diff options
author | Loïc Hoguin <[email protected]> | 2018-07-04 12:33:30 +0200 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2018-07-04 12:33:30 +0200 |
commit | a767abb47e6d9a0817d37413e1b5c1d338b362d8 (patch) | |
tree | 8157fde9eb94bdf8cf0b4b94f252d7104889d917 /test | |
parent | 794a816814cbc9a126531829fae5c7e3359179c3 (diff) | |
download | ranch-a767abb47e6d9a0817d37413e1b5c1d338b362d8.tar.gz ranch-a767abb47e6d9a0817d37413e1b5c1d338b362d8.tar.bz2 ranch-a767abb47e6d9a0817d37413e1b5c1d338b362d8.zip |
Enable TLS upgrades via ranch_ssl:handshake/3
Based on the work done by @juhlig.
Diffstat (limited to 'test')
-rw-r--r-- | test/acceptor_SUITE.erl | 23 | ||||
-rw-r--r-- | test/ssl_upgrade_protocol.erl | 27 |
2 files changed, 49 insertions, 1 deletions
diff --git a/test/acceptor_SUITE.erl b/test/acceptor_SUITE.erl index 50f0ce2..c841a0a 100644 --- a/test/acceptor_SUITE.erl +++ b/test/acceptor_SUITE.erl @@ -54,6 +54,7 @@ groups() -> ssl_accept_ack, ssl_sni_echo, ssl_sni_fail, + ssl_upgrade_from_tcp, ssl_getopts_capability, ssl_getstat_capability, ssl_error_eaddrinuse, @@ -466,6 +467,26 @@ do_ssl_sni_fail() -> {'EXIT', _} = begin catch ranch:get_port(Name) end, ok. +ssl_upgrade_from_tcp(_) -> + doc("Ensure a TCP socket can be upgraded to SSL"), + Name = name(), + {ok, _} = ranch:start_listener(Name, + ranch_tcp, #{}, + ssl_upgrade_protocol, []), + Port = ranch:get_port(Name), + {ok, Socket} = gen_tcp:connect("localhost", Port, [binary, {active, false}, {packet, raw}]), + ok = gen_tcp:send(Socket, <<"ECHO Before upgrading to SSL">>), + {ok, <<"Before upgrading to SSL">>} = gen_tcp:recv(Socket, 23, 1000), + ok = gen_tcp:send(Socket, <<"UPGRADE">>), + {ok, <<"READY">>} = gen_tcp:recv(Socket, 5, 1000), + {ok, SslSocket} = ssl:connect(Socket, [{verify, verify_none}], 5000), + ok = ssl:send(SslSocket, <<"ECHO After upgrading to SSL">>), + {ok, <<"After upgrading to SSL">>} = ssl:recv(SslSocket, 22, 1000), + ok = ranch:stop_listener(Name), + {error, closed} = ssl:recv(SslSocket, 0, 1000), + {'EXIT', _} = begin catch ranch:get_port(Name) end, + ok. + ssl_graceful(_) -> doc("Ensure suspending and resuming of listeners does not kill active connections."), Name = name(), @@ -1041,7 +1062,7 @@ supervisor_clean_conns_sup_restart(_) -> Server = erlang:whereis(ranch_server), ServerMonRef = erlang:monitor(process, Server), %% Exit because Name already registered and is alive. - {'EXIT', _} = (catch ranch_server:set_connections_sup(Name, self())), + {'EXIT', _} = (catch ranch_server:set_connections_sup(Name, self())), receive {'DOWN', ServerMonRef, process, Server, _} -> error(ranch_server_down) diff --git a/test/ssl_upgrade_protocol.erl b/test/ssl_upgrade_protocol.erl new file mode 100644 index 0000000..cafbe13 --- /dev/null +++ b/test/ssl_upgrade_protocol.erl @@ -0,0 +1,27 @@ +-module(ssl_upgrade_protocol). +-behaviour(ranch_protocol). + +-export([start_link/4]). +-export([init/3]). + +start_link(Ref, _Socket, Transport, Opts) -> + Pid = spawn_link(?MODULE, init, [Ref, Transport, Opts]), + {ok, Pid}. + +init(Ref, Transport, _Opts = []) -> + {ok, Socket} = ranch:handshake(Ref), + loop(Socket, Transport). + +loop(Socket, Transport) -> + case Transport:recv(Socket, 0, 5000) of + {ok, <<"UPGRADE">>} when Transport =:= ranch_tcp -> + ok = Transport:send(Socket, <<"READY">>), + Opts = ct_helper:get_certs_from_ets(), + {ok, NewSocket} = ranch_ssl:handshake(Socket, [{verify, verify_none}|Opts], 1000), + loop(NewSocket, ranch_ssl); + {ok, <<"ECHO ", More/binary>>} -> + ok = Transport:send(Socket, More), + loop(Socket, Transport); + _ -> + ok = Transport:close(Socket) + end. |