aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/ssl.erl31
-rw-r--r--lib/ssl/src/ssl_connection.erl86
-rw-r--r--lib/ssl/src/tls_connection.erl2
-rw-r--r--lib/ssl/src/tls_handshake.erl3
-rw-r--r--lib/ssl/test/ssl_ECC_SUITE.erl56
-rw-r--r--lib/ssl/test/ssl_alpn_handshake_SUITE.erl28
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl732
-rw-r--r--lib/ssl/test/ssl_certificate_verify_SUITE.erl162
-rw-r--r--lib/ssl/test/ssl_crl_SUITE.erl38
-rw-r--r--lib/ssl/test/ssl_dist_SUITE.erl12
-rw-r--r--lib/ssl/test/ssl_handshake_SUITE.erl6
-rw-r--r--lib/ssl/test/ssl_npn_handshake_SUITE.erl25
-rw-r--r--lib/ssl/test/ssl_npn_hello_SUITE.erl18
-rw-r--r--lib/ssl/test/ssl_packet_SUITE.erl157
-rw-r--r--lib/ssl/test/ssl_payload_SUITE.erl77
-rw-r--r--lib/ssl/test/ssl_pem_cache_SUITE.erl8
-rw-r--r--lib/ssl/test/ssl_session_cache_SUITE.erl16
-rw-r--r--lib/ssl/test/ssl_sni_SUITE.erl20
-rw-r--r--lib/ssl/test/ssl_test_lib.erl90
-rw-r--r--lib/ssl/test/ssl_to_openssl_SUITE.erl153
-rw-r--r--lib/ssl/test/ssl_upgrade_SUITE.erl14
21 files changed, 905 insertions, 829 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index dbbb25025c..51732b4a59 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -400,24 +400,23 @@ negotiated_next_protocol(Socket) ->
end.
%%--------------------------------------------------------------------
+-spec cipher_suites() -> [ssl_cipher:erl_cipher_suite()] | [string()].
+%%--------------------------------------------------------------------
+cipher_suites() ->
+ cipher_suites(erlang).
+%%--------------------------------------------------------------------
-spec cipher_suites(erlang | openssl | all) -> [ssl_cipher:erl_cipher_suite()] |
[string()].
%% Description: Returns all supported cipher suites.
%%--------------------------------------------------------------------
cipher_suites(erlang) ->
- Version = tls_record:highest_protocol_version([]),
- ssl_cipher:filter_suites([ssl_cipher:erl_suite_definition(S)
- || S <- ssl_cipher:suites(Version)]);
+ [ssl_cipher:erl_suite_definition(Suite) || Suite <- available_suites(default)];
+
cipher_suites(openssl) ->
- Version = tls_record:highest_protocol_version([]),
- [ssl_cipher:openssl_suite_name(S)
- || S <- ssl_cipher:filter_suites(ssl_cipher:suites(Version))];
+ [ssl_cipher:openssl_suite_name(Suite) || Suite <- available_suites(default)];
+
cipher_suites(all) ->
- Version = tls_record:highest_protocol_version([]),
- ssl_cipher:filter_suites([ssl_cipher:erl_suite_definition(S)
- || S <-ssl_cipher:all_suites(Version)]).
-cipher_suites() ->
- cipher_suites(erlang).
+ [ssl_cipher:erl_suite_definition(Suite) || Suite <- available_suites(all)].
%%--------------------------------------------------------------------
-spec getopts(#sslsocket{}, [gen_tcp:option_name()]) ->
@@ -584,6 +583,16 @@ format_error(Error) ->
%%%--------------------------------------------------------------
%%% Internal functions
%%%--------------------------------------------------------------------
+
+%% Possible filters out suites not supported by crypto
+available_suites(default) ->
+ Version = tls_record:highest_protocol_version([]),
+ ssl_cipher:filter_suites(ssl_cipher:suites(Version));
+
+available_suites(all) ->
+ Version = tls_record:highest_protocol_version([]),
+ ssl_cipher:filter_suites(ssl_cipher:all_suites(Version)).
+
do_connect(Address, Port,
#config{transport_info = CbInfo, inet_user = UserOpts, ssl = SslOpts,
emulated = EmOpts, inet_ssl = SocketOpts, connection_cb = ConnetionCb},
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index 26c371a8ea..089b3615c6 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -875,48 +875,14 @@ handle_call({get_opts, OptTags}, From, _,
socket_options = SockOpts}, _) ->
OptsReply = get_socket_opts(Transport, Socket, OptTags, SockOpts, []),
{keep_state_and_data, [{reply, From, OptsReply}]};
-handle_call({set_opts, Opts0}, From, connection = StateName0,
+handle_call({set_opts, Opts0}, From, StateName,
#state{socket_options = Opts1,
- protocol_cb = Connection,
socket = Socket,
- transport_cb = Transport,
- user_data_buffer = Buffer} = State0, _) ->
+ transport_cb = Transport} = State0, _) ->
{Reply, Opts} = set_socket_opts(Transport, Socket, Opts0, Opts1, []),
- State1 = State0#state{socket_options = Opts},
- if
- Opts#socket_options.active =:= false ->
- hibernate_after(StateName0, State1, [{reply, From, Reply}]);
- Buffer =:= <<>>, Opts1#socket_options.active =:= false ->
- %% Need data, set active once
- {Record, State2} = Connection:next_record_if_active(State1),
- %% Note: Renogotiation may cause StateName0 =/= StateName
- case Connection:next_event(StateName0, Record, State2) of
- {next_state, StateName, State} ->
- hibernate_after(StateName, State, [{reply, From, Reply}]);
- {next_state, StateName, State, Actions} ->
- hibernate_after(StateName, State, [{reply, From, Reply} | Actions]);
- {stop, Reason, State} ->
- {stop, Reason, State}
- end;
- Buffer =:= <<>> ->
- %% Active once already set
- hibernate_after(StateName0, State1, [{reply, From, Reply}]);
- true ->
- case Connection:read_application_data(<<>>, State1) of
- {stop, Reason, State} ->
- {stop, Reason, State};
- {Record, State2} ->
- %% Note: Renogotiation may cause StateName0 =/= StateName
- case Connection:next_event(StateName0, Record, State2) of
- {next_state, StateName, State} ->
- hibernate_after(StateName, State, [{reply, From, Reply}]);
- {next_state, StateName, State, Actions} ->
- hibernate_after(StateName, State, [{reply, From, Reply} | Actions]);
- {stop, _, _} = Stop ->
- Stop
- end
- end
- end;
+ State = State0#state{socket_options = Opts},
+ handle_active_option(Opts#socket_options.active, StateName, From, Reply, State);
+
handle_call(renegotiate, From, StateName, _, _) when StateName =/= connection ->
{keep_state_and_data, [{reply, From, {error, already_renegotiating}}]};
handle_call({prf, Secret, Label, Seed, WantedLength}, From, _,
@@ -1876,9 +1842,12 @@ start_or_recv_cancel_timer(infinity, _RecvFrom) ->
start_or_recv_cancel_timer(Timeout, RecvFrom) ->
erlang:send_after(Timeout, self(), {cancel_start_or_recv, RecvFrom}).
-hibernate_after(StateName, #state{ssl_options=#ssl_options{hibernate_after = HibernateAfter}} = State,
+hibernate_after(connection = StateName,
+ #state{ssl_options=#ssl_options{hibernate_after = HibernateAfter}} = State,
Actions) ->
- {next_state, StateName, State, [{timeout, HibernateAfter, hibernate} | Actions]}.
+ {next_state, StateName, State, [{timeout, HibernateAfter, hibernate} | Actions]};
+hibernate_after(StateName, State, Actions) ->
+ {next_state, StateName, State, Actions}.
terminate_alert(normal, Version, ConnectionStates) ->
ssl_alert:encode(?ALERT_REC(?WARNING, ?CLOSE_NOTIFY),
@@ -2032,4 +2001,39 @@ ssl_options_list([ciphers = Key | Keys], [Value | Values], Acc) ->
ssl_options_list([Key | Keys], [Value | Values], Acc) ->
ssl_options_list(Keys, Values, [{Key, Value} | Acc]).
+handle_active_option(false, connection = StateName, To, Reply, State) ->
+ hibernate_after(StateName, State, [{reply, To, Reply}]);
+
+handle_active_option(_, connection = StateName0, To, Reply, #state{protocol_cb = Connection,
+ user_data_buffer = <<>>} = State0) ->
+ %% Need data, set active once
+ {Record, State1} = Connection:next_record_if_active(State0),
+ %% Note: Renogotiation may cause StateName0 =/= StateName
+ case Connection:next_event(StateName0, Record, State1) of
+ {next_state, StateName, State} ->
+ hibernate_after(StateName, State, [{reply, To, Reply}]);
+ {next_state, StateName, State, Actions} ->
+ hibernate_after(StateName, State, [{reply, To, Reply} | Actions]);
+ {stop, Reason, State} ->
+ {stop, Reason, State}
+ end;
+handle_active_option(_, StateName, To, Reply, #state{user_data_buffer = <<>>} = State) ->
+ %% Active once already set
+ {next_state, StateName, State, [{reply, To, Reply}]};
+%% user_data_buffer =/= <<>>
+handle_active_option(_, StateName0, To, Reply, #state{protocol_cb = Connection} = State0) ->
+ case Connection:read_application_data(<<>>, State0) of
+ {stop, Reason, State} ->
+ {stop, Reason, State};
+ {Record, State1} ->
+ %% Note: Renogotiation may cause StateName0 =/= StateName
+ case Connection:next_event(StateName0, Record, State1) of
+ {next_state, StateName, State} ->
+ hibernate_after(StateName, State, [{reply, To, Reply}]);
+ {next_state, StateName, State, Actions} ->
+ hibernate_after(StateName, State, [{reply, To, Reply} | Actions]);
+ {stop, _, _} = Stop ->
+ Stop
+ end
+ end.
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 208edc644a..40f3eea527 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -922,7 +922,7 @@ alert_user(Transport, Tracker, Socket,_, _, _, From, Alert, Role) ->
alert_user(Transport, Tracker, Socket, From, Alert, Role) ->
alert_user(Transport, Tracker, Socket, false, no_pid, From, Alert, Role).
-alert_user(_, _, _, false = Active, Pid, From, Alert, Role) ->
+alert_user(_, _, _, false = Active, Pid, From, Alert, Role) when From =/= undefined ->
%% If there is an outstanding ssl_accept | recv
%% From will be defined and send_or_reply will
%% send the appropriate error message.
diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index 102dbba198..f34eebb0e4 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -283,7 +283,8 @@ available_signature_algs(undefined, SupportedHashSigns, _, {Major, Minor}) when
SupportedHashSigns;
available_signature_algs(#hash_sign_algos{hash_sign_algos = ClientHashSigns}, SupportedHashSigns,
_, {Major, Minor}) when (Major >= 3) andalso (Minor >= 3) ->
- ordsets:intersection(ClientHashSigns, SupportedHashSigns);
+ sets:to_list(sets:intersection(sets:from_list(ClientHashSigns),
+ sets:from_list(SupportedHashSigns)));
available_signature_algs(_, _, _, _) ->
undefined.
diff --git a/lib/ssl/test/ssl_ECC_SUITE.erl b/lib/ssl/test/ssl_ECC_SUITE.erl
index 4260cb910b..3a1fd00c06 100644
--- a/lib/ssl/test/ssl_ECC_SUITE.erl
+++ b/lib/ssl/test/ssl_ECC_SUITE.erl
@@ -74,8 +74,8 @@ init_per_suite(Config0) ->
try crypto:start() of
ok ->
%% make rsa certs using oppenssl
- {ok, _} = make_certs:all(?config(data_dir, Config0),
- ?config(priv_dir, Config0)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config0),
+ proplists:get_value(priv_dir, Config0)),
Config1 = ssl_test_lib:make_ecdsa_cert(Config0),
Config2 = ssl_test_lib:make_ecdh_rsa_cert(Config1),
ssl_test_lib:cert_options(Config2)
@@ -130,8 +130,8 @@ init_per_group(Group, Config) ->
common_init_per_group(GroupName, Config) ->
case ssl_test_lib:is_tls_version(GroupName) of
true ->
- ssl_test_lib:init_tls_version(GroupName),
- [{tls_version, GroupName} | Config];
+ Config0 = ssl_test_lib:init_tls_version(GroupName, Config),
+ [{tls_version, GroupName} | Config0];
_ ->
openssl_check(GroupName, Config)
end.
@@ -142,7 +142,7 @@ end_per_group(_GroupName, Config) ->
%%--------------------------------------------------------------------
init_per_testcase(TestCase, Config) ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:log("Ciphers: ~p~n ", [ ssl:cipher_suites()]),
end_per_testcase(TestCase, Config),
ssl:start(),
@@ -158,43 +158,43 @@ end_per_testcase(_TestCase, Config) ->
%%--------------------------------------------------------------------
client_ecdh_server_ecdh(Config) when is_list(Config) ->
- COpts = ?config(client_ecdh_rsa_opts, Config),
- SOpts = ?config(server_ecdh_rsa_verify_opts, Config),
+ COpts = proplists:get_value(client_ecdh_rsa_opts, Config),
+ SOpts = proplists:get_value(server_ecdh_rsa_verify_opts, Config),
basic_test(COpts, SOpts, Config).
client_ecdh_server_rsa(Config) when is_list(Config) ->
- COpts = ?config(client_ecdh_rsa_opts, Config),
- SOpts = ?config(server_ecdh_rsa_verify_opts, Config),
+ COpts = proplists:get_value(client_ecdh_rsa_opts, Config),
+ SOpts = proplists:get_value(server_ecdh_rsa_verify_opts, Config),
basic_test(COpts, SOpts, Config).
client_rsa_server_ecdh(Config) when is_list(Config) ->
- COpts = ?config(client_ecdh_rsa_opts, Config),
- SOpts = ?config(server_ecdh_rsa_verify_opts, Config),
+ COpts = proplists:get_value(client_ecdh_rsa_opts, Config),
+ SOpts = proplists:get_value(server_ecdh_rsa_verify_opts, Config),
basic_test(COpts, SOpts, Config).
client_rsa_server_rsa(Config) when is_list(Config) ->
- COpts = ?config(client_verification_opts, Config),
- SOpts = ?config(server_verification_opts, Config),
+ COpts = proplists:get_value(client_verification_opts, Config),
+ SOpts = proplists:get_value(server_verification_opts, Config),
basic_test(COpts, SOpts, Config).
client_ecdsa_server_ecdsa(Config) when is_list(Config) ->
- COpts = ?config(client_ecdsa_opts, Config),
- SOpts = ?config(server_ecdsa_verify_opts, Config),
+ COpts = proplists:get_value(client_ecdsa_opts, Config),
+ SOpts = proplists:get_value(server_ecdsa_verify_opts, Config),
basic_test(COpts, SOpts, Config).
client_ecdsa_server_rsa(Config) when is_list(Config) ->
- COpts = ?config(client_ecdsa_opts, Config),
- SOpts = ?config(server_ecdsa_verify_opts, Config),
+ COpts = proplists:get_value(client_ecdsa_opts, Config),
+ SOpts = proplists:get_value(server_ecdsa_verify_opts, Config),
basic_test(COpts, SOpts, Config).
client_rsa_server_ecdsa(Config) when is_list(Config) ->
- COpts = ?config(client_ecdsa_opts, Config),
- SOpts = ?config(server_ecdsa_verify_opts, Config),
+ COpts = proplists:get_value(client_ecdsa_opts, Config),
+ SOpts = proplists:get_value(server_ecdsa_verify_opts, Config),
basic_test(COpts, SOpts, Config).
client_ecdsa_server_ecdsa_with_raw_key(Config) when is_list(Config) ->
- COpts = ?config(client_ecdsa_opts, Config),
- SOpts = ?config(server_ecdsa_verify_opts, Config),
+ COpts = proplists:get_value(client_ecdsa_opts, Config),
+ SOpts = proplists:get_value(server_ecdsa_verify_opts, Config),
ServerCert = proplists:get_value(certfile, SOpts),
ServerKeyFile = proplists:get_value(keyfile, SOpts),
{ok, PemBin} = file:read_file(ServerKeyFile),
@@ -205,8 +205,8 @@ client_ecdsa_server_ecdsa_with_raw_key(Config) when is_list(Config) ->
ClientCert = proplists:get_value(certfile, COpts),
ClientKey = proplists:get_value(keyfile, COpts),
ClientCA = proplists:get_value(cacertfile, COpts),
- SType = ?config(server_type, Config),
- CType = ?config(client_type, Config),
+ SType = proplists:get_value(server_type, Config),
+ CType = proplists:get_value(client_type, Config),
{Server, Port} = start_server_with_raw_key(SType,
ClientCA, ServerCA,
ServerCert,
@@ -231,8 +231,8 @@ basic_test(COpts, SOpts, Config) ->
Config).
basic_test(ClientCert, ClientKey, ClientCA, ServerCert, ServerKey, ServerCA, Config) ->
- SType = ?config(server_type, Config),
- CType = ?config(client_type, Config),
+ SType = proplists:get_value(server_type, Config),
+ CType = proplists:get_value(client_type, Config),
{Server, Port} = start_server(SType,
ClientCA, ServerCA,
ServerCert,
@@ -245,7 +245,7 @@ basic_test(ClientCert, ClientKey, ClientCA, ServerCert, ServerKey, ServerCA, Con
close(Server, Client).
start_client(openssl, Port, CA, OwnCa, Cert, Key, Config) ->
- PrivDir = ?config(priv_dir, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
NewCA = new_ca(filename:join(PrivDir, "new_ca.pem"), CA, OwnCa),
Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
Exe = "openssl",
@@ -268,7 +268,7 @@ start_client(erlang, Port, CA, _, Cert, Key, Config) ->
{certfile, Cert}, {keyfile, Key}]}]).
start_server(openssl, CA, OwnCa, Cert, Key, Config) ->
- PrivDir = ?config(priv_dir, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
NewCA = new_ca(filename:join(PrivDir, "new_ca.pem"), CA, OwnCa),
Port = ssl_test_lib:inet_port(node()),
@@ -315,7 +315,7 @@ check_result(_,openssl, _, openssl) ->
openssl_check(erlang, Config) ->
Config;
openssl_check(_, Config) ->
- TLSVersion = ?config(tls_version, Config),
+ TLSVersion = proplists:get_value(tls_version, Config),
case ssl_test_lib:check_sane_openssl_version(TLSVersion) of
true ->
Config;
diff --git a/lib/ssl/test/ssl_alpn_handshake_SUITE.erl b/lib/ssl/test/ssl_alpn_handshake_SUITE.erl
index f5469ec8e0..da181faf64 100644
--- a/lib/ssl/test/ssl_alpn_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_alpn_handshake_SUITE.erl
@@ -72,8 +72,8 @@ init_per_suite(Config) ->
try crypto:start() of
ok ->
ssl:start(),
- {ok, _} = make_certs:all(?config(data_dir, Config),
- ?config(priv_dir, Config)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config),
+ proplists:get_value(priv_dir, Config)),
ssl_test_lib:cert_options(Config)
catch _:_ ->
{skip, "Crypto did not start"}
@@ -90,7 +90,7 @@ init_per_group(GroupName, Config) ->
true ->
case ssl_test_lib:sufficient_crypto_support(GroupName) of
true ->
- ssl_test_lib:init_tls_version(GroupName),
+ ssl_test_lib:init_tls_version(GroupName, Config),
Config;
false ->
{skip, "Missing crypto support"}
@@ -104,7 +104,7 @@ end_per_group(_GroupName, Config) ->
Config.
init_per_testcase(_TestCase, Config) ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:timetrap({seconds, 10}),
Config.
