From 59b1c9eac599c563610cfe6e7bf8517ed58d54d3 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 8 Jun 2010 12:19:49 +0000 Subject: Move dsa ticket to r14a release (This is the merge of r13 version to r14_dev) --- lib/ssl/test/ssl_test_lib.erl | 38 +++++++++++++-------- lib/ssl/test/ssl_to_openssl_SUITE.erl | 63 ++++++++++++++++++++++++++++++++--- 2 files changed, 82 insertions(+), 19 deletions(-) (limited to 'lib/ssl/test') diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index d11acc8130..40715dbf30 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -319,24 +319,34 @@ cert_options(Config) -> make_dsa_cert(Config) -> - ServerCaInfo = {ServerCaCert, _} = erl_make_certs:make_cert([{key, dsa}]), - {ServerCert, ServerCertKey} = erl_make_certs:make_cert([{key, dsa}, {issuer, ServerCaInfo}]), - ServerCaCertFile = filename:join([?config(priv_dir, Config), - "server", "dsa_cacerts.pem"]), - ServerCertFile = filename:join([?config(priv_dir, Config), - "server", "dsa_cert.pem"]), - ServerKeyFile = filename:join([?config(priv_dir, Config), - "server", "dsa_key.pem"]), - - public_key:der_to_pem(ServerCaCertFile, [{cert, ServerCaCert, not_encrypted}]), - public_key:der_to_pem(ServerCertFile, [{cert, ServerCert, not_encrypted}]), - public_key:der_to_pem(ServerKeyFile, [ServerCertKey]), - + + {ServerCaCertFile, ServerCertFile, ServerKeyFile} = make_dsa_cert_files("server", Config), + {ClientCaCertFile, ClientCertFile, ClientKeyFile} = make_dsa_cert_files("client", Config), [{server_dsa_opts, [{ssl_imp, new},{reuseaddr, true}, {cacertfile, ServerCaCertFile}, - {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]} | Config]. + {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]}, + {client_dsa_opts, [{ssl_imp, new},{reuseaddr, true}, + {cacertfile, ClientCaCertFile}, + {certfile, ClientCertFile}, {keyfile, ClientKeyFile}]} + | Config]. + + +make_dsa_cert_files(RoleStr, Config) -> + CaInfo = {CaCert, _} = erl_make_certs:make_cert([{key, dsa}]), + {Cert, CertKey} = erl_make_certs:make_cert([{key, dsa}, {issuer, CaInfo}]), + CaCertFile = filename:join([?config(priv_dir, Config), + RoleStr, "dsa_cacerts.pem"]), + CertFile = filename:join([?config(priv_dir, Config), + RoleStr, "dsa_cert.pem"]), + KeyFile = filename:join([?config(priv_dir, Config), + RoleStr, "dsa_key.pem"]), + public_key:der_to_pem(CaCertFile, [{cert, CaCert, not_encrypted}]), + public_key:der_to_pem(CertFile, [{cert, Cert, not_encrypted}]), + public_key:der_to_pem(KeyFile, [CertKey]), + {CaCertFile, CertFile, KeyFile}. + start_upgrade_server(Args) -> Result = spawn_link(?MODULE, run_upgrade_server, [Args]), receive diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl index e4c77b2fb4..4981ac0424 100644 --- a/lib/ssl/test/ssl_to_openssl_SUITE.erl +++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl @@ -143,7 +143,9 @@ all(doc) -> all(suite) -> [erlang_client_openssl_server, erlang_server_openssl_client, - erlang_server_openssl_client_dsa_cert, + %% Comment out when new crypto sign functions is available + %%erlang_client_openssl_server_dsa_cert, + %%erlang_server_openssl_client_dsa_cert, erlang_server_openssl_client_reuse_session, erlang_client_openssl_server_renegotiate, erlang_client_openssl_server_no_wrap_sequence_number, @@ -250,18 +252,70 @@ erlang_server_openssl_client(Config) when is_list(Config) -> %%-------------------------------------------------------------------- +erlang_client_openssl_server_dsa_cert(doc) -> + ["Test erlang server with openssl client"]; +erlang_client_openssl_server_dsa_cert(suite) -> + []; +erlang_client_openssl_server_dsa_cert(Config) when is_list(Config) -> + process_flag(trap_exit, true), + ClientOpts = ?config(client_dsa_opts, Config), + ServerOpts = ?config(server_dsa_opts, Config), + + {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), + + Data = "From openssl to erlang", + + Port = ssl_test_lib:inet_port(node()), + CaCertFile = proplists:get_value(cacertfile, ServerOpts), + CertFile = proplists:get_value(certfile, ServerOpts), + KeyFile = proplists:get_value(keyfile, ServerOpts), + + Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++ + " -cert " ++ CertFile ++ " -CAfile " ++ CaCertFile + ++ " -key " ++ KeyFile ++ " -Verify 2 -tls1 -msg", + + test_server:format("openssl cmd: ~p~n", [Cmd]), + + OpensslPort = open_port({spawn, Cmd}, [stderr_to_stdout]), + + wait_for_openssl_server(), + + Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {?MODULE, + erlang_ssl_receive, [Data]}}, + {options, ClientOpts}]), + + port_command(OpensslPort, Data), + + ssl_test_lib:check_result(Client, ok), + + %% Clean close down! Server needs to be closed first !! + close_port(OpensslPort), + + ssl_test_lib:close(Client), + process_flag(trap_exit, false), + ok. + +%%-------------------------------------------------------------------- + erlang_server_openssl_client_dsa_cert(doc) -> ["Test erlang server with openssl client"]; erlang_server_openssl_client_dsa_cert(suite) -> []; erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) -> process_flag(trap_exit, true), + ClientOpts = ?config(client_dsa_opts, Config), ServerOpts = ?config(server_dsa_opts, Config), {_, ServerNode, _} = ssl_test_lib:run_where(Config), Data = "From openssl to erlang", - + CaCertFile = proplists:get_value(cacertfile, ClientOpts), + CertFile = proplists:get_value(certfile, ClientOpts), + KeyFile = proplists:get_value(keyfile, ClientOpts), + Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, {from, self()}, {mfa, {?MODULE, erlang_ssl_receive, [Data]}}, @@ -269,7 +323,8 @@ erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) -> Port = ssl_test_lib:inet_port(Server), Cmd = "openssl s_client -port " ++ integer_to_list(Port) ++ - " -host localhost -tls1 -msg", + " -host localhost " ++ " -cert " ++ CertFile ++ " -CAfile " ++ CaCertFile + ++ " -key " ++ KeyFile ++ " -tls1 -msg", test_server:format("openssl cmd: ~p~n", [Cmd]), @@ -283,8 +338,6 @@ erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) -> close_port(OpenSslPort), process_flag(trap_exit, false), ok. - - %%-------------------------------------------------------------------- erlang_server_openssl_client_reuse_session(doc) -> -- cgit v1.2.3