +436,8 @@ ssl3_erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok),
+ %% Clean close down! Server needs to be closed first !!
ssl_test_lib:close(Server),
-
close_port(OpenSslPort),
process_flag(trap_exit, false),
ok.
@@ -475,8 +476,8 @@ erlang_server_openssl_client_reuse_session(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok),
+ %% Clean close down! Server needs to be closed first !!
ssl_test_lib:close(Server),
-
close_port(OpenSslPort),
process_flag(trap_exit, false),
ok.
@@ -525,7 +526,6 @@ erlang_client_openssl_server_renegotiate(Config) when is_list(Config) ->
%% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
-
ssl_test_lib:close(Client),
process_flag(trap_exit, false),
ok.
@@ -574,7 +574,6 @@ erlang_client_openssl_server_no_wrap_sequence_number(Config) when is_list(Config
%% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
-
ssl_test_lib:close(Client),
process_flag(trap_exit, false),
ok.
@@ -615,8 +614,8 @@ erlang_server_openssl_client_no_wrap_sequence_number(Config) when is_list(Config
ssl_test_lib:check_result(Server, ok),
+ %% Clean close down! Server needs to be closed first !!
ssl_test_lib:close(Server),
-
close_port(OpenSslPort),
process_flag(trap_exit, false),
ok.
@@ -663,7 +662,6 @@ erlang_client_openssl_server_no_server_ca_cert(Config) when is_list(Config) ->
%% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
-
ssl_test_lib:close(Client),
process_flag(trap_exit, false),
ok.
@@ -674,6 +672,7 @@ ssl3_erlang_client_openssl_server(doc) ->
ssl3_erlang_client_openssl_server(suite) ->
[];
ssl3_erlang_client_openssl_server(Config) when is_list(Config) ->
+ process_flag(trap_exit, true),
ServerOpts = ?config(server_opts, Config),
ClientOpts = ?config(client_opts, Config),
@@ -700,11 +699,11 @@ ssl3_erlang_client_openssl_server(Config) when is_list(Config) ->
{options,
[{versions, [sslv3]} | ClientOpts]}]),
ssl_test_lib:check_result(Client, ok),
-
- ssl_test_lib:close(Client),
- %% Clean close down!
+
+ %% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
- test_server:sleep(?SLEEP),
+ ssl_test_lib:close(Client),
+ process_flag(trap_exit, false),
ok.
%%--------------------------------------------------------------------
@@ -714,6 +713,7 @@ ssl3_erlang_server_openssl_client(doc) ->
ssl3_erlang_server_openssl_client(suite) ->
[];
ssl3_erlang_server_openssl_client(Config) when is_list(Config) ->
+ process_flag(trap_exit, true),
ServerOpts = ?config(server_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -734,10 +734,10 @@ ssl3_erlang_server_openssl_client(Config) when is_list(Config) ->
OpenSslPort = open_port({spawn, Cmd}, [stderr_to_stdout]),
ssl_test_lib:check_result(Server, ok),
-
- close_port(OpenSslPort), %% openssl server first
+ %% Clean close down! Server needs to be closed first !!
ssl_test_lib:close(Server),
- test_server:sleep(?SLEEP),
+ close_port(OpenSslPort),
+ process_flag(trap_exit, false),
ok.
%%--------------------------------------------------------------------
@@ -779,7 +779,7 @@ ssl3_erlang_client_openssl_server_client_cert(Config) when is_list(Config) ->
ssl_test_lib:check_result(Client, ok),
- %% Clean close down!
+ %% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
ssl_test_lib:close(Client),
process_flag(trap_exit, false),
@@ -824,9 +824,9 @@ ssl3_erlang_server_openssl_client_client_cert(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok),
- close_port(OpenSslPort), %% openssl server first
+ %% Clean close down! Server needs to be closed first !!
+ close_port(OpenSslPort),
ssl_test_lib:close(Server),
- %% Clean close down!
process_flag(trap_exit, false),
ok.
@@ -849,7 +849,9 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
{mfa, {?MODULE,
- erlang_ssl_receive, [Data]}},
+ erlang_ssl_receive,
+ %% Due to 1/n-1 splitting countermeasure Rizzo/Duong-Beast
+ [Data]}},
{options,
[{verify , verify_peer}
| ServerOpts]}]),
@@ -858,6 +860,7 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
+ %% Due to 1/n-1 splitting countermeasure Rizzo/Duong-Beast
{mfa, {ssl, send, [Data]}},
{options,
[{versions, [sslv3]} | ClientOpts]}]),
@@ -869,6 +872,7 @@ ssl3_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
process_flag(trap_exit, false),
ok.
+
%%--------------------------------------------------------------------
tls1_erlang_client_openssl_server(doc) ->
@@ -907,10 +911,10 @@ tls1_erlang_client_openssl_server(Config) when is_list(Config) ->
[{versions, [tlsv1]} | ClientOpts]}]),
ssl_test_lib:check_result(Client, ok),
-
- ssl_test_lib:close(Client),
- %% Clean close down!
+
+ %% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
+ ssl_test_lib:close(Client),
process_flag(trap_exit, false),
ok.
@@ -943,9 +947,9 @@ tls1_erlang_server_openssl_client(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok),
- %% Clean close down!
- close_port(OpenSslPort),
+ %% Clean close down! Server needs to be closed first !!
ssl_test_lib:close(Server),
+ close_port(OpenSslPort),
process_flag(trap_exit, false),
ok.