@@ -226,9 +226,9 @@ client_alpn_and_server_alpn_npn(Config) when is_list(Config) ->
client_renegotiate(Config) when is_list(Config) ->
Data = "hello world",
- ClientOpts0 = ?config(client_opts, Config),
+ ClientOpts0 = proplists:get_value(client_opts, Config),
ClientOpts = [{alpn_advertised_protocols, [<<"http/1.0">>]}] ++ ClientOpts0,
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = proplists:get_value(server_opts, Config),
ServerOpts = [{alpn_preferred_protocols, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}] ++ ServerOpts0,
ExpectedProtocol = {ok, <<"http/1.0">>},
@@ -250,9 +250,9 @@ client_renegotiate(Config) when is_list(Config) ->
%--------------------------------------------------------------------------------
session_reused(Config) when is_list(Config)->
- ClientOpts0 = ?config(client_opts, Config),
+ ClientOpts0 = proplists:get_value(client_opts, Config),
ClientOpts = [{alpn_advertised_protocols, [<<"http/1.0">>]}] ++ ClientOpts0,
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = proplists:get_value(server_opts, Config),
ServerOpts = [{alpn_preferred_protocols, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}] ++ ServerOpts0,
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -299,7 +299,7 @@ session_reused(Config) when is_list(Config)->
%--------------------------------------------------------------------------------
alpn_not_supported_client(Config) when is_list(Config) ->
- ClientOpts0 = ?config(client_opts, Config),
+ ClientOpts0 = proplists:get_value(client_opts, Config),
PrefProtocols = {client_preferred_next_protocols,
{client, [<<"http/1.0">>], <<"http/1.1">>}},
ClientOpts = [PrefProtocols] ++ ClientOpts0,
@@ -315,7 +315,7 @@ alpn_not_supported_client(Config) when is_list(Config) ->
%--------------------------------------------------------------------------------
alpn_not_supported_server(Config) when is_list(Config)->
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = proplists:get_value(server_opts, Config),
AdvProtocols = {next_protocols_advertised, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]},
ServerOpts = [AdvProtocols] ++ ServerOpts0,
@@ -326,8 +326,8 @@ alpn_not_supported_server(Config) when is_list(Config)->
%%--------------------------------------------------------------------
run_failing_handshake(Config, ClientExtraOpts, ServerExtraOpts, ExpectedResult) ->
- ClientOpts = ClientExtraOpts ++ ?config(client_opts, Config),
- ServerOpts = ServerExtraOpts ++ ?config(server_opts, Config),
+ ClientOpts = ClientExtraOpts ++ proplists:get_value(client_opts, Config),
+ ServerOpts = ServerExtraOpts ++ proplists:get_value(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -346,9 +346,9 @@ run_failing_handshake(Config, ClientExtraOpts, ServerExtraOpts, ExpectedResult)
run_handshake(Config, ClientExtraOpts, ServerExtraOpts, ExpectedProtocol) ->
Data = "hello world",
- ClientOpts0 = ?config(client_opts, Config),
+ ClientOpts0 = proplists:get_value(client_opts, Config),
ClientOpts = ClientExtraOpts ++ ClientOpts0,
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = proplists:get_value(server_opts, Config),
ServerOpts = ServerExtraOpts ++ ServerOpts0,
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 9341d2cae7..d1162ab4a5 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -47,8 +47,12 @@
all() ->
[
{group, basic},
+ {group, basic_tls},
{group, options},
+ {group, options_tls},
{group, session},
+ %%{group, 'dtlsv1.2'},
+ %%{group, 'dtlsv1'},
{group, 'tlsv1.2'},
{group, 'tlsv1.1'},
{group, 'tlsv1'},
@@ -57,19 +61,29 @@ all() ->
groups() ->
[{basic, [], basic_tests()},
+ {basic_tls, [], basic_tests_tls()},
{options, [], options_tests()},
- {'tlsv1.2', [], all_versions_groups() ++ [conf_signature_algs, no_common_signature_algs]},
- {'tlsv1.1', [], all_versions_groups()},
- {'tlsv1', [], all_versions_groups() ++ rizzo_tests()},
- {'sslv3', [], all_versions_groups() ++ rizzo_tests() ++ [ciphersuite_vs_version]},
+ {options_tls, [], options_tests_tls()},
+ %%{'dtlsv1.2', [], all_versions_groups()},
+ %%{'dtlsv1', [], all_versions_groups()},
+ {'tlsv1.2', [], all_versions_groups() ++ tls_versions_groups() ++ [conf_signature_algs, no_common_signature_algs]},
+ {'tlsv1.1', [], all_versions_groups() ++ tls_versions_groups()},
+ {'tlsv1', [], all_versions_groups() ++ tls_versions_groups() ++ rizzo_tests()},
+ {'sslv3', [], all_versions_groups() ++ tls_versions_groups() ++ rizzo_tests() ++ [tls_ciphersuite_vs_version]},
{api,[], api_tests()},
+ {api_tls,[], api_tests_tls()},
{session, [], session_tests()},
{renegotiate, [], renegotiate_tests()},
{ciphers, [], cipher_tests()},
{ciphers_ec, [], cipher_tests_ec()},
- {error_handling_tests, [], error_handling_tests()}
+ {error_handling_tests, [], error_handling_tests()},
+ {error_handling_tests_tls, [], error_handling_tests_tls()}
].
+tls_versions_groups ()->
+ [{group, api_tls},
+ {group, error_handling_tests_tls}].
+
all_versions_groups ()->
[{group, api},
{group, renegotiate},
@@ -82,7 +96,6 @@ basic_tests() ->
[app,
appup,
alerts,
- send_close,
version_option,
connect_twice,
connect_dist,
@@ -92,9 +105,12 @@ basic_tests() ->
cipher_format
].
+basic_tests_tls() ->
+ [tls_send_close
+ ].
+
options_tests() ->
[der_input,
- misc_ssl_options,
ssl_options_not_proplist,
raw_ssl_option,
socket_options,
@@ -113,13 +129,16 @@ options_tests() ->
empty_protocol_versions,
ipv6,
reuseaddr,
- tcp_reuseaddr,
honor_server_cipher_order,
honor_client_cipher_order,
unordered_protocol_versions_server,
unordered_protocol_versions_client
].
+options_tests_tls() ->
+ [tls_misc_ssl_options,
+ tls_tcp_reuseaddr].
+
api_tests() ->
[connection_info,
connection_information,
@@ -129,26 +148,29 @@ api_tests() ->
sockname,
versions,
controlling_process,
- upgrade,
- upgrade_with_timeout,
- downgrade,
close_with_timeout,
- shutdown,
- shutdown_write,
- shutdown_both,
- shutdown_error,
hibernate,
hibernate_right_away,
listen_socket,
- ssl_accept_timeout,
ssl_recv_timeout,
- versions_option,
server_name_indication_option,
accept_pool,
new_options_in_accept,
prf
].
+api_tests_tls() ->
+ [tls_versions_option,
+ tls_upgrade,
+ tls_upgrade_with_timeout,
+ tls_ssl_accept_timeout,
+ tls_downgrade,
+ tls_shutdown,
+ tls_shutdown_write,
+ tls_shutdown_both,
+ tls_shutdown_error
+ ].
+
session_tests() ->
[reuse_session,
reuse_session_expired,
@@ -198,15 +220,18 @@ cipher_tests_ec() ->
error_handling_tests()->
[controller_dies,
- client_closes_socket,
- tcp_error_propagation_in_active_mode,
- tcp_connect,
- tcp_connect_big,
close_transport_accept,
recv_active,
recv_active_once,
- recv_error_handling,
- dont_crash_on_handshake_garbage
+ recv_error_handling
+ ].
+
+error_handling_tests_tls()->
+ [tls_client_closes_socket,
+ tls_tcp_error_propagation_in_active_mode,
+ tls_tcp_connect,
+ tls_tcp_connect_big,
+ tls_dont_crash_on_handshake_garbage
].
rizzo_tests() ->
@@ -220,8 +245,8 @@ init_per_suite(Config0) ->
ok ->
ssl:start(),
%% make rsa certs using oppenssl
- {ok, _} = make_certs:all(?config(data_dir, Config0),
- ?config(priv_dir, Config0)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config0),
+ proplists:get_value(priv_dir, Config0)),
Config1 = ssl_test_lib:make_dsa_cert(Config0),
Config2 = ssl_test_lib:make_ecdsa_cert(Config1),
Config = ssl_test_lib:make_ecdh_rsa_cert(Config2),
@@ -238,8 +263,7 @@ end_per_suite(_Config) ->
init_per_group(GroupName, Config) ->
case ssl_test_lib:is_tls_version(GroupName) andalso ssl_test_lib:sufficient_crypto_support(GroupName) of
true ->
- ssl_test_lib:init_tls_version(GroupName),
- Config;
+ ssl_test_lib:init_tls_version(GroupName, Config);
_ ->
case ssl_test_lib:sufficient_crypto_support(GroupName) of
true ->
@@ -309,7 +333,7 @@ init_per_testcase(TestCase, Config) when TestCase == client_renegotiate;
TestCase == renegotiate_dos_mitigate_active;
TestCase == renegotiate_dos_mitigate_passive;
TestCase == renegotiate_dos_mitigate_absolute ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:timetrap({seconds, 30}),
Config;
@@ -318,23 +342,22 @@ init_per_testcase(TestCase, Config) when TestCase == psk_cipher_suites;
TestCase == ciphers_rsa_signed_certs;
TestCase == ciphers_rsa_signed_certs_openssl_names;
TestCase == versions_option,
- TestCase == tcp_connect_big ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
-
+ TestCase == tls_tcp_connect_big ->
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:timetrap({seconds, 30}),
Config;
init_per_testcase(rizzo, Config) ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:timetrap({seconds, 40}),
Config;
init_per_testcase(prf, Config) ->
ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
ct:timetrap({seconds, 40}),
- case ?config(tc_group_path, Config) of
+ case proplists:get_value(tc_group_path, Config) of
[] -> Prop = [];
[Prop] -> Prop
end,
- case ?config(name, Prop) of
+ case proplists:get_value(name, Prop) of
undefined -> TlsVersions = [sslv3, tlsv1, 'tlsv1.1', 'tlsv1.2'];
TlsVersion when is_atom(TlsVersion) ->
TlsVersions = [TlsVersion]
@@ -353,14 +376,14 @@ init_per_testcase(prf, Config) ->
TestPlan = prf_create_plan(TlsVersions, PRFS, ExpectedPrfResults),
[{prf_test_plan, TestPlan} | Config];
-init_per_testcase(TestCase, Config) when TestCase == ssl_accept_timeout;
- TestCase == client_closes_socket;
- TestCase == downgrade ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+init_per_testcase(TestCase, Config) when TestCase == tls_ssl_accept_timeout;
+ TestCase == tls_client_closes_socket;
+ TestCase == tls_downgrade ->
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:timetrap({seconds, 15}),
Config;
init_per_testcase(clear_pem_cache, Config) ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:timetrap({seconds, 20}),
Config;
init_per_testcase(raw_ssl_option, Config) ->
@@ -372,8 +395,18 @@ init_per_testcase(raw_ssl_option, Config) ->
{skip, "Raw options are platform-specific"}
end;
+init_per_testcase(accept_pool, Config) ->
+ ct:timetrap({seconds, 5}),
+ case proplists:get_value(protocol, Config) of
+ dtls ->
+ {skip, "Not yet supported on DTLS sockets"};
+ _ ->
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
+ Config
+ end;
+
init_per_testcase(_TestCase, Config) ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:timetrap({seconds, 5}),
Config.
@@ -427,14 +460,16 @@ alerts(Config) when is_list(Config) ->
new_options_in_accept() ->
[{doc,"Test that you can set ssl options in ssl_accept/3 and not only in tcp upgrade"}].
new_options_in_accept(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts0 = ?config(server_dsa_opts, Config),
- [_ , _ | ServerSslOpts] = ?config(server_opts, Config), %% Remove non ssl opts
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts0 = ssl_test_lib:ssl_options(server_dsa_opts, Config),
+ [_ , _ | ServerSslOpts] = ssl_test_lib:ssl_options(server_opts, Config), %% Remove non ssl opts
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+ Version = ssl_test_lib:protocol_options(Config, [{tls, sslv3}, {dtls, dtlsv1}]),
+ Cipher = ssl_test_lib:protocol_options(Config, [{tls, {rsa,rc4_128,sha}}, {dtls, {rsa,aes_128_cbc,sha}}]),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
- {ssl_extra_opts, [{versions, [sslv3]},
- {ciphers,[{rsa,rc4_128,sha}]} | ServerSslOpts]}, %% To be set in ssl_accept/3
+ {ssl_extra_opts, [{versions, [Version]},
+ {ciphers,[Cipher]} | ServerSslOpts]}, %% To be set in ssl_accept/3
{mfa, {?MODULE, connection_info_result, []}},
{options, proplists:delete(cacertfile, ServerOpts0)}]),
@@ -443,14 +478,13 @@ new_options_in_accept(Config) when is_list(Config) ->
{host, Hostname},
{from, self()},
{mfa, {?MODULE, connection_info_result, []}},
- {options, [{versions, [sslv3]},
- {ciphers,[{rsa,rc4_128,sha}
- ]} | ClientOpts]}]),
+ {options, [{versions, [Version]},
+ {ciphers,[Cipher]} | ClientOpts]}]),
ct:log("Testcase ~p, Client ~p Server ~p ~n",
[self(), Client, Server]),
- ServerMsg = ClientMsg = {ok, {sslv3, {rsa, rc4_128, sha}}},
+ ServerMsg = ClientMsg = {ok, {Version, Cipher}},
ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
@@ -460,16 +494,16 @@ new_options_in_accept(Config) when is_list(Config) ->
prf() ->
[{doc,"Test that ssl:prf/5 uses the negotiated PRF."}].
prf(Config) when is_list(Config) ->
- TestPlan = ?config(prf_test_plan, Config),
+ TestPlan = proplists:get_value(prf_test_plan, Config),
case TestPlan of
[] -> ct:fail({error, empty_prf_test_plan});
_ -> lists:foreach(fun(Suite) ->
lists:foreach(
fun(Test) ->
- V = ?config(tls_ver, Test),
- C = ?config(ciphers, Test),
- E = ?config(expected, Test),
- P = ?config(prf, Test),
+ V = proplists:get_value(tls_ver, Test),
+ C = proplists:get_value(ciphers, Test),
+ E = proplists:get_value(expected, Test),
+ P = proplists:get_value(prf, Test),
prf_run_test(Config, V, C, E, P)
end, Suite)
end, TestPlan)
@@ -480,9 +514,10 @@ prf(Config) when is_list(Config) ->
connection_info() ->
[{doc,"Test the API function ssl:connection_information/1"}].
connection_info(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
{mfa, {?MODULE, connection_info_result, []}},
@@ -500,8 +535,7 @@ connection_info(Config) when is_list(Config) ->
ct:log("Testcase ~p, Client ~p Server ~p ~n",
[self(), Client, Server]),
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
ServerMsg = ClientMsg = {ok, {Version, {rsa, aes_128_cbc, sha}}},
@@ -515,8 +549,8 @@ connection_info(Config) when is_list(Config) ->
connection_information() ->
[{doc,"Test the API function ssl:connection_information/1"}].
connection_information(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -561,8 +595,8 @@ controlling_process() ->
[{doc,"Test API function controlling_process/2"}].
controlling_process(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
ClientMsg = "Server hello",
ServerMsg = "Client hello",
@@ -611,8 +645,8 @@ controlling_process(Config) when is_list(Config) ->
controller_dies() ->
[{doc,"Test that the socket is closed after controlling process dies"}].
controller_dies(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
ClientMsg = "Hello server",
ServerMsg = "Hello client",
@@ -700,11 +734,11 @@ controller_dies(Config) when is_list(Config) ->
ssl_test_lib:close(LastClient).
%%--------------------------------------------------------------------
-client_closes_socket() ->
+tls_client_closes_socket() ->
[{doc,"Test what happens when client closes socket before handshake is compleated"}].
-client_closes_socket(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
+tls_client_closes_socket(Config) when is_list(Config) ->
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
TcpOpts = [binary, {reuseaddr, true}],
@@ -731,9 +765,9 @@ connect_dist() ->
[{doc,"Test a simple connect as is used by distribution"}].
connect_dist(Config) when is_list(Config) ->
- ClientOpts0 = ?config(client_kc_opts, Config),
+ ClientOpts0 = ssl_test_lib:ssl_options(client_kc_opts, Config),
ClientOpts = [{ssl_imp, new},{active, false}, {packet,4}|ClientOpts0],
- ServerOpts0 = ?config(server_kc_opts, Config),
+ ServerOpts0 = ssl_test_lib:ssl_options(server_kc_opts, Config),
ServerOpts = [{ssl_imp, new},{active, false}, {packet,4}|ServerOpts0],
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -793,8 +827,8 @@ fallback() ->
[{doc, "Test TLS_FALLBACK_SCSV downgrade prevention"}].
fallback(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
@@ -828,8 +862,8 @@ peername() ->
[{doc,"Test API function peername/1"}].
peername(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -860,8 +894,8 @@ peername(Config) when is_list(Config) ->
peercert() ->
[{doc,"Test API function peercert/1"}].
peercert(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
@@ -896,8 +930,8 @@ peercert_result(Socket) ->
peercert_with_client_cert() ->
[{doc,"Test API function peercert/1"}].
peercert_with_client_cert(Config) when is_list(Config) ->
- ClientOpts = ?config(client_dsa_opts, Config),
- ServerOpts = ?config(server_dsa_verify_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_dsa_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_dsa_verify_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
@@ -931,8 +965,8 @@ peercert_with_client_cert(Config) when is_list(Config) ->
sockname() ->
[{doc,"Test API function sockname/1"}].
sockname(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -946,7 +980,16 @@ sockname(Config) when is_list(Config) ->
{options, [{port, 0} | ClientOpts]}]),
ClientPort = ssl_test_lib:inet_port(Client),
- ServerIp = ssl_test_lib:node_to_hostip(ServerNode),
+ ServerIp =
+ case proplists:get_value(protocol, Config) of
+ dtls ->
+ %% DTLS sockets are not connected on the server side,
+ %% so we can only get a ClientIP, ServerIP will always be 0.0.0.0
+ {0,0,0,0};
+ _ ->
+ ssl_test_lib:node_to_hostip(ServerNode)
+ end,
+
ClientIp = ssl_test_lib:node_to_hostip(ClientNode),
ServerMsg = {ok, {ServerIp, Port}},
ClientMsg = {ok, {ClientIp, ClientPort}},
@@ -979,8 +1022,8 @@ cipher_suites_mix() ->
cipher_suites_mix(Config) when is_list(Config) ->
CipherSuites = [{ecdh_rsa,aes_128_cbc,sha256,sha256}, {rsa,aes_128_cbc,sha}],
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -1003,8 +1046,8 @@ socket_options() ->
[{doc,"Test API function getopts/2 and setopts/2"}].
socket_options(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Values = [{mode, list}, {packet, 0}, {header, 0},
{active, true}],
@@ -1058,8 +1101,8 @@ invalid_inet_get_option() ->
[{doc,"Test handling of invalid inet options in getopts"}].
invalid_inet_get_option(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -1084,8 +1127,8 @@ invalid_inet_get_option_not_list() ->
[{doc,"Test handling of invalid type in getopts"}].
invalid_inet_get_option_not_list(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -1116,8 +1159,8 @@ invalid_inet_get_option_improper_list() ->
[{doc,"Test handling of invalid type in getopts"}].
invalid_inet_get_option_improper_list(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -1147,8 +1190,8 @@ invalid_inet_set_option() ->
[{doc,"Test handling of invalid inet options in setopts"}].
invalid_inet_set_option(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -1179,8 +1222,8 @@ invalid_inet_set_option_not_list() ->
[{doc,"Test handling of invalid type in setopts"}].
invalid_inet_set_option_not_list(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -1211,8 +1254,8 @@ invalid_inet_set_option_improper_list() ->
[{doc,"Test handling of invalid tye in setopts"}].
invalid_inet_set_option_improper_list(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -1238,12 +1281,12 @@ set_invalid_inet_option_improper_list(Socket) ->
ok.
