From 9756dcd97cd819c9b2d64c35dd36550f99600e92 Mon Sep 17 00:00:00 2001 From: Andrew Thompson Date: Sat, 8 Feb 2014 00:58:11 -0500 Subject: Rework IDP validation according to the RFC, fix public_key tests --- lib/ssl/test/make_certs.erl | 4 ++-- lib/ssl/test/ssl_crl_SUITE.erl | 31 ++++++++++++++----------------- 2 files changed, 16 insertions(+), 19 deletions(-) (limited to 'lib/ssl') diff --git a/lib/ssl/test/make_certs.erl b/lib/ssl/test/make_certs.erl index 2b4eaaef53..c438ae2b87 100644 --- a/lib/ssl/test/make_certs.erl +++ b/lib/ssl/test/make_certs.erl @@ -410,7 +410,6 @@ ca_cnf(C) -> "[idpsec]\n" "fullname=URI:http://localhost:8000/",C#config.commonName,"/crl.pem\n" - %"fullname=URI:file://$ROOTDIR/",C#config.commonName,"/crl.pem\n" "[user_cert]\n" "basicConstraints = CA:false\n" @@ -422,7 +421,8 @@ ca_cnf(C) -> "crlDistributionPoints=@crl_section\n" "[crl_section]\n" - "URI.1=file://$ROOTDIR/",C#config.commonName,"/crl.pem\n" + %% intentionally invalid + "URI.1=http://localhost/",C#config.commonName,"/crl.pem\n" "URI.2=http://localhost:8000/",C#config.commonName,"/crl.pem\n" "\n" diff --git a/lib/ssl/test/ssl_crl_SUITE.erl b/lib/ssl/test/ssl_crl_SUITE.erl index 8afd926ee6..7cf09aa419 100644 --- a/lib/ssl/test/ssl_crl_SUITE.erl +++ b/lib/ssl/test/ssl_crl_SUITE.erl @@ -69,6 +69,7 @@ init_per_suite(Config0) -> false -> {skip, "Openssl not found"}; _ -> + inets:start(), catch crypto:stop(), try crypto:start() of ok -> @@ -81,6 +82,7 @@ init_per_suite(Config0) -> end_per_suite(_Config) -> ssl:stop(), + inets:stop(), application:stop(crypto). init_per_group(v1_crl, Config) -> @@ -91,7 +93,12 @@ init_per_group(v1_crl, Config) -> CertDir, [{v2_crls, false}])), ct:log("Make certs ~p~n", [Result]), - [{make_cert_result, Result}, {cert_dir, CertDir} | Config]; + %% start a HTTP server to serve the CRLs + {ok, Httpd} = inets:start(httpd, [{port, 8000}, {server_name, "localhost"}, + {server_root, "/tmp"}, + {document_root, CertDir}, + {modules, [mod_get]}]), + [{make_cert_result, Result}, {cert_dir, CertDir}, {httpd, Httpd} | Config]; init_per_group(idp_crl, Config) -> ssl:start(), CertDir = filename:join(?config(priv_dir, Config), "idp_crl"), @@ -113,7 +120,12 @@ init_per_group(_GroupName, Config) -> (catch make_certs:all(?config(data_dir, Config), CertDir)), ct:log("Make certs ~p~n", [Result]), - [{make_cert_result, Result}, {cert_dir, CertDir} | Config]. + %% start a HTTP server to serve the CRLs + {ok, Httpd} = inets:start(httpd, [{port, 8000}, {server_name, "localhost"}, + {server_root, "/tmp"}, + {document_root, CertDir}, + {modules, [mod_get]}]), + [{make_cert_result, Result}, {cert_dir, CertDir}, {httpd, Httpd} | Config]. end_per_group(_GroupName, Config) -> case ?config(httpd, Config) of @@ -185,8 +197,6 @@ crl_verify_revoked(Config) when is_list(Config) -> {cacertfile, filename:join([PrivDir, "revoked", "cacerts.pem"])}], {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), - - Data = "From openssl to erlang", Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, {from, self()}, @@ -462,19 +472,6 @@ fetch_point(#'DistributionPoint'{distributionPoint={fullName, Names}}) -> %% fetch([]) -> not_available; -fetch([{uniformResourceIdentifier, "file://"++File}|Rest]) -> - io:format("getting CRL from ~p~n", [File]), - try file:read_file(File) of - {ok, Bin} -> - %% assume PEM - [{'CertificateList', DER, _}=CertList] = public_key:pem_decode(Bin), - {DER, public_key:pem_entry_decode(CertList)}; - _ -> - fetch(Rest) - catch - _:_ -> - fetch(Rest) - end; fetch([{uniformResourceIdentifier, "http"++_=URL}|Rest]) -> io:format("getting CRL from ~p~n", [URL]), _ = inets:start(), -- cgit v1.2.3