@@ -989,7 +993,7 @@ tls1_erlang_client_openssl_server_client_cert(Config) when is_list(Config) ->
ssl_test_lib:check_result(Client, ok),
- %% Clean close down!
+ %% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
ssl_test_lib:close(Client),
process_flag(trap_exit, false),
@@ -1034,9 +1038,9 @@ tls1_erlang_server_openssl_client_client_cert(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, ok),
- %% Clean close down!
- close_port(OpenSslPort),
+ %% Clean close down! Server needs to be closed first !!
ssl_test_lib:close(Server),
+ close_port(OpenSslPort),
process_flag(trap_exit, false),
ok.
@@ -1071,9 +1075,7 @@ tls1_erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
[{versions, [tlsv1]} | ClientOpts]}]),
ssl_test_lib:check_result(Server, ok, Client, ok),
-
ssl_test_lib:close(Server),
- %% Clean close down!
process_flag(trap_exit, false),
ok.
%%--------------------------------------------------------------------
@@ -1136,7 +1138,7 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++
+ Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++ version_flag(Version) ++
" -cert " ++ CertFile ++ " -key " ++ KeyFile ++ "",
test_server:format("openssl cmd: ~p~n", [Cmd]),
@@ -1171,8 +1173,8 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
Result = ssl_test_lib:wait_for_result(Client, ok),
+ %% Clean close down! Server needs to be closed first !!
close_port(OpenSslPort),
- %% Clean close down!
ssl_test_lib:close(Client),
Return = case Result of
@@ -1184,6 +1186,12 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
process_flag(trap_exit, false),
Return.
+
+version_flag(tlsv1) ->
+ " -tls1 ";
+version_flag(sslv3) ->
+ " -ssl3 ".
+
%%--------------------------------------------------------------------
erlang_client_bad_openssl_server(doc) ->
[""];
@@ -1199,26 +1207,26 @@ erlang_client_bad_openssl_server(Config) when is_list(Config) ->
Port = ssl_test_lib:inet_port(node()),
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
-
+
Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++
- " -cert " ++ CertFile ++ " -key " ++ KeyFile ++ "",
-
+ " -cert " ++ CertFile ++ " -key " ++ KeyFile ++ "",
+
test_server:format("openssl cmd: ~p~n", [Cmd]),
OpensslPort = open_port({spawn, Cmd}, [stderr_to_stdout]),
-
+
wait_for_openssl_server(),
Client0 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
- {host, Hostname},
- {from, self()},
- {mfa, {?MODULE, server_sent_garbage, []}},
- {options,
- [{versions, [tlsv1]} | ClientOpts]}]),
+ {host, Hostname},
+ {from, self()},
+ {mfa, {?MODULE, server_sent_garbage, []}},
+ {options,
+ [{versions, [tlsv1]} | ClientOpts]}]),
%% Send garbage
port_command(OpensslPort, ?OPENSSL_GARBAGE),
-
+
test_server:sleep(?SLEEP),
Client0 ! server_sent_garbage,
@@ -1228,17 +1236,16 @@ erlang_client_bad_openssl_server(Config) when is_list(Config) ->
ssl_test_lib:close(Client0),
%% Make sure openssl does not hang and leave zombie process
- Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
- {host, Hostname},
- {from, self()},
- {mfa, {ssl_test_lib, no_result_msg, []}},
- {options,
- [{versions, [tlsv1]} | ClientOpts]}]),
-
- ssl_test_lib:close(Client1),
-
- %% Clean close down!
+ Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, {ssl_test_lib, no_result_msg, []}},
+ {options,
+ [{versions, [tlsv1]} | ClientOpts]}]),
+
+ %% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
+ ssl_test_lib:close(Client1),
process_flag(trap_exit, false),
ok.
@@ -1297,6 +1304,7 @@ expired_session(Config) when is_list(Config) ->
{mfa, {ssl_test_lib, no_result, []}},
{from, self()}, {options, ClientOpts}]),
+ %% Clean close down! Server needs to be closed first !!
close_port(OpensslPort),
ssl_test_lib:close(Client2),
process_flag(trap_exit, false).
@@ -1329,8 +1337,8 @@ ssl2_erlang_server_openssl_client(Config) when is_list(Config) ->
ssl_test_lib:check_result(Server, {error,"protocol version"}),
+ %% Clean close down! Server needs to be closed first !!
ssl_test_lib:close(Server),
-
close_port(OpenSslPort),
process_flag(trap_exit, false),
ok.
@@ -1346,6 +1354,8 @@ erlang_ssl_receive(Socket, Data) ->
%% open_ssl server sometimes hangs waiting in blocking read
ssl:send(Socket, "Got it"),
ok;
+ {ssl, Socket, Byte} when length(Byte) == 1 ->
+ erlang_ssl_receive(Socket, tl(Data));
{Port, {data,Debug}} when is_port(Port) ->
io:format("openssl ~s~n",[Debug]),
erlang_ssl_receive(Socket,Data);
@@ -1433,3 +1443,11 @@ check_sane_openssl_renegotaite(Config) ->
_ ->
Config
end.
+
+check_sane_openssl_sslv2(Config) ->
+ case os:cmd("openssl version") of
+ "OpenSSL 1.0.0e" ++ _ ->
+ {skip, "Known option bug"};
+ _ ->
+ Config
+ end.