%%--------------------------------------------------------------------
-misc_ssl_options() ->
+tls_misc_ssl_options() ->
[{doc,"Test what happens when we give valid options"}].
-misc_ssl_options(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+tls_misc_ssl_options(Config) when is_list(Config) ->
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
%% Check that ssl options not tested elsewhere are filtered away e.i. not passed to inet.
@@ -1313,8 +1356,8 @@ versions(Config) when is_list(Config) ->
send_recv() ->
[{doc,""}].
send_recv(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -1338,11 +1381,11 @@ send_recv(Config) when is_list(Config) ->
ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
-send_close() ->
+tls_send_close() ->
[{doc,""}].
-send_close(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+tls_send_close(Config) when is_list(Config) ->
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -1365,7 +1408,7 @@ send_close(Config) when is_list(Config) ->
%%--------------------------------------------------------------------
version_option() ->
[{doc, "Use version option and do no specify ciphers list. Bug specified incorrect ciphers"}].
-version_option(Config) when is_list(Config) ->
+version_option(Config) when is_list(Config) ->
Versions = proplists:get_value(supported, ssl:versions()),
[version_option_test(Config, Version) || Version <- Versions].
@@ -1374,7 +1417,7 @@ close_transport_accept() ->
[{doc,"Tests closing ssl socket when waiting on ssl:transport_accept/1"}].
close_transport_accept(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
Port = 0,
@@ -1395,8 +1438,8 @@ recv_active() ->
[{doc,"Test recv on active socket"}].
recv_active(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -1421,8 +1464,8 @@ recv_active_once() ->
[{doc,"Test recv on active socket"}].
recv_active_once(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -1447,9 +1490,9 @@ dh_params() ->
[{doc,"Test to specify DH-params file in server."}].
dh_params(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
- DataDir = ?config(data_dir, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ DataDir = proplists:get_value(data_dir, Config),
DHParamFile = filename:join(DataDir, "dHParam.pem"),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -1473,12 +1516,12 @@ dh_params(Config) when is_list(Config) ->
ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
-upgrade() ->
+tls_upgrade() ->
[{doc,"Test that you can upgrade an tcp connection to an ssl connection"}].
-upgrade(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+tls_upgrade(Config) when is_list(Config) ->
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
TcpOpts = [binary, {reuseaddr, true}],
@@ -1522,12 +1565,12 @@ upgrade_result(Socket) ->
end.
%%--------------------------------------------------------------------
-upgrade_with_timeout() ->
+tls_upgrade_with_timeout() ->
[{doc,"Test ssl_accept/3"}].
-upgrade_with_timeout(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+tls_upgrade_with_timeout(Config) when is_list(Config) ->
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
TcpOpts = [binary, {reuseaddr, true}],
@@ -1557,23 +1600,23 @@ upgrade_with_timeout(Config) when is_list(Config) ->
ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
-downgrade() ->
+tls_downgrade() ->
[{doc,"Test that you can downgarde an ssl connection to an tcp connection"}].
-downgrade(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+tls_downgrade(Config) when is_list(Config) ->
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
- {mfa, {?MODULE, tls_downgrade, []}},
+ {mfa, {?MODULE, tls_downgrade_result, []}},
{options, [{active, false} | ServerOpts]}]),
Port = ssl_test_lib:inet_port(Server),
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
- {mfa, {?MODULE, tls_downgrade, []}},
+ {mfa, {?MODULE, tls_downgrade_result, []}},
{options, [{active, false} |ClientOpts]}]),
ssl_test_lib:check_result(Server, ok, Client, ok),
@@ -1584,8 +1627,8 @@ downgrade(Config) when is_list(Config) ->
close_with_timeout() ->
[{doc,"Test normal (not downgrade) ssl:close/2"}].
close_with_timeout(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -1604,11 +1647,11 @@ close_with_timeout(Config) when is_list(Config) ->
%%--------------------------------------------------------------------
-tcp_connect() ->
+tls_tcp_connect() ->
[{doc,"Test what happens when a tcp tries to connect, i,e. a bad (ssl) packet is sent first"}].
-tcp_connect(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
+tls_tcp_connect(Config) when is_list(Config) ->
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
TcpOpts = [binary, {reuseaddr, true}, {active, false}],
@@ -1632,12 +1675,12 @@ tcp_connect(Config) when is_list(Config) ->
end
end.
%%--------------------------------------------------------------------
-tcp_connect_big() ->
+tls_tcp_connect_big() ->
[{doc,"Test what happens when a tcp tries to connect, i,e. a bad big (ssl) packet is sent first"}].
-tcp_connect_big(Config) when is_list(Config) ->
+tls_tcp_connect_big(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
TcpOpts = [binary, {reuseaddr, true}],
@@ -1677,8 +1720,8 @@ ipv6(Config) when is_list(Config) ->
case lists:member(list_to_atom(Hostname0), ct:get_config(ipv6_hosts)) of
true ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} =
ssl_test_lib:run_where(Config, ipv6),
Server = ssl_test_lib:start_server([{node, ServerNode},
@@ -1710,8 +1753,8 @@ ipv6(Config) when is_list(Config) ->
invalid_keyfile() ->
[{doc,"Test what happens with an invalid key file"}].
invalid_keyfile(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- BadOpts = ?config(server_bad_key, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ BadOpts = ssl_test_lib:ssl_options(server_bad_key, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
@@ -1736,8 +1779,8 @@ invalid_certfile() ->
[{doc,"Test what happens with an invalid cert file"}].
invalid_certfile(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerBadOpts = ?config(server_bad_cert, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerBadOpts = ssl_test_lib:ssl_options(server_bad_cert, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
@@ -1762,8 +1805,8 @@ invalid_cacertfile() ->
[{doc,"Test what happens with an invalid cacert file"}].
invalid_cacertfile(Config) when is_list(Config) ->
- ClientOpts = [{reuseaddr, true}|?config(client_opts, Config)],
- ServerBadOpts = [{reuseaddr, true}|?config(server_bad_ca, Config)],
+ ClientOpts = [{reuseaddr, true}|ssl_test_lib:ssl_options(client_opts, Config)],
+ ServerBadOpts = [{reuseaddr, true}|ssl_test_lib:ssl_options(server_bad_ca, Config)],
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server0 =
@@ -1813,8 +1856,8 @@ invalid_options() ->
[{doc,"Test what happens when we give invalid options"}].
invalid_options(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Check = fun(Client, Server, {versions, [sslv2, sslv3]} = Option) ->
@@ -1867,15 +1910,15 @@ invalid_options(Config) when is_list(Config) ->
ok.
%%--------------------------------------------------------------------
-shutdown() ->
+tls_shutdown() ->
[{doc,"Test API function ssl:shutdown/2"}].
-shutdown(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+tls_shutdown(Config) when is_list(Config) ->
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
- {mfa, {?MODULE, shutdown_result, [server]}},
+ {mfa, {?MODULE, tls_shutdown_result, [server]}},
{options, [{exit_on_close, false},
{active, false} | ServerOpts]}]),
Port = ssl_test_lib:inet_port(Server),
@@ -1883,7 +1926,7 @@ shutdown(Config) when is_list(Config) ->
{host, Hostname},
{from, self()},
{mfa,
- {?MODULE, shutdown_result, [client]}},
+ {?MODULE, tls_shutdown_result, [client]}},
{options,
[{exit_on_close, false},
{active, false} | ClientOpts]}]),
@@ -1894,50 +1937,50 @@ shutdown(Config) when is_list(Config) ->
ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
-shutdown_write() ->
+tls_shutdown_write() ->
[{doc,"Test API function ssl:shutdown/2 with option write."}].
-shutdown_write(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+tls_shutdown_write(Config) when is_list(Config) ->
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
- {mfa, {?MODULE, shutdown_write_result, [server]}},
+ {mfa, {?MODULE, tls_shutdown_write_result, [server]}},
{options, [{active, false} | ServerOpts]}]),
Port = ssl_test_lib:inet_port(Server),
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
- {mfa, {?MODULE, shutdown_write_result, [client]}},
+ {mfa, {?MODULE, tls_shutdown_write_result, [client]}},
{options, [{active, false} | ClientOpts]}]),
ssl_test_lib:check_result(Server, ok, Client, {error, closed}).
%%--------------------------------------------------------------------
-shutdown_both() ->
+tls_shutdown_both() ->
[{doc,"Test API function ssl:shutdown/2 with option both."}].
-shutdown_both(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+tls_shutdown_both(Config) when is_list(Config) ->
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
- {mfa, {?MODULE, shutdown_both_result, [server]}},
+ {mfa, {?MODULE, tls_shutdown_both_result, [server]}},
{options, [{active, false} | ServerOpts]}]),
Port = ssl_test_lib:inet_port(Server),
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
{from, self()},
- {mfa, {?MODULE, shutdown_both_result, [client]}},
+ {mfa, {?MODULE, tls_shutdown_both_result, [client]}},
{options, [{active, false} | ClientOpts]}]),
ssl_test_lib:check_result(Server, ok, Client, {error, closed}).
%%--------------------------------------------------------------------
-shutdown_error() ->
+tls_shutdown_error() ->
[{doc,"Test ssl:shutdown/2 error handling"}].
-shutdown_error(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
+tls_shutdown_error(Config) when is_list(Config) ->
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
Port = ssl_test_lib:inet_port(node()),
{ok, Listen} = ssl:listen(Port, ServerOpts),
{error, enotconn} = ssl:shutdown(Listen, read_write),
@@ -1949,9 +1992,7 @@ ciphers_rsa_signed_certs() ->
[{doc,"Test all rsa ssl cipher suites in highest support ssl/tls version"}].
ciphers_rsa_signed_certs(Config) when is_list(Config) ->
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
-
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:rsa_suites(crypto),
ct:log("~p erlang cipher suites ~p~n", [Version, Ciphers]),
run_suites(Ciphers, Version, Config, rsa).
@@ -1960,8 +2001,7 @@ ciphers_rsa_signed_certs_openssl_names() ->
[{doc,"Test all rsa ssl cipher suites in highest support ssl/tls version"}].
ciphers_rsa_signed_certs_openssl_names(Config) when is_list(Config) ->
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:openssl_rsa_suites(crypto),
ct:log("tls1 openssl cipher suites ~p~n", [Ciphers]),
run_suites(Ciphers, Version, Config, rsa).
@@ -1971,9 +2011,7 @@ ciphers_dsa_signed_certs() ->
[{doc,"Test all dsa ssl cipher suites in highest support ssl/tls version"}].
ciphers_dsa_signed_certs(Config) when is_list(Config) ->
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
-
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:dsa_suites(),
ct:log("~p erlang cipher suites ~p~n", [Version, Ciphers]),
run_suites(Ciphers, Version, Config, dsa).
@@ -1982,9 +2020,7 @@ ciphers_dsa_signed_certs_openssl_names() ->
[{doc,"Test all dsa ssl cipher suites in highest support ssl/tls version"}].
ciphers_dsa_signed_certs_openssl_names(Config) when is_list(Config) ->
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
-
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:openssl_dsa_suites(),
ct:log("tls1 openssl cipher suites ~p~n", [Ciphers]),
run_suites(Ciphers, Version, Config, dsa).
@@ -1992,56 +2028,56 @@ ciphers_dsa_signed_certs_openssl_names(Config) when is_list(Config) ->
anonymous_cipher_suites()->
[{doc,"Test the anonymous ciphersuites"}].
anonymous_cipher_suites(Config) when is_list(Config) ->
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:anonymous_suites(),
run_suites(Ciphers, Version, Config, anonymous).
%%-------------------------------------------------------------------
psk_cipher_suites() ->
[{doc, "Test the PSK ciphersuites WITHOUT server supplied identity hint"}].
psk_cipher_suites(Config) when is_list(Config) ->
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:psk_suites(),
run_suites(Ciphers, Version, Config, psk).
%%-------------------------------------------------------------------
psk_with_hint_cipher_suites()->
[{doc, "Test the PSK ciphersuites WITH server supplied identity hint"}].
psk_with_hint_cipher_suites(Config) when is_list(Config) ->
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:psk_suites(),
run_suites(Ciphers, Version, Config, psk_with_hint).
%%-------------------------------------------------------------------
psk_anon_cipher_suites() ->
[{doc, "Test the anonymous PSK ciphersuites WITHOUT server supplied identity hint"}].
psk_anon_cipher_suites(Config) when is_list(Config) ->
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:psk_anon_suites(),
run_suites(Ciphers, Version, Config, psk_anon).
%%-------------------------------------------------------------------
psk_anon_with_hint_cipher_suites()->
[{doc, "Test the anonymous PSK ciphersuites WITH server supplied identity hint"}].
psk_anon_with_hint_cipher_suites(Config) when is_list(Config) ->
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:psk_anon_suites(),
run_suites(Ciphers, Version, Config, psk_anon_with_hint).
%%-------------------------------------------------------------------
srp_cipher_suites()->
[{doc, "Test the SRP ciphersuites"}].
srp_cipher_suites(Config) when is_list(Config) ->
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:srp_suites(),
run_suites(Ciphers, Version, Config, srp).
%%-------------------------------------------------------------------
srp_anon_cipher_suites()->
[{doc, "Test the anonymous SRP ciphersuites"}].
srp_anon_cipher_suites(Config) when is_list(Config) ->
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:srp_anon_suites(),
run_suites(Ciphers, Version, Config, srp_anon).
%%-------------------------------------------------------------------
srp_dsa_cipher_suites()->
[{doc, "Test the SRP DSA ciphersuites"}].
srp_dsa_cipher_suites(Config) when is_list(Config) ->
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:srp_dss_suites(),
run_suites(Ciphers, Version, Config, srp_dsa).
%%-------------------------------------------------------------------
@@ -2092,8 +2128,8 @@ default_reject_anonymous()->
[{doc,"Test that by default anonymous cipher suites are rejected "}].
default_reject_anonymous(Config) when is_list(Config) ->
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
[Cipher | _] = ssl_test_lib:anonymous_suites(),
@@ -2116,9 +2152,7 @@ ciphers_ecdsa_signed_certs() ->
[{doc, "Test all ecdsa ssl cipher suites in highest support ssl/tls version"}].
ciphers_ecdsa_signed_certs(Config) when is_list(Config) ->
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
-
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:ecdsa_suites(),
ct:log("~p erlang cipher suites ~p~n", [Version, Ciphers]),
run_suites(Ciphers, Version, Config, ecdsa).
@@ -2127,8 +2161,7 @@ ciphers_ecdsa_signed_certs_openssl_names() ->
[{doc, "Test all ecdsa ssl cipher suites in highest support ssl/tls version"}].
ciphers_ecdsa_signed_certs_openssl_names(Config) when is_list(Config) ->
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:openssl_ecdsa_suites(),
ct:log("tls1 openssl cipher suites ~p~n", [Ciphers]),
run_suites(Ciphers, Version, Config, ecdsa).
@@ -2137,9 +2170,7 @@ ciphers_ecdh_rsa_signed_certs() ->
[{doc, "Test all ecdh_rsa ssl cipher suites in highest support ssl/tls version"}].
ciphers_ecdh_rsa_signed_certs(Config) when is_list(Config) ->
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
-
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:ecdh_rsa_suites(),
ct:log("~p erlang cipher suites ~p~n", [Version, Ciphers]),
run_suites(Ciphers, Version, Config, ecdh_rsa).
@@ -2148,8 +2179,7 @@ ciphers_ecdh_rsa_signed_certs_openssl_names() ->
[{doc, "Test all ecdh_rsa ssl cipher suites in highest support ssl/tls version"}].
ciphers_ecdh_rsa_signed_certs_openssl_names(Config) when is_list(Config) ->
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:openssl_ecdh_rsa_suites(),
ct:log("tls1 openssl cipher suites ~p~n", [Ciphers]),
run_suites(Ciphers, Version, Config, ecdh_rsa).
