Enable TLS upgrades via ranch_ssl:handshake/3

Based on the work done by @juhlig.

2 files changed, 49 insertions, 1 deletions

diff --git a/test/acceptor_SUITE.erl b/test/acceptor_SUITE.erl
index 50f0ce2..c841a0a 100644
--- a/test/acceptor_SUITE.erl
+++ b/test/acceptor_SUITE.erl
@@ -54,6 +54,7 @@ groups() ->
 		ssl_accept_ack,
 		ssl_sni_echo,
 		ssl_sni_fail,
+		ssl_upgrade_from_tcp,
 		ssl_getopts_capability,
 		ssl_getstat_capability,
 		ssl_error_eaddrinuse,
@@ -466,6 +467,26 @@ do_ssl_sni_fail() ->
 	{'EXIT', _} = begin catch ranch:get_port(Name) end,
 	ok.
 
+ssl_upgrade_from_tcp(_) ->
+	doc("Ensure a TCP socket can be upgraded to SSL"),
+	Name = name(),
+	{ok, _} = ranch:start_listener(Name,
+		ranch_tcp, #{},
+		ssl_upgrade_protocol, []),
+	Port = ranch:get_port(Name),
+	{ok, Socket} = gen_tcp:connect("localhost", Port, [binary, {active, false}, {packet, raw}]),
+	ok = gen_tcp:send(Socket, <<"ECHO Before upgrading to SSL">>),
+	{ok, <<"Before upgrading to SSL">>} = gen_tcp:recv(Socket, 23, 1000),
+	ok = gen_tcp:send(Socket, <<"UPGRADE">>),
+	{ok, <<"READY">>} = gen_tcp:recv(Socket, 5, 1000),
+	{ok, SslSocket} = ssl:connect(Socket, [{verify, verify_none}], 5000),
+	ok = ssl:send(SslSocket, <<"ECHO After upgrading to SSL">>),
+	{ok, <<"After upgrading to SSL">>} = ssl:recv(SslSocket, 22, 1000),
+	ok = ranch:stop_listener(Name),
+	{error, closed} = ssl:recv(SslSocket, 0, 1000),
+	{'EXIT', _} = begin catch ranch:get_port(Name) end,
+	ok.
+
 ssl_graceful(_) ->
 	doc("Ensure suspending and resuming of listeners does not kill active connections."),
 	Name = name(),
@@ -1041,7 +1062,7 @@ supervisor_clean_conns_sup_restart(_) ->
 	Server = erlang:whereis(ranch_server),
 	ServerMonRef = erlang:monitor(process, Server),
 	%% Exit because Name already registered and is alive.
-	{'EXIT', _}  = (catch ranch_server:set_connections_sup(Name, self())),
+	{'EXIT', _} = (catch ranch_server:set_connections_sup(Name, self())),
 	receive
 		{'DOWN', ServerMonRef, process, Server, _} ->
 			error(ranch_server_down)
diff --git a/test/ssl_upgrade_protocol.erl b/test/ssl_upgrade_protocol.erl
new file mode 100644
index 0000000..cafbe13
--- /dev/null
+++ b/test/ssl_upgrade_protocol.erl
@@ -0,0 +1,27 @@
+-module(ssl_upgrade_protocol).
+-behaviour(ranch_protocol).
+
+-export([start_link/4]).
+-export([init/3]).
+
+start_link(Ref, _Socket, Transport, Opts) ->
+	Pid = spawn_link(?MODULE, init, [Ref, Transport, Opts]),
+	{ok, Pid}.
+
+init(Ref, Transport, _Opts = []) ->
+	{ok, Socket} = ranch:handshake(Ref),
+	loop(Socket, Transport).
+
+loop(Socket, Transport) ->
+	case Transport:recv(Socket, 0, 5000) of
+		{ok, <<"UPGRADE">>} when Transport =:= ranch_tcp ->
+			ok = Transport:send(Socket, <<"READY">>),
+			Opts = ct_helper:get_certs_from_ets(),
+			{ok, NewSocket} = ranch_ssl:handshake(Socket, [{verify, verify_none}|Opts], 1000),
+			loop(NewSocket, ranch_ssl);
+		{ok, <<"ECHO ", More/binary>>} ->
+			ok = Transport:send(Socket, More),
+			loop(Socket, Transport);
+		_ ->
+			ok = Transport:close(Socket)
+	end.