From 8bccc0bab9fce7ef00f64965b308ef9328e594fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= Date: Wed, 21 Mar 2018 14:53:56 +0100 Subject: ftp: Fix ftp test suite - vsftpd =< 3.0.2 does not support ECDHE ciphers and the ssl application removed ciphers with RSA key exchange from its default cipher list. To allow interoperability with old versions of vsftpd, cipher suites with RSA key exchange are appended to the default cipher list. - Fix regex in ftp.appup.src Change-Id: I53ce3b7f198ae95825eb0b5d39e94bdcebe78391 --- lib/ftp/src/ftp.appup.src | 4 ++-- lib/ftp/test/ftp_SUITE.erl | 21 ++++++++++++++++++--- lib/ftp/test/ftp_SUITE_data/vsftpd.conf | 8 +++++++- 3 files changed, 27 insertions(+), 6 deletions(-) (limited to 'lib/ftp') diff --git a/lib/ftp/src/ftp.appup.src b/lib/ftp/src/ftp.appup.src index f5798ef976..d79c7b60ff 100644 --- a/lib/ftp/src/ftp.appup.src +++ b/lib/ftp/src/ftp.appup.src @@ -18,9 +18,9 @@ %% %CopyrightEnd% {"%VSN%", [ - {<<"*">>,[{restart_application, ftp}]} + {<<".*">>,[{restart_application, ftp}]} ], [ - {<<"*">>,[{restart_application, ftp}]} + {<<".*">>,[{restart_application, ftp}]} ] }. diff --git a/lib/ftp/test/ftp_SUITE.erl b/lib/ftp/test/ftp_SUITE.erl index 3ebff82302..92d2c36a86 100644 --- a/lib/ftp/test/ftp_SUITE.erl +++ b/lib/ftp/test/ftp_SUITE.erl @@ -55,7 +55,7 @@ all() -> {group, ftps_active}, {group, ftp_sup}, app, - app_upp, + appup, error_ehost, clean_shutdown ]. @@ -228,9 +228,24 @@ end_per_group(_Group, Config) -> Config. %%-------------------------------------------------------------------- +init_per_testcase(T, Config0) when T =:= app; T =:= appup -> + Config0; init_per_testcase(Case, Config0) -> Group = proplists:get_value(name, proplists:get_value(tc_group_properties,Config0)), - TLS = [{tls,[{reuse_sessions,true}]}], + + %% Workaround for interoperability issues with vsftpd =< 3.0.2: + %% + %% vsftpd =< 3.0.2 does not support ECDHE ciphers and the ssl application + %% removed ciphers with RSA key exchange from its default cipher list. + %% To allow interoperability with old versions of vsftpd, cipher suites + %% with RSA key exchange are appended to the default cipher list. + All = ssl:cipher_suites(all, 'tlsv1.2'), + Default = ssl:cipher_suites(default, 'tlsv1.2'), + RSASuites = + ssl:filter_cipher_suites(All, [{key_exchange, fun(rsa) -> true; + (_) -> false end}]), + Suites = ssl:append_cipher_suites(RSASuites, Default), + TLS = [{tls,[{reuse_sessions,true},{ciphers, Suites}]}], ACTIVE = [{mode,active}], PASSIVE = [{mode,passive}], CaseOpts = case Case of @@ -261,7 +276,7 @@ init_per_testcase(Case, Config0) -> Config end. - +end_per_testcase(T, _Config) when T =:= app; T =:= appup -> ok; end_per_testcase(user, _Config) -> ok; end_per_testcase(bad_user, _Config) -> ok; end_per_testcase(error_elogin, _Config) -> ok; diff --git a/lib/ftp/test/ftp_SUITE_data/vsftpd.conf b/lib/ftp/test/ftp_SUITE_data/vsftpd.conf index 2a177644d4..4568fad147 100644 --- a/lib/ftp/test/ftp_SUITE_data/vsftpd.conf +++ b/lib/ftp/test/ftp_SUITE_data/vsftpd.conf @@ -11,7 +11,7 @@ listen=YES listen_port=9999 run_as_launching_user=YES ssl_enable=YES -ssl_ciphers=RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5 +ssl_ciphers=HIGH:!aNULL:!MD5 allow_anon_ssl=YES background=YES @@ -25,3 +25,9 @@ anon_world_readable_only=NO ### Shouldn't be necessary.... require_ssl_reuse=NO + +### Logging +#vsftpd_log_file=/devel/otp/vsftpd.log +#xferlog_enable=YES +#xferlog_std_format=NO +#log_ftp_protocol=YES \ No newline at end of file -- cgit v1.2.3