@@ -2157,8 +2187,8 @@ ciphers_ecdh_rsa_signed_certs_openssl_names(Config) when is_list(Config) ->
reuse_session() ->
[{doc,"Test reuse of sessions (short handshake)"}].
reuse_session(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
@@ -2265,8 +2295,8 @@ reuse_session(Config) when is_list(Config) ->
reuse_session_expired() ->
[{doc,"Test sessions is not reused when it has expired"}].
reuse_session_expired(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
@@ -2350,8 +2380,8 @@ make_sure_expired(Host, Port, Id) ->
server_does_not_want_to_reuse_session() ->
[{doc,"Test reuse of sessions (short handshake)"}].
server_does_not_want_to_reuse_session(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
@@ -2399,8 +2429,8 @@ server_does_not_want_to_reuse_session(Config) when is_list(Config) ->
client_renegotiate() ->
[{doc,"Test ssl:renegotiate/1 on client."}].
client_renegotiate(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2428,8 +2458,8 @@ client_renegotiate(Config) when is_list(Config) ->
client_secure_renegotiate() ->
[{doc,"Test ssl:renegotiate/1 on client."}].
client_secure_renegotiate(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2459,8 +2489,8 @@ client_secure_renegotiate(Config) when is_list(Config) ->
server_renegotiate() ->
[{doc,"Test ssl:renegotiate/1 on server."}].
server_renegotiate(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2487,8 +2517,8 @@ server_renegotiate(Config) when is_list(Config) ->
client_renegotiate_reused_session() ->
[{doc,"Test ssl:renegotiate/1 on client when the ssl session will be reused."}].
client_renegotiate_reused_session(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2515,8 +2545,8 @@ client_renegotiate_reused_session(Config) when is_list(Config) ->
server_renegotiate_reused_session() ->
[{doc,"Test ssl:renegotiate/1 on server when the ssl session will be reused."}].
server_renegotiate_reused_session(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2546,8 +2576,8 @@ client_no_wrap_sequence_number() ->
" to lower treashold substantially."}].
client_no_wrap_sequence_number(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2561,7 +2591,7 @@ client_no_wrap_sequence_number(Config) when is_list(Config) ->
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
- Version = tls_record:highest_protocol_version(tls_record:supported_protocol_versions()),
+ Version = ssl_test_lib:protocol_version(Config),
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
{host, Hostname},
@@ -2583,8 +2613,8 @@ server_no_wrap_sequence_number() ->
" to lower treashold substantially."}].
server_no_wrap_sequence_number(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2613,7 +2643,7 @@ der_input() ->
[{doc,"Test to input certs and key as der"}].
der_input(Config) when is_list(Config) ->
- DataDir = ?config(data_dir, Config),
+ DataDir = proplists:get_value(data_dir, Config),
DHParamFile = filename:join(DataDir, "dHParam.pem"),
{status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
@@ -2623,10 +2653,10 @@ der_input(Config) when is_list(Config) ->
Size = ets:info(CADb, size),
- SeverVerifyOpts = ?config(server_verification_opts, Config),
+ SeverVerifyOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
{ServerCert, ServerKey, ServerCaCerts, DHParams} = der_input_opts([{dhfile, DHParamFile} |
SeverVerifyOpts]),
- ClientVerifyOpts = ?config(client_verification_opts, Config),
+ ClientVerifyOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
{ClientCert, ClientKey, ClientCaCerts, DHParams} = der_input_opts([{dhfile, DHParamFile} |
ClientVerifyOpts]),
ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true},
@@ -2673,8 +2703,8 @@ der_input_opts(Opts) ->
%% ["Check that a CA can have a different signature algorithm than the peer cert."];
%% different_ca_peer_sign(Config) when is_list(Config) ->
-%% ClientOpts = ?config(client_mix_opts, Config),
-%% ServerOpts = ?config(server_mix_verify_opts, Config),
+%% ClientOpts = ssl_test_lib:ssl_options(client_mix_opts, Config),
+%% ServerOpts = ssl_test_lib:ssl_options(server_mix_verify_opts, Config),
%% {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
%% Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -2704,9 +2734,9 @@ no_reuses_session_server_restart_new_cert() ->
[{doc,"Check that a session is not reused if the server is restarted with a new cert."}].
no_reuses_session_server_restart_new_cert(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
- DsaServerOpts = ?config(server_dsa_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ DsaServerOpts = ssl_test_lib:ssl_options(server_dsa_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
@@ -2762,10 +2792,10 @@ no_reuses_session_server_restart_new_cert_file() ->
"cert contained in a file with the same name as the old cert."}].
no_reuses_session_server_restart_new_cert_file(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- DsaServerOpts = ?config(server_dsa_opts, Config),
- PrivDir = ?config(priv_dir, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ DsaServerOpts = ssl_test_lib:ssl_options(server_dsa_opts, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
NewServerOpts = new_config(PrivDir, ServerOpts),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2836,8 +2866,8 @@ reuseaddr() ->
[{doc,"Test reuseaddr option"}].
reuseaddr(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -2871,9 +2901,9 @@ reuseaddr(Config) when is_list(Config) ->
ssl_test_lib:close(Client1).
%%--------------------------------------------------------------------
-tcp_reuseaddr() ->
+tls_tcp_reuseaddr() ->
[{doc, "Reference test case."}].
-tcp_reuseaddr(Config) when is_list(Config) ->
+tls_tcp_reuseaddr(Config) when is_list(Config) ->
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -2927,8 +2957,8 @@ honor_client_cipher_order(Config) when is_list(Config) ->
honor_cipher_order(Config, false, ServerCiphers, ClientCiphers, {rsa, aes_128_cbc, sha}).
honor_cipher_order(Config, Honor, ServerCiphers, ClientCiphers, Expected) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -2945,8 +2975,7 @@ honor_cipher_order(Config, Honor, ServerCiphers, ClientCiphers, Expected) ->
{options, [{ciphers, ClientCiphers}, {honor_cipher_order, Honor}
| ClientOpts]}]),
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
ServerMsg = ClientMsg = {ok, {Version, Expected}},
@@ -2956,12 +2985,12 @@ honor_cipher_order(Config, Honor, ServerCiphers, ClientCiphers, Expected) ->
ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
-ciphersuite_vs_version() ->
+tls_ciphersuite_vs_version() ->
[{doc,"Test a SSLv3 client can not negotiate a TLSv* cipher suite."}].
-ciphersuite_vs_version(Config) when is_list(Config) ->
+tls_ciphersuite_vs_version(Config) when is_list(Config) ->
{_ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
{from, self()},
@@ -2993,8 +3022,8 @@ ciphersuite_vs_version(Config) when is_list(Config) ->
conf_signature_algs() ->
[{doc,"Test to set the signature_algs option on both client and server"}].
conf_signature_algs(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -3023,8 +3052,8 @@ no_common_signature_algs() ->
[{doc,"Set the signature_algs option so that there client and server does not share any hash sign algorithms"}].
no_common_signature_algs(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3045,12 +3074,12 @@ no_common_signature_algs(Config) when is_list(Config) ->
%%--------------------------------------------------------------------
-dont_crash_on_handshake_garbage() ->
+tls_dont_crash_on_handshake_garbage() ->
[{doc, "Ensure SSL server worker thows an alert on garbage during handshake "
"instead of crashing and exposing state to user code"}].
-dont_crash_on_handshake_garbage(Config) ->
- ServerOpts = ?config(server_opts, Config),
+tls_dont_crash_on_handshake_garbage(Config) ->
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{_ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3094,8 +3123,8 @@ hibernate() ->
"inactivity"}].
hibernate(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3130,8 +3159,8 @@ hibernate_right_away() ->
"crashes"}].
hibernate_right_away(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3178,7 +3207,7 @@ listen_socket() ->
[{doc,"Check error handling and inet compliance when calling API functions with listen sockets."}].
listen_socket(Config) ->
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ok, ListenSocket} = ssl:listen(0, ServerOpts),
%% This can be a valid thing to do as
@@ -3199,12 +3228,12 @@ listen_socket(Config) ->
ok = ssl:close(ListenSocket).
%%--------------------------------------------------------------------
-ssl_accept_timeout() ->
+tls_ssl_accept_timeout() ->
[{doc,"Test ssl:ssl_accept timeout"}].
-ssl_accept_timeout(Config) ->
+tls_ssl_accept_timeout(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -3232,8 +3261,8 @@ ssl_recv_timeout() ->
[{doc,"Test ssl:ssl_accept timeout"}].
ssl_recv_timeout(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3259,8 +3288,8 @@ ssl_recv_timeout(Config) ->
connect_twice() ->
[{doc,""}].
connect_twice(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3304,8 +3333,8 @@ renegotiate_dos_mitigate_active() ->
[{doc, "Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
"immediately after each other"}].
renegotiate_dos_mitigate_active(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3313,7 +3342,7 @@ renegotiate_dos_mitigate_active(Config) when is_list(Config) ->
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
{mfa, {ssl_test_lib, send_recv_result_active, []}},
- {options, [ServerOpts]}]),
+ {options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
@@ -3332,8 +3361,8 @@ renegotiate_dos_mitigate_passive() ->
[{doc, "Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
"immediately after each other"}].
renegotiate_dos_mitigate_passive(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3359,8 +3388,8 @@ renegotiate_dos_mitigate_passive(Config) when is_list(Config) ->
renegotiate_dos_mitigate_absolute() ->
[{doc, "Mitigate DOS computational attack by not allowing client to initiate renegotiation"}].
renegotiate_dos_mitigate_absolute(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3384,11 +3413,11 @@ renegotiate_dos_mitigate_absolute(Config) when is_list(Config) ->
ssl_test_lib:close(Client).
%%--------------------------------------------------------------------
-tcp_error_propagation_in_active_mode() ->
- [{doc,"Test that process recives {ssl_error, Socket, closed} when tcp error occurs"}].
-tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+tls_tcp_error_propagation_in_active_mode() ->
+ [{doc,"Test that process recives {ssl_error, Socket, closed} when tcp error ocurres"}].
+tls_tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3418,8 +3447,8 @@ tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
recv_error_handling() ->
[{doc,"Special case of call error handling"}].
recv_error_handling(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -3444,7 +3473,7 @@ rizzo() ->
rizzo(Config) when is_list(Config) ->
Ciphers = [X || X ={_,Y,_} <- ssl:cipher_suites(), Y =/= rc4_128],
- Prop = ?config(tc_group_properties, Config),
+ Prop = proplists:get_value(tc_group_properties, Config),
Version = proplists:get_value(name, Prop),
run_send_recv_rizzo(Ciphers, Config, Version,
{?MODULE, send_recv_result_active_rizzo, []}).
@@ -3454,7 +3483,7 @@ no_rizzo_rc4() ->
no_rizzo_rc4(Config) when is_list(Config) ->
Ciphers = [X || X ={_,Y,_} <- ssl:cipher_suites(),Y == rc4_128],
- Prop = ?config(tc_group_properties, Config),
+ Prop = proplists:get_value(tc_group_properties, Config),
Version = proplists:get_value(name, Prop),
run_send_recv_rizzo(Ciphers, Config, Version,
{?MODULE, send_recv_result_active_no_rizzo, []}).
@@ -3464,10 +3493,10 @@ new_server_wants_peer_cert() ->
[{doc, "Test that server configured to do client certification does"
" not reuse session without a client certificate."}].
new_server_wants_peer_cert(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
VServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
- | ?config(server_verification_opts, Config)],
- ClientOpts = ?config(client_verification_opts, Config),
+ | ssl_test_lib:ssl_options(server_verification_opts, Config)],
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3528,11 +3557,11 @@ session_cache_process_mnesia(Config) when is_list(Config) ->
%%--------------------------------------------------------------------
-versions_option() ->
+tls_versions_option() ->
[{doc,"Test API versions option to connect/listen."}].
-versions_option(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+tls_versions_option(Config) when is_list(Config) ->
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
Supported = proplists:get_value(supported, ssl:versions()),
Available = proplists:get_value(available, ssl:versions()),
@@ -3570,8 +3599,8 @@ unordered_protocol_versions_server() ->
" when it is not first in the versions list."}].
unordered_protocol_versions_server(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -3595,8 +3624,8 @@ unordered_protocol_versions_client() ->
" when it is not first in the versions list."}].
unordered_protocol_versions_client(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -3620,8 +3649,8 @@ unordered_protocol_versions_client(Config) when is_list(Config) ->
server_name_indication_option() ->
[{doc,"Test API server_name_indication option to connect."}].
server_name_indication_option(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -3658,8 +3687,8 @@ server_name_indication_option(Config) when is_list(Config) ->
accept_pool() ->
[{doc,"Test having an accept pool."}].
accept_pool(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server0 = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -3690,7 +3719,7 @@ accept_pool(Config) when is_list(Config) ->
{mfa, {ssl_test_lib, send_recv_result_active, []}},
{options, ClientOpts}
]),
-
+
ssl_test_lib:check_ok([Server0, Server1, Server2, Client0, Client1, Client2]),
ssl_test_lib:close(Server0),
@@ -3714,8 +3743,8 @@ tcp_send_recv_result(Socket) ->
ok.
basic_verify_test_no_close(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3734,8 +3763,8 @@ basic_verify_test_no_close(Config) ->
{Server, Client}.
basic_test(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -3796,8 +3825,8 @@ prf_run_test(_, TlsVer, [], _, Prf) ->
prf_run_test(Config, TlsVer, Ciphers, Expected, Prf) ->
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
BaseOpts = [{active, true}, {versions, [TlsVer]}, {ciphers, Ciphers}],
- ServerOpts = BaseOpts ++ ?config(server_opts, Config),
- ClientOpts = BaseOpts ++ ?config(client_opts, Config),
+ ServerOpts = BaseOpts ++ proplists:get_value(server_opts, Config),
+ ClientOpts = BaseOpts ++ proplists:get_value(client_opts, Config),
Server = ssl_test_lib:start_server(
[{node, ServerNode}, {port, 0}, {from, self()},
{mfa, {?MODULE, prf_verify_value, [TlsVer, Expected, Prf]}},
@@ -4199,78 +4228,78 @@ client_server_opts({KeyAlgo,_,_}, Config)
when KeyAlgo == rsa orelse
KeyAlgo == dhe_rsa orelse
KeyAlgo == ecdhe_rsa ->
- {?config(client_opts, Config),
- ?config(server_opts, Config)};
+ {ssl_test_lib:ssl_options(client_opts, Config),
+ ssl_test_lib:ssl_options(server_opts, Config)};
client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == dss orelse KeyAlgo == dhe_dss ->
- {?config(client_dsa_opts, Config),
- ?config(server_dsa_opts, Config)};
+ {ssl_test_lib:ssl_options(client_dsa_opts, Config),
+ ssl_test_lib:ssl_options(server_dsa_opts, Config)};
client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == ecdh_ecdsa orelse KeyAlgo == ecdhe_ecdsa ->
- {?config(client_opts, Config),
- ?config(server_ecdsa_opts, Config)};
+ {ssl_test_lib:ssl_options(client_opts, Config),
+ ssl_test_lib:ssl_options(server_ecdsa_opts, Config)};
client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == ecdh_rsa ->
- {?config(client_opts, Config),
- ?config(server_ecdh_rsa_opts, Config)}.
+ {ssl_test_lib:ssl_options(client_opts, Config),
+ ssl_test_lib:ssl_options(server_ecdh_rsa_opts, Config)}.
run_suites(Ciphers, Version, Config, Type) ->
{ClientOpts, ServerOpts} =
case Type of
rsa ->
- {?config(client_opts, Config),
- ?config(server_opts, Config)};
+ {ssl_test_lib:ssl_options(client_opts, Config),
+ ssl_test_lib:ssl_options(server_opts, Config)};
dsa ->
- {?config(client_opts, Config),
- ?config(server_dsa_opts, Config)};
+ {ssl_test_lib:ssl_options(client_opts, Config),
+ ssl_test_lib:ssl_options(server_dsa_opts, Config)};
anonymous ->
%% No certs in opts!
- {?config(client_opts, Config),
- ?config(server_anon, Config)};
+ {ssl_test_lib:ssl_options(client_opts, Config),
+ ssl_test_lib:ssl_options(server_anon, Config)};
psk ->
- {?config(client_psk, Config),
- ?config(server_psk, Config)};
+ {ssl_test_lib:ssl_options(client_psk, Config),
+ ssl_test_lib:ssl_options(server_psk, Config)};
psk_with_hint ->
- {?config(client_psk, Config),
- ?config(server_psk_hint, Config)};
+ {ssl_test_lib:ssl_options(client_psk, Config),
+ ssl_test_lib:ssl_options(server_psk_hint, Config)};
psk_anon ->
- {?config(client_psk, Config),
- ?config(server_psk_anon, Config)};
+ {ssl_test_lib:ssl_options(client_psk, Config),
+ ssl_test_lib:ssl_options(server_psk_anon, Config)};
psk_anon_with_hint ->
- {?config(client_psk, Config),
- ?config(server_psk_anon_hint, Config)};
+ {ssl_test_lib:ssl_options(client_psk, Config),
+ ssl_test_lib:ssl_options(server_psk_anon_hint, Config)};
srp ->
- {?config(client_srp, Config),
- ?config(server_srp, Config)};
+ {ssl_test_lib:ssl_options(client_srp, Config),
+ ssl_test_lib:ssl_options(server_srp, Config)};
srp_anon ->
- {?config(client_srp, Config),
- ?config(server_srp_anon, Config)};
+ {ssl_test_lib:ssl_options(client_srp, Config),
+ ssl_test_lib:ssl_options(server_srp_anon, Config)};
srp_dsa ->
- {?config(client_srp_dsa, Config),
- ?config(server_srp_dsa, Config)};
+ {ssl_test_lib:ssl_options(client_srp_dsa, Config),
+ ssl_test_lib:ssl_options(server_srp_dsa, Config)};
ecdsa ->
- {?config(client_opts, Config),
- ?config(server_ecdsa_opts, Config)};
+ {ssl_test_lib:ssl_options(client_opts, Config),
+ ssl_test_lib:ssl_options(server_ecdsa_opts, Config)};
ecdh_rsa ->
- {?config(client_opts, Config),
- ?config(server_ecdh_rsa_opts, Config)};
+ {ssl_test_lib:ssl_options(client_opts, Config),
+ ssl_test_lib:ssl_options(server_ecdh_rsa_opts, Config)};
rc4_rsa ->
- {?config(client_opts, Config),
+ {ssl_test_lib:ssl_options(client_opts, Config),
[{ciphers, Ciphers} |
- ?config(server_opts, Config)]};
+ ssl_test_lib:ssl_options(server_opts, Config)]};
rc4_ecdh_rsa ->
- {?config(client_opts, Config),
+ {ssl_test_lib:ssl_options(client_opts, Config),
[{ciphers, Ciphers} |
- ?config(server_ecdh_rsa_opts, Config)]};
+ ssl_test_lib:ssl_options(server_ecdh_rsa_opts, Config)]};
rc4_ecdsa ->
- {?config(client_opts, Config),
+ {ssl_test_lib:ssl_options(client_opts, Config),
[{ciphers, Ciphers} |
- ?config(server_ecdsa_opts, Config)]};
+ ssl_test_lib:ssl_options(server_ecdsa_opts, Config)]};
des_dhe_rsa ->
- {?config(client_opts, Config),
+ {ssl_test_lib:ssl_options(client_opts, Config),
[{ciphers, Ciphers} |
- ?config(server_rsa_opts, Config)]};
+ ssl_test_lib:ssl_options(server_opts, Config)]};
des_rsa ->
- {?config(client_opts, Config),
+ {ssl_test_lib:ssl_options(client_opts, Config),
[{ciphers, Ciphers} |
- ?config(server_opts, Config)]}
+ ssl_test_lib:ssl_options(server_opts, Config)]}
end,
Result = lists:map(fun(Cipher) ->
@@ -4293,6 +4322,7 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
%% process_flag(trap_exit, true),
ct:log("Testing CipherSuite ~p~n", [CipherSuite]),
ct:log("Server Opts ~p~n", [ServerOpts]),
+ ct:log("Client Opts ~p~n", [ClientOpts]),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
ErlangCipherSuite = erlang_cipher_suite(CipherSuite),
@@ -4351,7 +4381,7 @@ connect_dist_c(S) ->
{ok, Test} = ssl:recv(S, 0, 10000),
ok.
