From b7d4b575830a5668ea647d58827a84880db1806d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Mon, 4 Dec 2023 15:06:18 +0100 Subject: Fix ssl tests for OTP-26.1+ --- test/acceptor_SUITE.erl | 24 +++++++++++++----------- test/proxy_header_SUITE.erl | 2 +- test/ssl_upgrade_protocol.erl | 3 ++- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/test/acceptor_SUITE.erl b/test/acceptor_SUITE.erl index 982d007..ba09697 100644 --- a/test/acceptor_SUITE.erl +++ b/test/acceptor_SUITE.erl @@ -734,7 +734,7 @@ ssl_active_echo(_) -> Name = name(), Opts = ct_helper:get_certs_from_ets(), {ok, _} = ranch:start_listener(Name, - ranch_ssl, Opts, + ranch_ssl, Opts ++ [{verify, verify_none}], active_echo_protocol, []), Port = ranch:get_port(Name), {ok, Socket} = ssl:connect("localhost", Port, [ @@ -761,7 +761,7 @@ do_ssl_active_n_echo() -> Name = name(), Opts = ct_helper:get_certs_from_ets(), {ok, _} = ranch:start_listener(Name, - ranch_ssl, Opts, + ranch_ssl, Opts ++ [{verify, verify_none}], batch_echo_protocol, [{batch_size, 3}]), Port = ranch:get_port(Name), {ok, Socket} = ssl:connect("localhost", Port, [ @@ -785,7 +785,7 @@ ssl_echo(_) -> Name = name(), Opts = ct_helper:get_certs_from_ets(), {ok, _} = ranch:start_listener(Name, - ranch_ssl, Opts, + ranch_ssl, Opts ++ [{verify, verify_none}], echo_protocol, []), Port = ranch:get_port(Name), {ok, Socket} = ssl:connect("localhost", Port, [ @@ -804,8 +804,10 @@ ssl_handshake(_) -> Name = name(), {CaCert1, Cert1, Key1} = ct_helper:make_certs(), {CaCert2, Cert2, Key2} = ct_helper:make_certs(), - Opts1 = [{cert, Cert1}, {key, Key1}, {cacerts, [CaCert1]}, {verify, verify_peer}], - Opts2 = [{cert, Cert2}, {key, Key2}, {cacerts, [CaCert2]}, {verify, verify_peer}], + Opts1 = [{cert, Cert1}, {key, Key1}, {cacerts, [CaCert1]}, + {verify, verify_none}, {fail_if_no_peer_cert, false}], + Opts2 = [{cert, Cert2}, {key, Key2}, {cacerts, [CaCert2]}, + {verify, verify_none}, {fail_if_no_peer_cert, false}], DefaultOpts = ct_helper:get_certs_from_ets(), {ok, _} = ranch:start_listener(Name, ranch_ssl, [{handshake, hello}|DefaultOpts], @@ -847,7 +849,7 @@ do_ssl_local_echo() -> Name = name(), Opts = ct_helper:get_certs_from_ets(), {ok, _} = ranch:start_listener(Name, - ranch_ssl, #{socket_opts => [{ip, {local, SockFile}}|Opts]}, + ranch_ssl, #{socket_opts => [{ip, {local, SockFile}}|Opts] ++ [{verify, verify_none}]}, echo_protocol, []), undefined = ranch:get_port(Name), {ok, Socket} = ssl:connect({local, SockFile}, 0, [ @@ -871,7 +873,7 @@ ssl_sni_echo(_) -> Name = name(), Opts = ct_helper:get_certs_from_ets(), {ok, _} = ranch:start_listener(Name, - ranch_ssl, [{sni_hosts, [{"localhost", Opts}]}], + ranch_ssl, [{sni_hosts, [{"localhost", Opts ++ [{verify, verify_none}]}]}], echo_protocol, []), Port = ranch:get_port(Name), {ok, Socket} = ssl:connect("localhost", Port, [ @@ -974,7 +976,7 @@ ssl_graceful(_) -> Name = name(), Opts = ct_helper:get_certs_from_ets(), {ok, _} = ranch:start_listener(Name, - ranch_ssl, Opts, + ranch_ssl, Opts ++ [{verify, verify_none}], echo_protocol, []), Port = ranch:get_port(Name), %% Make sure connections with a fresh listener work. @@ -994,7 +996,7 @@ ssl_graceful(_) -> binary, {active, false}, {packet, raw}, {verify, verify_none}, {versions, ['tlsv1.2']}]), %% Make sure transport options can be changed when listener is suspended. - ok = ranch:set_transport_options(Name, #{socket_opts => [{port, Port}|Opts]}), + ok = ranch:set_transport_options(Name, #{socket_opts => [{port, Port}|Opts] ++ [{verify, verify_none}]}), %% Resume listener, make sure connections can be established again. ok = ranch:resume_listener(Name), running = ranch:get_status(Name), @@ -1014,7 +1016,7 @@ ssl_getopts_capability(_) -> Name=name(), Opts=ct_helper:get_certs_from_ets(), {ok, _} = ranch:start_listener(Name, - ranch_ssl, Opts, + ranch_ssl, Opts ++ [{verify, verify_none}], transport_capabilities_protocol, []), Port=ranch:get_port(Name), {ok, Socket} = ssl:connect("localhost", Port, [ @@ -1032,7 +1034,7 @@ ssl_getstat_capability(_) -> Name=name(), Opts=ct_helper:get_certs_from_ets(), {ok, _} = ranch:start_listener(Name, - ranch_ssl, Opts, + ranch_ssl, Opts ++ [{verify, verify_none}], transport_capabilities_protocol, []), Port=ranch:get_port(Name), {ok, Socket} = ssl:connect("localhost", Port, [ diff --git a/test/proxy_header_SUITE.erl b/test/proxy_header_SUITE.erl index 5845d31..c736611 100644 --- a/test/proxy_header_SUITE.erl +++ b/test/proxy_header_SUITE.erl @@ -211,7 +211,7 @@ recv_v2_local_header_ssl_extra_data(_) -> do_proxy_header_ssl(Name, ProxyInfo, Data1, Data2) -> Opts = ct_helper:get_certs_from_ets(), {ok, _} = ranch:start_listener(Name, - ranch_ssl, Opts, + ranch_ssl, Opts ++ [{verify, verify_none}], proxy_protocol, []), Port = ranch:get_port(Name), {ok, Socket0} = gen_tcp:connect("localhost", Port, [binary, {active, false}, {packet, raw}]), diff --git a/test/ssl_upgrade_protocol.erl b/test/ssl_upgrade_protocol.erl index 67aec2b..238e877 100644 --- a/test/ssl_upgrade_protocol.erl +++ b/test/ssl_upgrade_protocol.erl @@ -17,7 +17,8 @@ loop(Socket, Transport) -> {ok, <<"UPGRADE">>} when Transport =:= ranch_tcp -> ok = Transport:send(Socket, <<"READY">>), Opts = ct_helper:get_certs_from_ets(), - {ok, NewSocket} = ranch_ssl:handshake(Socket, [{verify, verify_none}|Opts], 1000), + {ok, NewSocket} = ranch_ssl:handshake(Socket, + [{fail_if_no_peer_cert, false}, {verify, verify_none}|Opts], 1000), loop(NewSocket, ranch_ssl); {ok, <<"ECHO ", More/binary>>} -> ok = Transport:send(Socket, More), -- cgit v1.2.3