-tls_downgrade(Socket) ->
+tls_downgrade_result(Socket) ->
ok = ssl_test_lib:send_recv_result(Socket),
case ssl:close(Socket, {self(), 10000}) of
{ok, TCPSocket} ->
@@ -4390,22 +4420,22 @@ get_invalid_inet_option(Socket) ->
{error, {options, {socket_options, foo, _}}} = ssl:getopts(Socket, [foo]),
ok.
-shutdown_result(Socket, server) ->
+tls_shutdown_result(Socket, server) ->
ssl:send(Socket, "Hej"),
ssl:shutdown(Socket, write),
{ok, "Hej hopp"} = ssl:recv(Socket, 8),
ok;
-shutdown_result(Socket, client) ->
+tls_shutdown_result(Socket, client) ->
{ok, "Hej"} = ssl:recv(Socket, 3),
ssl:send(Socket, "Hej hopp"),
ssl:shutdown(Socket, write),
ok.
-shutdown_write_result(Socket, server) ->
+tls_shutdown_write_result(Socket, server) ->
ct:sleep(?SLEEP),
ssl:shutdown(Socket, write);
-shutdown_write_result(Socket, client) ->
+tls_shutdown_write_result(Socket, client) ->
ssl:recv(Socket, 0).
dummy(_Socket) ->
@@ -4413,18 +4443,18 @@ dummy(_Socket) ->
%% due to fatal handshake failiure
exit(kill).
-shutdown_both_result(Socket, server) ->
+tls_shutdown_both_result(Socket, server) ->
ct:sleep(?SLEEP),
ssl:shutdown(Socket, read_write);
-shutdown_both_result(Socket, client) ->
+tls_shutdown_both_result(Socket, client) ->
ssl:recv(Socket, 0).
peername_result(S) ->
ssl:peername(S).
version_option_test(Config, Version) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
diff --git a/lib/ssl/test/ssl_certificate_verify_SUITE.erl b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
index 49c0b9c5a1..20165c70f0 100644
--- a/lib/ssl/test/ssl_certificate_verify_SUITE.erl
+++ b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
@@ -86,8 +86,8 @@ init_per_suite(Config0) ->
ok ->
ssl:start(),
%% make rsa certs using oppenssl
- {ok, _} = make_certs:all(?config(data_dir, Config0),
- ?config(priv_dir, Config0)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config0),
+ proplists:get_value(priv_dir, Config0)),
Config = ssl_test_lib:make_dsa_cert(Config0),
ssl_test_lib:cert_options(Config)
catch _:_ ->
@@ -122,7 +122,7 @@ init_per_testcase(TestCase, Config) when TestCase == cert_expired;
ssl:clear_pem_cache(),
init_per_testcase(common, Config);
init_per_testcase(_TestCase, Config) ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:timetrap({seconds, 5}),
Config.
@@ -136,10 +136,10 @@ end_per_testcase(_TestCase, Config) ->
verify_peer() ->
[{doc,"Test option verify_peer"}].
verify_peer(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- Active = ?config(active, Config),
- ReceiveFunction = ?config(receive_function, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ Active = proplists:get_value(active, Config),
+ ReceiveFunction = proplists:get_value(receive_function, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -162,10 +162,10 @@ verify_none() ->
[{doc,"Test option verify_none"}].
verify_none(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- Active = ?config(active, Config),
- ReceiveFunction = ?config(receive_function, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ Active = proplists:get_value(active, Config),
+ ReceiveFunction = proplists:get_value(receive_function, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -190,10 +190,10 @@ server_verify_client_once() ->
[{doc,"Test server option verify_client_once"}].
server_verify_client_once(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- Active = ?config(active, Config),
- ReceiveFunction = ?config(receive_function, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ Active = proplists:get_value(active, Config),
+ ReceiveFunction = proplists:get_value(receive_function, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -229,10 +229,10 @@ server_require_peer_cert_ok() ->
server_require_peer_cert_ok(Config) when is_list(Config) ->
ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
- | ?config(server_verification_opts, Config)],
- ClientOpts = ?config(client_verification_opts, Config),
- Active = ?config(active, Config),
- ReceiveFunction = ?config(receive_function, Config),
+ | ssl_test_lib:ssl_options(server_verification_opts, Config)],
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ Active = proplists:get_value(active, Config),
+ ReceiveFunction = proplists:get_value(receive_function, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -258,8 +258,8 @@ server_require_peer_cert_fail() ->
server_require_peer_cert_fail(Config) when is_list(Config) ->
ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
- | ?config(server_verification_opts, Config)],
- BadClientOpts = ?config(client_opts, Config),
+ | ssl_test_lib:ssl_options(server_verification_opts, Config)],
+ BadClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
@@ -289,8 +289,8 @@ server_require_peer_cert_partial_chain() ->
server_require_peer_cert_partial_chain(Config) when is_list(Config) ->
ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
- | ?config(server_verification_opts, Config)],
- ClientOpts = ?config(client_verification_opts, Config),
+ | ssl_test_lib:ssl_options(server_verification_opts, Config)],
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
{ok, ClientCAs} = file:read_file(proplists:get_value(cacertfile, ClientOpts)),
@@ -324,11 +324,11 @@ server_require_peer_cert_allow_partial_chain() ->
server_require_peer_cert_allow_partial_chain(Config) when is_list(Config) ->
ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
- | ?config(server_verification_opts, Config)],
- ClientOpts = ?config(client_verification_opts, Config),
+ | ssl_test_lib:ssl_options(server_verification_opts, Config)],
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
- Active = ?config(active, Config),
- ReceiveFunction = ?config(receive_function, Config),
+ Active = proplists:get_value(active, Config),
+ ReceiveFunction = proplists:get_value(receive_function, Config),
{ok, ServerCAs} = file:read_file(proplists:get_value(cacertfile, ServerOpts)),
[{_,_,_}, {_, IntermidiateCA, _}] = public_key:pem_decode(ServerCAs),
@@ -366,8 +366,8 @@ server_require_peer_cert_do_not_allow_partial_chain() ->
server_require_peer_cert_do_not_allow_partial_chain(Config) when is_list(Config) ->
ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
- | ?config(server_verification_opts, Config)],
- ClientOpts = ?config(client_verification_opts, Config),
+ | ssl_test_lib:ssl_options(server_verification_opts, Config)],
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
{ok, ServerCAs} = file:read_file(proplists:get_value(cacertfile, ServerOpts)),
@@ -407,8 +407,8 @@ server_require_peer_cert_partial_chain_fun_fail() ->
server_require_peer_cert_partial_chain_fun_fail(Config) when is_list(Config) ->
ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
- | ?config(server_verification_opts, Config)],
- ClientOpts = ?config(client_verification_opts, Config),
+ | ssl_test_lib:ssl_options(server_verification_opts, Config)],
+ ClientOpts = proplists:get_value(client_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
{ok, ServerCAs} = file:read_file(proplists:get_value(cacertfile, ServerOpts)),
@@ -447,8 +447,8 @@ verify_fun_always_run_client() ->
[{doc,"Verify that user verify_fun is always run (for valid and valid_peer not only unknown_extension)"}].
verify_fun_always_run_client(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
{from, self()},
@@ -492,8 +492,8 @@ verify_fun_always_run_client(Config) when is_list(Config) ->
verify_fun_always_run_server() ->
[{doc,"Verify that user verify_fun is always run (for valid and valid_peer not only unknown_extension)"}].
verify_fun_always_run_server(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
%% If user verify fun is called correctly we fail the connection.
@@ -543,9 +543,9 @@ cert_expired() ->
[{doc,"Test server with expired certificate"}].
cert_expired(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- PrivDir = ?config(priv_dir, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
@@ -611,11 +611,11 @@ extended_key_usage_verify_peer() ->
[{doc,"Test cert that has a critical extended_key_usage extension in verify_peer mode"}].
extended_key_usage_verify_peer(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- PrivDir = ?config(priv_dir, Config),
- Active = ?config(active, Config),
- ReceiveFunction = ?config(receive_function, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
+ Active = proplists:get_value(active, Config),
+ ReceiveFunction = proplists:get_value(receive_function, Config),
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
@@ -673,11 +673,11 @@ extended_key_usage_verify_none() ->
[{doc,"Test cert that has a critical extended_key_usage extension in verify_none mode"}].
extended_key_usage_verify_none(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- PrivDir = ?config(priv_dir, Config),
- Active = ?config(active, Config),
- ReceiveFunction = ?config(receive_function, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
+ Active = proplists:get_value(active, Config),
+ ReceiveFunction = proplists:get_value(receive_function, Config),
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
@@ -734,11 +734,11 @@ critical_extension_verify_peer() ->
[{doc,"Test cert that has a critical unknown extension in verify_peer mode"}].
critical_extension_verify_peer(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- PrivDir = ?config(priv_dir, Config),
- Active = ?config(active, Config),
- ReceiveFunction = ?config(receive_function, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
+ Active = proplists:get_value(active, Config),
+ ReceiveFunction = proplists:get_value(receive_function, Config),
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
NewCertName = integer_to_list(erlang:unique_integer()) ++ ".pem",
@@ -781,11 +781,11 @@ critical_extension_verify_none() ->
[{doc,"Test cert that has a critical unknown extension in verify_none mode"}].
critical_extension_verify_none(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- PrivDir = ?config(priv_dir, Config),
- Active = ?config(active, Config),
- ReceiveFunction = ?config(receive_function, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
+ Active = proplists:get_value(active, Config),
+ ReceiveFunction = proplists:get_value(receive_function, Config),
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
NewCertName = integer_to_list(erlang:unique_integer()) ++ ".pem",
@@ -850,9 +850,9 @@ no_authority_key_identifier() ->
" but are present in trusted certs db."}].
no_authority_key_identifier(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- PrivDir = ?config(priv_dir, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
@@ -906,9 +906,9 @@ no_authority_key_identifier_and_nonstandard_encoding() ->
" authorityKeyIdentifier extension but are present in trusted certs db."}].
no_authority_key_identifier_and_nonstandard_encoding(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- PrivDir = ?config(priv_dir, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
@@ -967,9 +967,9 @@ invalid_signature_server() ->
[{doc,"Test client with invalid signature"}].
invalid_signature_server(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- PrivDir = ?config(priv_dir, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
KeyFile = filename:join(PrivDir, "server/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
@@ -1004,9 +1004,9 @@ invalid_signature_client() ->
[{doc,"Test server with invalid signature"}].
invalid_signature_client(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
- PrivDir = ?config(priv_dir, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
KeyFile = filename:join(PrivDir, "client/key.pem"),
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
@@ -1042,8 +1042,8 @@ client_with_cert_cipher_suites_handshake() ->
[{doc, "Test that client with a certificate without keyEncipherment usage "
" extension can connect to a server with restricted cipher suites "}].
client_with_cert_cipher_suites_handshake(Config) when is_list(Config) ->
- ClientOpts = ?config(client_verification_opts_digital_signature_only, Config),
- ServerOpts = ?config(server_verification_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts_digital_signature_only, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -1070,7 +1070,7 @@ client_with_cert_cipher_suites_handshake(Config) when is_list(Config) ->
server_verify_no_cacerts() ->
[{doc,"Test server must have cacerts if it wants to verify client"}].
server_verify_no_cacerts(Config) when is_list(Config) ->
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
{from, self()},
@@ -1084,8 +1084,8 @@ server_verify_no_cacerts(Config) when is_list(Config) ->
unknown_server_ca_fail() ->
[{doc,"Test that the client fails if the ca is unknown in verify_peer mode"}].
unknown_server_ca_fail(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
{from, self()},
@@ -1128,8 +1128,8 @@ unknown_server_ca_fail(Config) when is_list(Config) ->
unknown_server_ca_accept_verify_none() ->
[{doc,"Test that the client succeds if the ca is unknown in verify_none mode"}].
unknown_server_ca_accept_verify_none(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -1153,8 +1153,8 @@ unknown_server_ca_accept_verify_peer() ->
[{doc, "Test that the client succeds if the ca is unknown in verify_peer mode"
" with a verify_fun that accepts the unknown ca error"}].
unknown_server_ca_accept_verify_peer(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
@@ -1192,8 +1192,8 @@ unknown_server_ca_accept_verify_peer(Config) when is_list(Config) ->
unknown_server_ca_accept_backwardscompatibility() ->
[{doc,"Test that old style verify_funs will work"}].
unknown_server_ca_accept_backwardscompatibility(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
diff --git a/lib/ssl/test/ssl_crl_SUITE.erl b/lib/ssl/test/ssl_crl_SUITE.erl
index 291a5f3fde..aa321407b7 100644
--- a/lib/ssl/test/ssl_crl_SUITE.erl
+++ b/lib/ssl/test/ssl_crl_SUITE.erl
@@ -97,8 +97,8 @@ init_per_group(Group, Config0) ->
true ->
[{idp_crl, true} | Config0];
false ->
- DataDir = ?config(data_dir, Config0),
- CertDir = filename:join(?config(priv_dir, Config0), Group),
+ DataDir = proplists:get_value(data_dir, Config0),
+ CertDir = filename:join(proplists:get_value(priv_dir, Config0), Group),
{CertOpts, Config} = init_certs(CertDir, Group, Config0),
{ok, _} = make_certs:all(DataDir, CertDir, CertOpts),
[{cert_dir, CertDir}, {idp_crl, false} | Config]
@@ -109,23 +109,23 @@ end_per_group(_GroupName, Config) ->
Config.
init_per_testcase(Case, Config0) ->
- case ?config(idp_crl, Config0) of
+ case proplists:get_value(idp_crl, Config0) of
true ->
end_per_testcase(Case, Config0),
inets:start(),
ssl:start(),
- ServerRoot = make_dir_path([?config(priv_dir, Config0), idp_crl, tmp]),
+ ServerRoot = make_dir_path([proplists:get_value(priv_dir, Config0), idp_crl, tmp]),
%% start a HTTP server to serve the CRLs
- {ok, Httpd} = inets:start(httpd, [{ipfamily, ?config(ipfamily, Config0)},
+ {ok, Httpd} = inets:start(httpd, [{ipfamily, proplists:get_value(ipfamily, Config0)},
{server_name, "localhost"}, {port, 0},
{server_root, ServerRoot},
{document_root,
- filename:join(?config(priv_dir, Config0), idp_crl)}
+ filename:join(proplists:get_value(priv_dir, Config0), idp_crl)}
]),
[{port,Port}] = httpd:info(Httpd, [port]),
Config = [{httpd_port, Port} | Config0],
- DataDir = ?config(data_dir, Config),
- CertDir = filename:join(?config(priv_dir, Config0), idp_crl),
+ DataDir = proplists:get_value(data_dir, Config),
+ CertDir = filename:join(proplists:get_value(priv_dir, Config0), idp_crl),
{CertOpts, Config} = init_certs(CertDir, idp_crl, Config),
{ok, _} = make_certs:all(DataDir, CertDir, CertOpts),
ct:timetrap({seconds, 6}),
@@ -137,7 +137,7 @@ init_per_testcase(Case, Config0) ->
end.
end_per_testcase(_, Config) ->
- case ?config(idp_crl, Config) of
+ case proplists:get_value(idp_crl, Config) of
true ->
ssl:stop(),
inets:stop();
@@ -152,12 +152,12 @@ end_per_testcase(_, Config) ->
crl_verify_valid() ->
[{doc,"Verify a simple valid CRL chain"}].
crl_verify_valid(Config) when is_list(Config) ->
- PrivDir = ?config(cert_dir, Config),
- Check = ?config(crl_check, Config),
+ PrivDir = proplists:get_value(cert_dir, Config),
+ Check = proplists:get_value(crl_check, Config),
ServerOpts = [{keyfile, filename:join([PrivDir, "server", "key.pem"])},
{certfile, filename:join([PrivDir, "server", "cert.pem"])},
{cacertfile, filename:join([PrivDir, "server", "cacerts.pem"])}],
- ClientOpts = case ?config(idp_crl, Config) of
+ ClientOpts = case proplists:get_value(idp_crl, Config) of
true ->
[{cacertfile, filename:join([PrivDir, "server", "cacerts.pem"])},
{crl_check, Check},
@@ -178,8 +178,8 @@ crl_verify_valid(Config) when is_list(Config) ->
crl_verify_revoked() ->
[{doc,"Verify a simple CRL chain when peer cert is reveoked"}].
crl_verify_revoked(Config) when is_list(Config) ->
- PrivDir = ?config(cert_dir, Config),
- Check = ?config(crl_check, Config),
+ PrivDir = proplists:get_value(cert_dir, Config),
+ Check = proplists:get_value(crl_check, Config),
ServerOpts = [{keyfile, filename:join([PrivDir, "revoked", "key.pem"])},
{certfile, filename:join([PrivDir, "revoked", "cert.pem"])},
{cacertfile, filename:join([PrivDir, "revoked", "cacerts.pem"])}],
@@ -189,7 +189,7 @@ crl_verify_revoked(Config) when is_list(Config) ->
ssl_crl_cache:insert({file, filename:join([PrivDir, "erlangCA", "crl.pem"])}),
ssl_crl_cache:insert({file, filename:join([PrivDir, "otpCA", "crl.pem"])}),
- ClientOpts = case ?config(idp_crl, Config) of
+ ClientOpts = case proplists:get_value(idp_crl, Config) of
true ->
[{cacertfile, filename:join([PrivDir, "revoked", "cacerts.pem"])},
{crl_cache, {ssl_crl_cache, {internal, [{http, 5000}]}}},
@@ -207,12 +207,12 @@ crl_verify_revoked(Config) when is_list(Config) ->
crl_verify_no_crl() ->
[{doc,"Verify a simple CRL chain when the CRL is missing"}].
crl_verify_no_crl(Config) when is_list(Config) ->
- PrivDir = ?config(cert_dir, Config),
- Check = ?config(crl_check, Config),
+ PrivDir = proplists:get_value(cert_dir, Config),
+ Check = proplists:get_value(crl_check, Config),
ServerOpts = [{keyfile, filename:join([PrivDir, "server", "key.pem"])},
{certfile, filename:join([PrivDir, "server", "cert.pem"])},
{cacertfile, filename:join([PrivDir, "server", "cacerts.pem"])}],
- ClientOpts = case ?config(idp_crl, Config) of
+ ClientOpts = case proplists:get_value(idp_crl, Config) of
true ->
[{cacertfile, filename:join([PrivDir, "server", "cacerts.pem"])},
{crl_check, Check},
@@ -297,7 +297,7 @@ is_idp(_) ->
init_certs(_,v1_crl, Config) ->
{[{v2_crls, false}], Config};
init_certs(_, idp_crl, Config) ->
- Port = ?config(httpd_port, Config),
+ Port = proplists:get_value(httpd_port, Config),
{[{crl_port,Port},
{issuing_distribution_point, true}], Config
};
diff --git a/lib/ssl/test/ssl_dist_SUITE.erl b/lib/ssl/test/ssl_dist_SUITE.erl
index e7cbfa63f4..d90ec428ee 100644
--- a/lib/ssl/test/ssl_dist_SUITE.erl
+++ b/lib/ssl/test/ssl_dist_SUITE.erl
@@ -502,7 +502,7 @@ start_ssl_node(Config) ->
start_ssl_node(Config, XArgs) ->
Name = mk_node_name(Config),
- SSL = ?config(ssl_opts, Config),
+ SSL = proplists:get_value(ssl_opts, Config),
SSLDistOpts = setup_dist_opts(Config),
start_ssl_node_raw(Name, SSL ++ " " ++ SSLDistOpts ++ XArgs).
@@ -539,7 +539,7 @@ host_name() ->
mk_node_name(Config) ->
N = erlang:unique_integer([positive]),
- Case = ?config(testcase, Config),
+ Case = proplists:get_value(testcase, Config),
atom_to_list(?MODULE)
++ "_"
++ atom_to_list(Case)
@@ -792,7 +792,7 @@ do_append_files([F|Fs], RF) ->
do_append_files(Fs, RF).
setup_certs(Config) ->
- PrivDir = ?config(priv_dir, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
NodeDir = filename:join([PrivDir, "Certs"]),
RGenDir = filename:join([NodeDir, "rand_gen"]),
ok = file:make_dir(NodeDir),
@@ -811,8 +811,8 @@ setup_certs(Config) ->
append_files([CK, CC], CKC).
setup_dist_opts(Config) ->
- PrivDir = ?config(priv_dir, Config),
- DataDir = ?config(data_dir, Config),
+ PrivDir = proplists:get_value(priv_dir, Config),
+ DataDir = proplists:get_value(data_dir, Config),
Dhfile = filename:join([DataDir, "dHParam.pem"]),
NodeDir = filename:join([PrivDir, "Certs"]),
SDir = filename:join([NodeDir, "server"]),
@@ -874,7 +874,7 @@ add_ssl_opts_config(Config) ->
%% just point out ssl ebin with -pa.
%%
try
- Dir = ?config(priv_dir, Config),
+ Dir = proplists:get_value(priv_dir, Config),
LibDir = code:lib_dir(),
Apps = application:which_applications(),
{value, {stdlib, _, STDL_VSN}} = lists:keysearch(stdlib, 1, Apps),
diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl
index d050812208..26e83413c1 100644
--- a/lib/ssl/test/ssl_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_handshake_SUITE.erl
@@ -62,8 +62,8 @@ init_per_testcase(ignore_hassign_extension_pre_tls_1_2, Config0) ->
true ->
ssl:start(),
%% make rsa certs using oppenssl
- {ok, _} = make_certs:all(?config(data_dir, Config0),
- ?config(priv_dir, Config0)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config0),
+ proplists:get_value(priv_dir, Config0)),
Config = ssl_test_lib:cert_options(Config0),
ct:timetrap({seconds, 5}),
Config;
@@ -162,7 +162,7 @@ select_proper_tls_1_2_rsa_default_hashsign(_Config) ->
ignore_hassign_extension_pre_tls_1_2(Config) ->
- Opts = ?config(server_opts, Config),
+ Opts = proplists:get_value(server_opts, Config),
CertFile = proplists:get_value(certfile, Opts),
[{_, Cert, _}] = ssl_test_lib:pem_to_der(CertFile),
HashSigns = #hash_sign_algos{hash_sign_algos = [{sha512, rsa}, {sha, dsa}]},
diff --git a/lib/ssl/test/ssl_npn_handshake_SUITE.erl b/lib/ssl/test/ssl_npn_handshake_SUITE.erl
index cebbc3c16b..c55fa73cfb 100644
--- a/lib/ssl/test/ssl_npn_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_npn_handshake_SUITE.erl
@@ -69,8 +69,8 @@ init_per_suite(Config) ->
try crypto:start() of
ok ->
ssl:start(),
- {ok, _} = make_certs:all(?config(data_dir, Config),
- ?config(priv_dir, Config)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config),
+ proplists:get_value(priv_dir, Config)),
ssl_test_lib:cert_options(Config)
catch _:_ ->
{skip, "Crypto did not start"}
@@ -86,8 +86,7 @@ init_per_group(GroupName, Config) ->
true ->
case ssl_test_lib:sufficient_crypto_support(GroupName) of
true ->
- ssl_test_lib:init_tls_version(GroupName),
- Config;
+ ssl_test_lib:init_tls_version(GroupName, Config);
false ->
{skip, "Missing crypto support"}
end;
@@ -100,7 +99,7 @@ end_per_group(_GroupName, Config) ->
Config.
init_per_testcase(_TestCase, Config) ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:log("Ciphers: ~p~n ", [ ssl:cipher_suites()]),
ct:timetrap({seconds, 10}),
Config.
@@ -192,10 +191,10 @@ client_negotiate_server_does_not_support(Config) when is_list(Config) ->
renegotiate_from_client_after_npn_handshake(Config) when is_list(Config) ->
Data = "hello world",
- ClientOpts0 = ?config(client_opts, Config),
+ ClientOpts0 = ssl_test_lib:ssl_options(client_opts, Config),
ClientOpts = [{client_preferred_next_protocols,
{client, [<<"http/1.0">>], <<"http/1.1">>}}] ++ ClientOpts0,
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = ssl_test_lib:ssl_options(server_opts, Config),
ServerOpts = [{next_protocols_advertised,
[<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}] ++ ServerOpts0,
ExpectedProtocol = {ok, <<"http/1.0">>},
@@ -217,7 +216,7 @@ renegotiate_from_client_after_npn_handshake(Config) when is_list(Config) ->
%--------------------------------------------------------------------------------
npn_not_supported_client(Config) when is_list(Config) ->
- ClientOpts0 = ?config(client_opts, Config),
+ ClientOpts0 = ssl_test_lib:ssl_options(client_opts, Config),
PrefProtocols = {client_preferred_next_protocols,
{client, [<<"http/1.0">>], <<"http/1.1">>}},
ClientOpts = [PrefProtocols] ++ ClientOpts0,
@@ -232,7 +231,7 @@ npn_not_supported_client(Config) when is_list(Config) ->
%--------------------------------------------------------------------------------
npn_not_supported_server(Config) when is_list(Config)->
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = ssl_test_lib:ssl_options(server_opts, Config),
AdvProtocols = {next_protocols_advertised, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]},
ServerOpts = [AdvProtocols] ++ ServerOpts0,
@@ -240,10 +239,10 @@ npn_not_supported_server(Config) when is_list(Config)->
%--------------------------------------------------------------------------------
npn_handshake_session_reused(Config) when is_list(Config)->
- ClientOpts0 = ?config(client_opts, Config),
+ ClientOpts0 = ssl_test_lib:ssl_options(client_opts, Config),
ClientOpts = [{client_preferred_next_protocols,
{client, [<<"http/1.0">>], <<"http/1.1">>}}] ++ ClientOpts0,
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = ssl_test_lib:ssl_options(server_opts, Config),
ServerOpts =[{next_protocols_advertised,
[<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}] ++ ServerOpts0,
@@ -294,9 +293,9 @@ npn_handshake_session_reused(Config) when is_list(Config)->
run_npn_handshake(Config, ClientExtraOpts, ServerExtraOpts, ExpectedProtocol) ->
Data = "hello world",
- ClientOpts0 = ?config(client_opts, Config),
+ ClientOpts0 = ssl_test_lib:ssl_options(client_opts, Config),
ClientOpts = ClientExtraOpts ++ ClientOpts0,
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = ssl_test_lib:ssl_options(server_opts, Config),
ServerOpts = ServerExtraOpts ++ ServerOpts0,
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
diff --git a/lib/ssl/test/ssl_npn_hello_SUITE.erl b/lib/ssl/test/ssl_npn_hello_SUITE.erl
index b678187bc8..533501e788 100644
--- a/lib/ssl/test/ssl_npn_hello_SUITE.erl
+++ b/lib/ssl/test/ssl_npn_hello_SUITE.erl
@@ -42,7 +42,7 @@ all() ->
create_server_hello_with_no_advertised_protocols_test].
init_per_testcase(_TestCase, Config) ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:timetrap({seconds, 5}),
Config.
@@ -53,33 +53,33 @@ end_per_testcase(_TestCase, Config) ->
%% Test Cases --------------------------------------------------------
%%--------------------------------------------------------------------
-encode_and_decode_client_hello_test(_Config) ->
+encode_and_decode_client_hello_test(Config) ->
HandShakeData = create_client_handshake(undefined),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
{[{DecodedHandshakeMessage, _Raw}], _} =
tls_handshake:get_tls_handshake(Version, list_to_binary(HandShakeData), <<>>),
NextProtocolNegotiation = (DecodedHandshakeMessage#client_hello.extensions)#hello_extensions.next_protocol_negotiation,
NextProtocolNegotiation = undefined.
%%--------------------------------------------------------------------
-encode_and_decode_npn_client_hello_test(_Config) ->
+encode_and_decode_npn_client_hello_test(Config) ->
HandShakeData = create_client_handshake(#next_protocol_negotiation{extension_data = <<>>}),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
{[{DecodedHandshakeMessage, _Raw}], _} =
tls_handshake:get_tls_handshake(Version, list_to_binary(HandShakeData), <<>>),
NextProtocolNegotiation = (DecodedHandshakeMessage#client_hello.extensions)#hello_extensions.next_protocol_negotiation,
NextProtocolNegotiation = #next_protocol_negotiation{extension_data = <<>>}.
%%--------------------------------------------------------------------
-encode_and_decode_server_hello_test(_Config) ->
+encode_and_decode_server_hello_test(Config) ->
HandShakeData = create_server_handshake(undefined),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
{[{DecodedHandshakeMessage, _Raw}], _} =
tls_handshake:get_tls_handshake(Version, list_to_binary(HandShakeData), <<>>),
NextProtocolNegotiation = (DecodedHandshakeMessage#server_hello.extensions)#hello_extensions.next_protocol_negotiation,
NextProtocolNegotiation = undefined.
%%--------------------------------------------------------------------
-encode_and_decode_npn_server_hello_test(_Config) ->
+encode_and_decode_npn_server_hello_test(Config) ->
HandShakeData = create_server_handshake(#next_protocol_negotiation{extension_data = <<6, "spdy/2">>}),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
{[{DecodedHandshakeMessage, _Raw}], _} =
tls_handshake:get_tls_handshake(Version, list_to_binary(HandShakeData), <<>>),
NextProtocolNegotiation = (DecodedHandshakeMessage#server_hello.extensions)#hello_extensions.next_protocol_negotiation,
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index e6655fa11b..6a73acb704 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -137,8 +137,8 @@ init_per_suite(Config) ->
try crypto:start() of
ok ->
ssl:start(),
- {ok, _} = make_certs:all(?config(data_dir, Config),
- ?config(priv_dir, Config)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config),
+ proplists:get_value(priv_dir, Config)),
ssl_test_lib:cert_options(Config)
catch _:_ ->
{skip, "Crypto did not start"}
@@ -153,8 +153,7 @@ init_per_group(GroupName, Config) ->
true ->
case ssl_test_lib:sufficient_crypto_support(GroupName) of
true ->
- ssl_test_lib:init_tls_version(GroupName),
- Config;
+ ssl_test_lib:init_tls_version(GroupName, Config);
false ->
{skip, "Missing crypto support"}
end;
@@ -168,7 +167,7 @@ end_per_group(_GroupName, Config) ->
Config.
init_per_testcase(_TestCase, Config) ->
- ct:timetrap({seconds, 15}),
+ ct:timetrap({seconds, 30}),
Config.
@@ -424,8 +423,8 @@ packet_send_to_large() ->
[{doc,"Test setting the packet option {packet, 2} on the send side"}].
packet_send_to_large(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = lists:append(lists:duplicate(30, "1234567890")),
@@ -452,8 +451,8 @@ packet_wait_active() ->
[{doc,"Test waiting when complete packages have not arrived"}].
packet_wait_active(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = list_to_binary(lists:duplicate(100, "1234567890")),
@@ -485,8 +484,8 @@ packet_wait_passive() ->
[{doc,"Test waiting when complete packages have not arrived"}].
packet_wait_passive(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = list_to_binary(lists:duplicate(100, "1234567890")),
@@ -515,8 +514,8 @@ packet_baddata_active() ->
[{doc,"Test that if a bad packet arrives error msg is sent and socket is closed"}].
packet_baddata_active(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = list_to_binary(lists:duplicate(100, "1234567890")),
@@ -548,8 +547,8 @@ packet_baddata_passive() ->
[{doc,"Test that if a bad packet arrives error msg is sent and socket is closed"}].
packet_baddata_passive(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = list_to_binary(lists:duplicate(100, "1234567890")),
@@ -583,8 +582,8 @@ packet_size_active() ->
packet_size arrives error msg is sent and socket is closed"}].
packet_size_active(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = list_to_binary(lists:duplicate(100, "1234567890")),
@@ -617,8 +616,8 @@ packet_size_passive() ->
than packet_size arrives error msg is sent and socket is closed"}].
packet_size_passive(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = list_to_binary(lists:duplicate(100, "1234567890")),
@@ -649,8 +648,8 @@ packet_size_passive(Config) when is_list(Config) ->
packet_cdr_decode() ->
[{doc,"Test setting the packet option {packet, cdr}, {mode, binary}"}].
packet_cdr_decode(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
%% A valid cdr packet
@@ -682,8 +681,8 @@ packet_cdr_decode(Config) when is_list(Config) ->
packet_cdr_decode_list() ->
[{doc,"Test setting the packet option {packet, cdr} {mode, list}"}].
packet_cdr_decode_list(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
%% A valid cdr packet
@@ -717,8 +716,8 @@ packet_http_decode() ->
"(Body will be binary http strings are lists)"}].
packet_http_decode(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Request = "GET / HTTP/1.1\r\n"
@@ -799,8 +798,8 @@ packet_http_decode_list() ->
[{doc, "Test setting the packet option {packet, http}, {mode, list}"
"(Body will be list too)"}].
packet_http_decode_list(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Request = "GET / HTTP/1.1\r\n"
@@ -856,8 +855,8 @@ client_http_decode_list(Socket, HttpRequest) ->
packet_http_bin_decode_multi() ->
[{doc,"Test setting the packet option {packet, http_bin} with multiple requests"}].
packet_http_bin_decode_multi(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Request = <<"GET / HTTP/1.1\r\n"
@@ -946,8 +945,8 @@ packet_http_error_passive() ->
" with a incorrect http header."}].
packet_http_error_passive(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Request = "GET / HTTP/1.1\r\n"
@@ -1006,8 +1005,8 @@ packet_httph_active() ->
[{doc,"Test setting the packet option {packet, httph}"}].
packet_httph_active(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Trailer = "Content-Encoding: gzip\r\n"
@@ -1061,8 +1060,8 @@ client_http_decode_trailer_active(Socket) ->
packet_httph_bin_active() ->
[{doc,"Test setting the packet option {packet, httph_bin}"}].
packet_httph_bin_active(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Trailer = "Content-Encoding: gzip\r\n"
@@ -1111,8 +1110,8 @@ packet_httph_active_once() ->
[{doc,"Test setting the packet option {packet, httph}"}].
packet_httph_active_once(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Trailer = "Content-Encoding: gzip\r\n"
@@ -1164,8 +1163,8 @@ packet_httph_bin_active_once() ->
[{doc,"Test setting the packet option {packet, httph_bin}"}].
packet_httph_bin_active_once(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Trailer = "Content-Encoding: gzip\r\n"
@@ -1218,8 +1217,8 @@ packet_httph_passive() ->
[{doc,"Test setting the packet option {packet, httph}"}].
packet_httph_passive(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Trailer = "Content-Encoding: gzip\r\n"
@@ -1258,8 +1257,8 @@ packet_httph_bin_passive() ->
[{doc,"Test setting the packet option {packet, httph_bin}"}].
packet_httph_bin_passive(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Trailer = "Content-Encoding: gzip\r\n"
@@ -1298,8 +1297,8 @@ packet_line_decode() ->
[{doc,"Test setting the packet option {packet, line}, {mode, binary}"}].
packet_line_decode(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = list_to_binary(lists:flatten(io_lib:format("Line ends here.~n"
@@ -1334,8 +1333,8 @@ packet_line_decode_list() ->
[{doc,"Test setting the packet option {packet, line}, {mode, list}"}].
packet_line_decode_list(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = lists:flatten(io_lib:format("Line ends here.~n"
@@ -1372,8 +1371,8 @@ packet_asn1_decode() ->
[{doc,"Test setting the packet option {packet, asn1}"}].
packet_asn1_decode(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
File = proplists:get_value(certfile, ServerOpts),
@@ -1407,8 +1406,8 @@ packet_asn1_decode_list() ->
[{doc,"Test setting the packet option {packet, asn1}"}].
packet_asn1_decode_list(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
File = proplists:get_value(certfile, ServerOpts),
@@ -1444,8 +1443,8 @@ packet_tpkt_decode() ->
[{doc,"Test setting the packet option {packet, tpkt}"}].
packet_tpkt_decode(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = list_to_binary(add_tpkt_header("TPKT data")),
@@ -1476,8 +1475,8 @@ packet_tpkt_decode_list() ->
[{doc,"Test setting the packet option {packet, tpkt}"}].
packet_tpkt_decode_list(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = binary_to_list(list_to_binary(add_tpkt_header("TPKT data"))),
@@ -1509,8 +1508,8 @@ packet_tpkt_decode_list(Config) when is_list(Config) ->
%% [{doc,"Test setting the packet option {packet, fcgi}"}].
%% packet_fcgi_decode(Config) when is_list(Config) ->
-%% ClientOpts = ?config(client_opts, Config),
-%% ServerOpts = ?config(server_opts, Config),
+%% ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+%% ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
%% {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
%% Data = ...
@@ -1542,8 +1541,8 @@ packet_tpkt_decode_list(Config) when is_list(Config) ->
packet_sunrm_decode() ->
[{doc,"Test setting the packet option {packet, sunrm}"}].
packet_sunrm_decode(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = <<11:32, "Hello world">>,
@@ -1574,8 +1573,8 @@ packet_sunrm_decode_list() ->
[{doc,"Test setting the packet option {packet, sunrm}"}].
packet_sunrm_decode_list(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = binary_to_list(list_to_binary([<<11:32>>, "Hello world"])),
@@ -1606,8 +1605,8 @@ header_decode_one_byte_active() ->
[{doc,"Test setting the packet option {header, 1}"}].
header_decode_one_byte_active(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = <<11:8, "Hello world">>,
@@ -1639,8 +1638,8 @@ header_decode_two_bytes_active() ->
[{doc,"Test setting the packet option {header, 2}"}].
header_decode_two_bytes_active(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = <<11:8, "Hello world">>,
@@ -1673,8 +1672,8 @@ header_decode_two_bytes_two_sent_active() ->
[{doc,"Test setting the packet option {header, 2} and sending two byte"}].
header_decode_two_bytes_two_sent_active(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = <<"He">>,
@@ -1707,8 +1706,8 @@ header_decode_two_bytes_one_sent_active() ->
[{doc,"Test setting the packet option {header, 2} and sending one byte"}].
header_decode_two_bytes_one_sent_active(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = <<"H">>,
@@ -1740,8 +1739,8 @@ header_decode_one_byte_passive() ->
[{doc,"Test setting the packet option {header, 1}"}].
header_decode_one_byte_passive(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = <<11:8, "Hello world">>,
@@ -1773,8 +1772,8 @@ header_decode_two_bytes_passive() ->
[{doc,"Test setting the packet option {header, 2}"}].
header_decode_two_bytes_passive(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = <<11:8, "Hello world">>,
@@ -1807,8 +1806,8 @@ header_decode_two_bytes_two_sent_passive() ->
[{doc,"Test setting the packet option {header, 2} and sending two byte"}].
header_decode_two_bytes_two_sent_passive(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = <<"He">>,
@@ -1841,8 +1840,8 @@ header_decode_two_bytes_one_sent_passive() ->
[{doc,"Test setting the packet option {header, 2} and sending one byte"}].
header_decode_two_bytes_one_sent_passive(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = <<"H">>,
@@ -1872,8 +1871,8 @@ header_decode_two_bytes_one_sent_passive(Config) when is_list(Config) ->
%% Internal functions ------------------------------------------------
%%--------------------------------------------------------------------
packet(Config, Data, Send, Recv, Quantity, Packet, Active) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
diff --git a/lib/ssl/test/ssl_payload_SUITE.erl b/lib/ssl/test/ssl_payload_SUITE.erl
index eb06009734..cb0571d0a7 100644
--- a/lib/ssl/test/ssl_payload_SUITE.erl
+++ b/lib/ssl/test/ssl_payload_SUITE.erl
@@ -71,7 +71,7 @@ init_per_suite(Config) ->
try crypto:start() of
ok ->
ssl:start(),
- {ok, _} = make_certs:all(?config(data_dir, Config), ?config(priv_dir, Config)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config), proplists:get_value(priv_dir, Config)),
ssl_test_lib:cert_options(Config)
catch _:_ ->
{skip, "Crypto did not start"}
@@ -86,8 +86,7 @@ init_per_group(GroupName, Config) ->
true ->
case ssl_test_lib:sufficient_crypto_support(GroupName) of
true ->
- ssl_test_lib:init_tls_version(GroupName),
- Config;
+ ssl_test_lib:init_tls_version(GroupName, Config);
false ->
{skip, "Missing crypto support"}
end;
@@ -132,8 +131,8 @@ server_echos_passive_small() ->
"sends them back, and closes."}].
server_echos_passive_small(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -148,8 +147,8 @@ server_echos_active_once_small() ->
" them, sends them back, and closes."}].
server_echos_active_once_small(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -164,8 +163,8 @@ server_echos_active_small() ->
"sends them back, and closes."}].
server_echos_active_small(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -179,8 +178,8 @@ client_echos_passive_small() ->
"sends them back, and closes."}].
client_echos_passive_small(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -194,8 +193,8 @@ client_echos_active_once_small() ->
"them, sends them back, and closes."].
client_echos_active_once_small(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -209,8 +208,8 @@ client_echos_active_small() ->
"sends them back, and closes."}].
client_echos_active_small(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -225,8 +224,8 @@ server_echos_passive_big() ->
"sends them back, and closes."}].
server_echos_passive_big(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -241,8 +240,8 @@ server_echos_active_once_big() ->
"them, sends them back, and closes."}].
server_echos_active_once_big(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -257,8 +256,8 @@ server_echos_active_big() ->
" them, sends them back, and closes."}].
server_echos_active_big(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -272,8 +271,8 @@ client_echos_passive_big() ->
"sends them back, and closes."}].
client_echos_passive_big(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -287,8 +286,8 @@ client_echos_active_once_big() ->
" them, sends them back, and closes."}].
client_echos_active_once_big(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -302,8 +301,8 @@ client_echos_active_big() ->
"sends them back, and closes."}].
client_echos_active_big(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -317,8 +316,8 @@ server_echos_passive_huge() ->
" them, sends them back, and closes."}].
server_echos_passive_huge(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -332,8 +331,8 @@ server_echos_active_once_huge() ->
"them, sends them back, and closes."}].
server_echos_active_once_huge(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -347,8 +346,8 @@ server_echos_active_huge() ->
"sends them back, and closes."}].
server_echos_active_huge(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -362,8 +361,8 @@ client_echos_passive_huge() ->
"them, sends them back, and closes."}].
client_echos_passive_huge(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -376,8 +375,8 @@ client_echos_active_once_huge() ->
"them, sends them back, and closes."}].
client_echos_active_once_huge(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
@@ -390,8 +389,8 @@ client_echos_active_huge() ->
"sends them back, and closes."}].
client_echos_active_huge(Config) when is_list(Config) ->
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Str = "1234567890",
diff --git a/lib/ssl/test/ssl_pem_cache_SUITE.erl b/lib/ssl/test/ssl_pem_cache_SUITE.erl
index 3e96276258..13b0ce8ed9 100644
--- a/lib/ssl/test/ssl_pem_cache_SUITE.erl
+++ b/lib/ssl/test/ssl_pem_cache_SUITE.erl
@@ -45,8 +45,8 @@ init_per_suite(Config0) ->
ok ->
ssl:start(),
%% make rsa certs using oppenssl
- {ok, _} = make_certs:all(?config(data_dir, Config0),
- ?config(priv_dir, Config0)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config0),
+ proplists:get_value(priv_dir, Config0)),
Config1 = ssl_test_lib:make_dsa_cert(Config0),
ssl_test_lib:cert_options(Config1)
catch _:_ ->
@@ -81,8 +81,8 @@ pem_cleanup() ->
[{doc, "Test pem cache invalidate mechanism"}].
pem_cleanup(Config)when is_list(Config) ->
process_flag(trap_exit, true),
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = proplists:get_value(client_opts, Config),
+ ServerOpts = proplists:get_value(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
diff --git a/lib/ssl/test/ssl_session_cache_SUITE.erl b/lib/ssl/test/ssl_session_cache_SUITE.erl
index 85345c814f..5e6137d2a6 100644
--- a/lib/ssl/test/ssl_session_cache_SUITE.erl
+++ b/lib/ssl/test/ssl_session_cache_SUITE.erl
@@ -60,8 +60,8 @@ init_per_suite(Config0) ->
ok ->
ssl:start(),
%% make rsa certs using
- {ok, _} = make_certs:all(?config(data_dir, Config0),
- ?config(priv_dir, Config0)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config0),
+ proplists:get_value(priv_dir, Config0)),
Config = ssl_test_lib:make_dsa_cert(Config0),
ssl_test_lib:cert_options(Config)
catch _:_ ->
@@ -154,8 +154,8 @@ client_unique_session() ->
"sets up many connections"}].
client_unique_session(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = proplists:get_value(client_opts, Config),
+ ServerOpts = proplists:get_value(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -185,8 +185,8 @@ session_cleanup() ->
"does not grow and grow ..."}].
session_cleanup(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
@@ -259,8 +259,8 @@ max_table_size() ->
[{doc,"Test max limit on session table"}].
max_table_size(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
+ ClientOpts = proplists:get_value(client_verification_opts, Config),
+ ServerOpts = proplists:get_value(server_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server =
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
diff --git a/lib/ssl/test/ssl_sni_SUITE.erl b/lib/ssl/test/ssl_sni_SUITE.erl
index edbc6bbee4..34ef2e6af9 100644
--- a/lib/ssl/test/ssl_sni_SUITE.erl
+++ b/lib/ssl/test/ssl_sni_SUITE.erl
@@ -42,8 +42,8 @@ init_per_suite(Config0) ->
try crypto:start() of
ok ->
ssl:start(),
- {ok, _} = make_certs:all(?config(data_dir, Config0),
- ?config(priv_dir, Config0)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config0),
+ proplists:get_value(priv_dir, Config0)),
ssl_test_lib:cert_options(Config0)
catch _:_ ->
{skip, "Crypto did not start"}
@@ -54,7 +54,7 @@ end_per_suite(_) ->
application:stop(crypto).
init_per_testcase(_TestCase, Config) ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:log("Ciphers: ~p~n ", [ ssl:cipher_suites()]),
ct:timetrap({seconds, 5}),
Config.
@@ -139,15 +139,15 @@ run_sni_fun_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) ->
ct:log("Start running handshake for sni_fun, Config: ~p, SNIHostname: ~p, "
"ExpectedSNIHostname: ~p, ExpectedCN: ~p",
[Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]),
- [{sni_hosts, ServerSNIConf}] = ?config(sni_server_opts, Config),
+ [{sni_hosts, ServerSNIConf}] = proplists:get_value(sni_server_opts, Config),
SNIFun = fun(Domain) -> proplists:get_value(Domain, ServerSNIConf, undefined) end,
- ServerOptions = ?config(server_opts, Config) ++ [{sni_fun, SNIFun}],
+ ServerOptions = proplists:get_value(server_opts, Config) ++ [{sni_fun, SNIFun}],
ClientOptions =
case SNIHostname of
undefined ->
- ?config(client_opts, Config);
+ proplists:get_value(client_opts, Config);
_ ->
- [{server_name_indication, SNIHostname}] ++ ?config(client_opts, Config)
+ [{server_name_indication, SNIHostname}] ++ proplists:get_value(client_opts, Config)
end,
ct:log("Options: ~p", [[ServerOptions, ClientOptions]]),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -167,13 +167,13 @@ run_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) ->
ct:log("Start running handshake, Config: ~p, SNIHostname: ~p, "
"ExpectedSNIHostname: ~p, ExpectedCN: ~p",
[Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]),
- ServerOptions = ?config(sni_server_opts, Config) ++ ?config(server_opts, Config),
+ ServerOptions = proplists:get_value(sni_server_opts, Config) ++ proplists:get_value(server_opts, Config),
ClientOptions =
case SNIHostname of
undefined ->
- ?config(client_opts, Config);
+ proplists:get_value(client_opts, Config);
_ ->
- [{server_name_indication, SNIHostname}] ++ ?config(client_opts, Config)
+ [{server_name_indication, SNIHostname}] ++ proplists:get_value(client_opts, Config)
end,
ct:log("Options: ~p", [[ServerOptions, ClientOptions]]),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 38cc3532d8..543728627e 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -354,43 +354,43 @@ user_lookup(srp, Username, _UserState) ->
{ok, {srp_1024, Salt, UserPassHash}}.
cert_options(Config) ->
- ClientCaCertFile = filename:join([?config(priv_dir, Config),
+ ClientCaCertFile = filename:join([proplists:get_value(priv_dir, Config),
"client", "cacerts.pem"]),
- ClientCertFile = filename:join([?config(priv_dir, Config),
+ ClientCertFile = filename:join([proplists:get_value(priv_dir, Config),
"client", "cert.pem"]),
- ClientCertFileDigitalSignatureOnly = filename:join([?config(priv_dir, Config),
+ ClientCertFileDigitalSignatureOnly = filename:join([proplists:get_value(priv_dir, Config),
"client", "digital_signature_only_cert.pem"]),
- ServerCaCertFile = filename:join([?config(priv_dir, Config),
+ ServerCaCertFile = filename:join([proplists:get_value(priv_dir, Config),
"server", "cacerts.pem"]),
- ServerCertFile = filename:join([?config(priv_dir, Config),
+ ServerCertFile = filename:join([proplists:get_value(priv_dir, Config),
"server", "cert.pem"]),
- ServerKeyFile = filename:join([?config(priv_dir, Config),
+ ServerKeyFile = filename:join([proplists:get_value(priv_dir, Config),
"server", "key.pem"]),
- ClientKeyFile = filename:join([?config(priv_dir, Config),
+ ClientKeyFile = filename:join([proplists:get_value(priv_dir, Config),
"client", "key.pem"]),
- ServerKeyCertFile = filename:join([?config(priv_dir, Config),
+ ServerKeyCertFile = filename:join([proplists:get_value(priv_dir, Config),
"server", "keycert.pem"]),
- ClientKeyCertFile = filename:join([?config(priv_dir, Config),
+ ClientKeyCertFile = filename:join([proplists:get_value(priv_dir, Config),
"client", "keycert.pem"]),
- BadCaCertFile = filename:join([?config(priv_dir, Config),
+ BadCaCertFile = filename:join([proplists:get_value(priv_dir, Config),
"badcacert.pem"]),
- BadCertFile = filename:join([?config(priv_dir, Config),
+ BadCertFile = filename:join([proplists:get_value(priv_dir, Config),
"badcert.pem"]),
- BadKeyFile = filename:join([?config(priv_dir, Config),
+ BadKeyFile = filename:join([proplists:get_value(priv_dir, Config),
"badkey.pem"]),
PskSharedSecret = <<1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>,
- SNIServerACertFile = filename:join([?config(priv_dir, Config), "a.server", "cert.pem"]),
- SNIServerAKeyFile = filename:join([?config(priv_dir, Config), "a.server", "key.pem"]),
- SNIServerBCertFile = filename:join([?config(priv_dir, Config), "b.server", "cert.pem"]),
- SNIServerBKeyFile = filename:join([?config(priv_dir, Config), "b.server", "key.pem"]),
+ SNIServerACertFile = filename:join([proplists:get_value(priv_dir, Config), "a.server", "cert.pem"]),
+ SNIServerAKeyFile = filename:join([proplists:get_value(priv_dir, Config), "a.server", "key.pem"]),
+ SNIServerBCertFile = filename:join([proplists:get_value(priv_dir, Config), "b.server", "cert.pem"]),
+ SNIServerBKeyFile = filename:join([proplists:get_value(priv_dir, Config), "b.server", "key.pem"]),
[{client_opts, []},
- {client_verification_opts, [{cacertfile, ClientCaCertFile},
+ {client_verification_opts, [{cacertfile, ServerCaCertFile},
{certfile, ClientCertFile},
{keyfile, ClientKeyFile},
{ssl_imp, new}]},
- {client_verification_opts_digital_signature_only, [{cacertfile, ClientCaCertFile},
+ {client_verification_opts_digital_signature_only, [{cacertfile, ServerCaCertFile},
{certfile, ClientCertFileDigitalSignatureOnly},
{keyfile, ClientKeyFile},
{ssl_imp, new}]},
@@ -426,7 +426,7 @@ cert_options(Config) ->
{user_lookup_fun, {fun user_lookup/3, undefined}},
{ciphers, srp_anon_suites()}]},
{server_verification_opts, [{ssl_imp, new},{reuseaddr, true},
- {cacertfile, ServerCaCertFile},
+ {cacertfile, ClientCaCertFile},
{certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
{client_kc_opts, [{certfile, ClientKeyCertFile}, {ssl_imp, new}]},
{server_kc_opts, [{ssl_imp, new},{reuseaddr, true},
@@ -552,11 +552,11 @@ make_cert_files(RoleStr, Config, Alg1, Alg2, Prefix) ->
Alg2Str = atom_to_list(Alg2),
CaInfo = {CaCert, _} = erl_make_certs:make_cert([{key, Alg1}]),
{Cert, CertKey} = erl_make_certs:make_cert([{key, Alg2}, {issuer, CaInfo}]),
- CaCertFile = filename:join([?config(priv_dir, Config),
+ CaCertFile = filename:join([proplists:get_value(priv_dir, Config),
RoleStr, Prefix ++ Alg1Str ++ "_cacerts.pem"]),
- CertFile = filename:join([?config(priv_dir, Config),
+ CertFile = filename:join([proplists:get_value(priv_dir, Config),
RoleStr, Prefix ++ Alg2Str ++ "_cert.pem"]),
- KeyFile = filename:join([?config(priv_dir, Config),
+ KeyFile = filename:join([proplists:get_value(priv_dir, Config),
RoleStr, Prefix ++ Alg2Str ++ "_key.pem"]),
der_to_pem(CaCertFile, [{'Certificate', CaCert, not_encrypted}]),
@@ -1051,6 +1051,10 @@ state([{data,[{"StateData", State}]} | _]) -> %% gen_fsm
state([_ | Rest]) ->
state(Rest).
+is_tls_version('dtlsv1.2') ->
+ true;
+is_tls_version('dtlsv1') ->
+ true;
is_tls_version('tlsv1.2') ->
true;
is_tls_version('tlsv1.1') ->
@@ -1062,13 +1066,23 @@ is_tls_version('sslv3') ->
is_tls_version(_) ->
false.
-init_tls_version(Version) ->
+init_tls_version(Version, Config)
+ when Version == 'dtlsv1.2'; Version == 'dtlsv1' ->
+ ssl:stop(),
+ application:load(ssl),
+ application:set_env(ssl, dtls_protocol_version, Version),
+ ssl:start(),
+ [{protocol, dtls}, {protocol_opts, [{protocol, dtls}]}|Config];
+
+init_tls_version(Version, Config) ->
ssl:stop(),
application:load(ssl),
application:set_env(ssl, protocol_version, Version),
- ssl:start().
+ ssl:start(),
+ [{protocol, tls}|Config].
-sufficient_crypto_support('tlsv1.2') ->
+sufficient_crypto_support(Version)
+ when Version == 'tlsv1.2'; Version == 'dtlsv1.2' ->
CryptoSupport = crypto:supports(),
proplists:get_bool(sha256, proplists:get_value(hashs, CryptoSupport));
sufficient_crypto_support(Group) when Group == ciphers_ec; %% From ssl_basic_SUITE
@@ -1294,3 +1308,29 @@ do_supports_ssl_tls_version(Port) ->
after 500 ->
true
end.
+
+ssl_options(Option, Config) ->
+ ProtocolOpts = proplists:get_value(protocol_opts, Config, []),
+ Opts = proplists:get_value(Option, Config, []),
+ Opts ++ ProtocolOpts.
+
+protocol_version(Config) ->
+ case proplists:get_value(protocol, Config) of
+ dtls ->
+ dtls_record:protocol_version(dtls_record:highest_protocol_version([]));
+ _ ->
+ tls_record:protocol_version(tls_record:highest_protocol_version([]))
+ end.
+
+protocol_options(Config, Options) ->
+ Protocol = proplists:get_value(protocol, Config, tls),
+ {Protocol, Opts} = lists:keyfind(Protocol, 1, Options),
+ Opts.
+
+ct_log_supported_protocol_versions(Config) ->
+ case proplists:get_value(protocol, Config) of
+ dtls ->
+ ct:log("DTLS version ~p~n ", [dtls_record:supported_protocol_versions()]);
+ _ ->
+ ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()])
+ end.
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 686d24b044..9df31a3381 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -117,8 +117,8 @@ init_per_suite(Config0) ->
try crypto:start() of
ok ->
ssl:start(),
- {ok, _} = make_certs:all(?config(data_dir, Config0),
- ?config(priv_dir, Config0)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config0),
+ proplists:get_value(priv_dir, Config0)),
Config1 = ssl_test_lib:make_dsa_cert(Config0),
Config = ssl_test_lib:cert_options(Config1),
ssl_test_lib:cipher_restriction(Config)
@@ -136,8 +136,7 @@ init_per_group(GroupName, Config) ->
true ->
case ssl_test_lib:check_sane_openssl_version(GroupName) of
true ->
- ssl_test_lib:init_tls_version(GroupName),
- Config;
+ ssl_test_lib:init_tls_version(GroupName, Config);
false ->
{skip, openssl_does_not_support_version}
end;
@@ -257,8 +256,8 @@ basic_erlang_client_openssl_server() ->
[{doc,"Test erlang client with openssl server"}].
basic_erlang_client_openssl_server(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -296,7 +295,7 @@ basic_erlang_server_openssl_client() ->
[{doc,"Test erlang server with openssl client"}].
basic_erlang_server_openssl_client(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -326,8 +325,8 @@ erlang_client_openssl_server() ->
[{doc,"Test erlang client with openssl server"}].
erlang_client_openssl_server(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -336,7 +335,7 @@ erlang_client_openssl_server(Config) when is_list(Config) ->
Port = ssl_test_lib:inet_port(node()),
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_server", "-accept", integer_to_list(Port),
ssl_test_lib:version_flag(Version),
@@ -366,7 +365,7 @@ erlang_server_openssl_client() ->
[{doc,"Test erlang server with openssl client"}].
erlang_server_openssl_client(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -377,7 +376,7 @@ erlang_server_openssl_client(Config) when is_list(Config) ->
{mfa, {?MODULE, erlang_ssl_receive, [Data]}},
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_client", "-connect", "localhost: " ++ integer_to_list(Port),
@@ -398,8 +397,8 @@ erlang_client_openssl_server_dsa_cert() ->
[{doc,"Test erlang server with openssl client"}].
erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ClientOpts = ?config(client_dsa_opts, Config),
- ServerOpts = ?config(server_dsa_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_dsa_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_dsa_opts, Config),
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -409,7 +408,7 @@ erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) ->
CaCertFile = proplists:get_value(cacertfile, ServerOpts),
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_server", "-accept", integer_to_list(Port),
ssl_test_lib:version_flag(Version),
@@ -441,8 +440,8 @@ erlang_server_openssl_client_dsa_cert() ->
[{doc,"Test erlang server with openssl client"}].
erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ClientOpts = ?config(client_dsa_opts, Config),
- ServerOpts = ?config(server_dsa_verify_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_dsa_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_dsa_verify_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -456,7 +455,7 @@ erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
{mfa, {?MODULE, erlang_ssl_receive, [Data]}},
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_client", "-connect", "localhost: " ++ integer_to_list(Port),
ssl_test_lib:version_flag(Version),
@@ -481,7 +480,7 @@ erlang_server_openssl_client_reuse_session() ->
"same session id, to test reusing of sessions."}].
erlang_server_openssl_client_reuse_session(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -493,7 +492,7 @@ erlang_server_openssl_client_reuse_session(Config) when is_list(Config) ->
{reconnect_times, 5},
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_client", "-connect", "localhost:" ++ integer_to_list(Port),
@@ -518,8 +517,8 @@ erlang_client_openssl_server_renegotiate() ->
[{doc,"Test erlang client when openssl server issuses a renegotiate"}].
erlang_client_openssl_server_renegotiate(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -529,7 +528,7 @@ erlang_client_openssl_server_renegotiate(Config) when is_list(Config) ->
Port = ssl_test_lib:inet_port(node()),
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_server", "-accept", integer_to_list(Port),
@@ -568,8 +567,8 @@ erlang_client_openssl_server_nowrap_seqnum() ->
" to lower treashold substantially."}].
erlang_client_openssl_server_nowrap_seqnum(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -579,7 +578,7 @@ erlang_client_openssl_server_nowrap_seqnum(Config) when is_list(Config) ->
Port = ssl_test_lib:inet_port(node()),
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_server", "-accept", integer_to_list(Port),
ssl_test_lib:version_flag(Version),
@@ -611,7 +610,7 @@ erlang_server_openssl_client_nowrap_seqnum() ->
" to lower treashold substantially."}].
erlang_server_openssl_client_nowrap_seqnum(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -625,7 +624,7 @@ erlang_server_openssl_client_nowrap_seqnum(Config) when is_list(Config) ->
trigger_renegotiate, [[Data, N+2]]}},
{options, [{renegotiate_at, N}, {reuse_sessions, false} | ServerOpts]}]),
Port = ssl_test_lib:inet_port(Server),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_client","-connect", "localhost: " ++ integer_to_list(Port),
ssl_test_lib:version_flag(Version),
@@ -650,8 +649,8 @@ erlang_client_openssl_server_no_server_ca_cert() ->
"implicitly tested eleswhere."}].
erlang_client_openssl_server_no_server_ca_cert(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
- ClientOpts = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -660,7 +659,7 @@ erlang_client_openssl_server_no_server_ca_cert(Config) when is_list(Config) ->
Port = ssl_test_lib:inet_port(node()),
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_server", "-accept", integer_to_list(Port),
ssl_test_lib:version_flag(Version),
@@ -691,8 +690,8 @@ erlang_client_openssl_server_client_cert() ->
[{doc,"Test erlang client with openssl server when client sends cert"}].
erlang_client_openssl_server_client_cert(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_verification_opts, Config),
- ClientOpts = ?config(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -702,7 +701,7 @@ erlang_client_openssl_server_client_cert(Config) when is_list(Config) ->
CertFile = proplists:get_value(certfile, ServerOpts),
CaCertFile = proplists:get_value(cacertfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_server", "-accept", integer_to_list(Port),
ssl_test_lib:version_flag(Version),
@@ -734,8 +733,8 @@ erlang_server_openssl_client_client_cert() ->
[{doc,"Test erlang server with openssl client when client sends cert"}].
erlang_server_openssl_client_client_cert(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_verification_opts, Config),
- ClientOpts = ?config(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -753,7 +752,7 @@ erlang_server_openssl_client_client_cert(Config) when is_list(Config) ->
CaCertFile = proplists:get_value(cacertfile, ClientOpts),
CertFile = proplists:get_value(certfile, ClientOpts),
KeyFile = proplists:get_value(keyfile, ClientOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_client", "-cert", CertFile,
"-CAfile", CaCertFile,
@@ -775,9 +774,9 @@ erlang_server_erlang_client_client_cert() ->
[{doc,"Test erlang server with erlang client when client sends cert"}].
erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_verification_opts, Config),
- ClientOpts = ?config(client_verification_opts, Config),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ ServerOpts = proplists:get_value(server_verification_opts, Config),
+ ClientOpts = proplists:get_value(client_verification_opts, Config),
+ Version = ssl_test_lib:protocol_version(Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = "From erlang to erlang",
@@ -812,9 +811,7 @@ erlang_server_erlang_client_client_cert(Config) when is_list(Config) ->
ciphers_rsa_signed_certs() ->
[{doc,"Test cipher suites that uses rsa certs"}].
ciphers_rsa_signed_certs(Config) when is_list(Config) ->
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
-
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:rsa_suites(openssl),
run_suites(Ciphers, Version, Config, rsa).
%%--------------------------------------------------------------------
@@ -822,9 +819,7 @@ ciphers_rsa_signed_certs(Config) when is_list(Config) ->
ciphers_dsa_signed_certs() ->
[{doc,"Test cipher suites that uses dsa certs"}].
ciphers_dsa_signed_certs(Config) when is_list(Config) ->
- Version =
- tls_record:protocol_version(tls_record:highest_protocol_version([])),
-
+ Version = ssl_test_lib:protocol_version(Config),
Ciphers = ssl_test_lib:dsa_suites(),
run_suites(Ciphers, Version, Config, dsa).
@@ -833,15 +828,15 @@ erlang_client_bad_openssl_server() ->
[{doc,"Test what happens if openssl server sends garbage to erlang ssl client"}].
erlang_client_bad_openssl_server(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_verification_opts, Config),
- ClientOpts = ?config(client_verification_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
Port = ssl_test_lib:inet_port(node()),
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version),
"-cert", CertFile, "-key", KeyFile],
@@ -888,8 +883,8 @@ expired_session() ->
"better code coverage of the ssl_manager module"}].
expired_session(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ClientOpts = ?config(client_opts, Config),
- ServerOpts = ?config(server_opts, Config),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
Port = ssl_test_lib:inet_port(node()),
@@ -942,7 +937,7 @@ ssl2_erlang_server_openssl_client() ->
ssl2_erlang_server_openssl_client(Config) when is_list(Config) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -1220,11 +1215,11 @@ run_suites(Ciphers, Version, Config, Type) ->
{ClientOpts, ServerOpts} =
case Type of
rsa ->
- {?config(client_opts, Config),
- ?config(server_opts, Config)};
+ {ssl_test_lib:ssl_options(client_opts, Config),
+ ssl_test_lib:ssl_options(server_opts, Config)};
dsa ->
- {?config(client_opts, Config),
- ?config(server_dsa_opts, Config)}
+ {ssl_test_lib:ssl_options(client_opts, Config),
+ ssl_test_lib:ssl_options(server_dsa_opts, Config)}
end,
Result = lists:map(fun(Cipher) ->
@@ -1277,7 +1272,7 @@ send_and_hostname(SSLSocket) ->
erlang_server_openssl_client_sni_test(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) ->
ct:log("Start running handshake, Config: ~p, SNIHostname: ~p, ExpectedSNIHostname: ~p, ExpectedCN: ~p", [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]),
- ServerOptions = ?config(sni_server_opts, Config) ++ ?config(server_opts, Config),
+ ServerOptions = proplists:get_value(sni_server_opts, Config) ++ proplists:get_value(server_opts, Config),
{_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()}, {mfa, {?MODULE, send_and_hostname, []}},
@@ -1304,9 +1299,9 @@ erlang_server_openssl_client_sni_test(Config, SNIHostname, ExpectedSNIHostname,
erlang_server_openssl_client_sni_test_sni_fun(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) ->
ct:log("Start running handshake for sni_fun, Config: ~p, SNIHostname: ~p, ExpectedSNIHostname: ~p, ExpectedCN: ~p", [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]),
- [{sni_hosts, ServerSNIConf}] = ?config(sni_server_opts, Config),
+ [{sni_hosts, ServerSNIConf}] = proplists:get_value(sni_server_opts, Config),
SNIFun = fun(Domain) -> proplists:get_value(Domain, ServerSNIConf, undefined) end,
- ServerOptions = ?config(server_opts, Config) ++ [{sni_fun, SNIFun}],
+ ServerOptions = proplists:get_value(server_opts, Config) ++ [{sni_fun, SNIFun}],
{_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()}, {mfa, {?MODULE, send_and_hostname, []}},
@@ -1388,8 +1383,8 @@ cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
start_erlang_client_and_openssl_server_with_opts(Config, ErlangClientOpts, OpensslServerOpts, Data, Callback) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
- ClientOpts0 = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts0 = ssl_test_lib:ssl_options(client_opts, Config),
ClientOpts = ErlangClientOpts ++ ClientOpts0,
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -1399,7 +1394,7 @@ start_erlang_client_and_openssl_server_with_opts(Config, ErlangClientOpts, Opens
Port = ssl_test_lib:inet_port(node()),
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = case OpensslServerOpts of
@@ -1434,8 +1429,8 @@ start_erlang_client_and_openssl_server_with_opts(Config, ErlangClientOpts, Opens
start_erlang_client_and_openssl_server_for_alpn_negotiation(Config, Data, Callback) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
- ClientOpts0 = ?config(client_opts, Config),
+ ServerOpts = proplists:get_value(server_opts, Config),
+ ClientOpts0 = proplists:get_value(client_opts, Config),
ClientOpts = [{alpn_advertised_protocols, [<<"spdy/2">>]} | ClientOpts0],
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -1445,7 +1440,7 @@ start_erlang_client_and_openssl_server_for_alpn_negotiation(Config, Data, Callba
Port = ssl_test_lib:inet_port(node()),
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_server", "-msg", "-alpn", "http/1.1,spdy/2", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version),
@@ -1470,7 +1465,7 @@ start_erlang_client_and_openssl_server_for_alpn_negotiation(Config, Data, Callba
start_erlang_server_and_openssl_client_for_alpn_negotiation(Config, Data, Callback) ->
process_flag(trap_exit, true),
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = proplists:get_value(server_opts, Config),
ServerOpts = [{alpn_preferred_protocols, [<<"spdy/2">>]} | ServerOpts0],
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -1481,7 +1476,7 @@ start_erlang_server_and_openssl_client_for_alpn_negotiation(Config, Data, Callba
{mfa, {?MODULE, erlang_ssl_receive_and_assert_negotiated_protocol, [<<"spdy/2">>, Data]}},
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_client", "-alpn", "http/1.0,spdy/2", "-msg", "-port",
@@ -1499,8 +1494,8 @@ start_erlang_server_and_openssl_client_for_alpn_negotiation(Config, Data, Callba
start_erlang_client_and_openssl_server_for_alpn_npn_negotiation(Config, Data, Callback) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
- ClientOpts0 = ?config(client_opts, Config),
+ ServerOpts = proplists:get_value(server_opts, Config),
+ ClientOpts0 = proplists:get_value(client_opts, Config),
ClientOpts = [{alpn_advertised_protocols, [<<"spdy/2">>]},
{client_preferred_next_protocols, {client, [<<"spdy/3">>, <<"http/1.1">>]}} | ClientOpts0],
@@ -1511,7 +1506,7 @@ start_erlang_client_and_openssl_server_for_alpn_npn_negotiation(Config, Data, Ca
Port = ssl_test_lib:inet_port(node()),
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_server", "-msg", "-alpn", "http/1.1,spdy/2", "-nextprotoneg",
@@ -1539,7 +1534,7 @@ start_erlang_client_and_openssl_server_for_alpn_npn_negotiation(Config, Data, Ca
start_erlang_server_and_openssl_client_for_alpn_npn_negotiation(Config, Data, Callback) ->
process_flag(trap_exit, true),
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = proplists:get_value(server_opts, Config),
ServerOpts = [{alpn_preferred_protocols, [<<"spdy/2">>]},
{next_protocols_advertised, [<<"spdy/3">>, <<"http/1.1">>]} | ServerOpts0],
@@ -1551,7 +1546,7 @@ start_erlang_server_and_openssl_client_for_alpn_npn_negotiation(Config, Data, Ca
{mfa, {?MODULE, erlang_ssl_receive_and_assert_negotiated_protocol, [<<"spdy/2">>, Data]}},
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_client", "-alpn", "http/1.1,spdy/2", "-nextprotoneg", "spdy/3",
"-msg", "-port", integer_to_list(Port), ssl_test_lib:version_flag(Version),
@@ -1566,8 +1561,8 @@ start_erlang_server_and_openssl_client_for_alpn_npn_negotiation(Config, Data, Ca
start_erlang_client_and_openssl_server_for_npn_negotiation(Config, Data, Callback) ->
process_flag(trap_exit, true),
- ServerOpts = ?config(server_opts, Config),
- ClientOpts0 = ?config(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ ClientOpts0 = ssl_test_lib:ssl_options(client_opts, Config),
ClientOpts = [{client_preferred_next_protocols, {client, [<<"spdy/2">>], <<"http/1.1">>}} | ClientOpts0],
{ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -1577,7 +1572,7 @@ start_erlang_client_and_openssl_server_for_npn_negotiation(Config, Data, Callbac
Port = ssl_test_lib:inet_port(node()),
CertFile = proplists:get_value(certfile, ServerOpts),
KeyFile = proplists:get_value(keyfile, ServerOpts),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_server", "-msg", "-nextprotoneg", "http/1.1,spdy/2", "-accept", integer_to_list(Port),
@@ -1604,7 +1599,7 @@ start_erlang_client_and_openssl_server_for_npn_negotiation(Config, Data, Callbac
start_erlang_server_and_openssl_client_for_npn_negotiation(Config, Data, Callback) ->
process_flag(trap_exit, true),
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = ssl_test_lib:ssl_options(server_opts, Config),
ServerOpts = [{next_protocols_advertised, [<<"spdy/2">>]}, ServerOpts0],
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -1615,7 +1610,7 @@ start_erlang_server_and_openssl_client_for_npn_negotiation(Config, Data, Callbac
{mfa, {?MODULE, erlang_ssl_receive_and_assert_negotiated_protocol, [<<"spdy/2">>, Data]}},
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_client", "-nextprotoneg", "http/1.0,spdy/2", "-msg", "-connect", "localhost:"
@@ -1633,7 +1628,7 @@ start_erlang_server_and_openssl_client_for_npn_negotiation(Config, Data, Callbac
start_erlang_server_and_openssl_client_with_opts(Config, ErlangServerOpts, OpenSSLClientOpts, Data, Callback) ->
process_flag(trap_exit, true),
- ServerOpts0 = ?config(server_opts, Config),
+ ServerOpts0 = ssl_test_lib:ssl_options(server_opts, Config),
ServerOpts = ErlangServerOpts ++ ServerOpts0,
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
@@ -1644,7 +1639,7 @@ start_erlang_server_and_openssl_client_with_opts(Config, ErlangServerOpts, OpenS
{mfa, {?MODULE, erlang_ssl_receive, [Data]}},
{options, ServerOpts}]),
Port = ssl_test_lib:inet_port(Server),
- Version = tls_record:protocol_version(tls_record:highest_protocol_version([])),
+ Version = ssl_test_lib:protocol_version(Config),
Exe = "openssl",
Args = ["s_client"] ++ OpenSSLClientOpts ++ ["-msg", "-connect", "localhost:" ++ integer_to_list(Port),
diff --git a/lib/ssl/test/ssl_upgrade_SUITE.erl b/lib/ssl/test/ssl_upgrade_SUITE.erl
index f5f4b25b23..113b3b4158 100644
--- a/lib/ssl/test/ssl_upgrade_SUITE.erl
+++ b/lib/ssl/test/ssl_upgrade_SUITE.erl
@@ -47,8 +47,8 @@ init_per_suite(Config0) ->
{skip, Reason};
Config ->
Result =
- {ok, _} = make_certs:all(?config(data_dir, Config),
- ?config(priv_dir, Config)),
+ {ok, _} = make_certs:all(proplists:get_value(data_dir, Config),
+ proplists:get_value(priv_dir, Config)),
ssl_test_lib:cert_options(Config)
end
catch _:_ ->
@@ -60,7 +60,7 @@ end_per_suite(Config) ->
crypto:stop().
init_per_testcase(_TestCase, Config) ->
- ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
ct:timetrap({minutes, 1}),
Config.
@@ -139,8 +139,8 @@ use_connection(Socket) ->
end.
soft_start_connection(Config, ResulProxy) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
+ ClientOpts = proplists:get_value(client_verification_opts, Config),
+ ServerOpts = proplists:get_value(server_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = start_server([{node, ServerNode}, {port, 0},
{from, ResulProxy},
@@ -156,8 +156,8 @@ soft_start_connection(Config, ResulProxy) ->
{Server, Client}.
restart_start_connection(Config, ResulProxy) ->
- ClientOpts = ?config(client_verification_opts, Config),
- ServerOpts = ?config(server_verification_opts, Config),
+ ClientOpts = proplists:get_value(client_verification_opts, Config),
+ ServerOpts = proplists:get_value(server_verification_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Server = start_server([{node, ServerNode}, {port, 0},
{from, ResulProxy},