From e94363651aed4867c3779a72a234d4df7b2d4a6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Wed, 12 Apr 2023 10:55:08 +0200 Subject: Fix ssl tests for OTP-26+ --- test/acceptor_SUITE.erl | 76 ++++++++++++++++++++++++++++----------------- test/proxy_header_SUITE.erl | 2 +- 2 files changed, 48 insertions(+), 30 deletions(-) diff --git a/test/acceptor_SUITE.erl b/test/acceptor_SUITE.erl index 517445b..982d007 100644 --- a/test/acceptor_SUITE.erl +++ b/test/acceptor_SUITE.erl @@ -737,8 +737,9 @@ ssl_active_echo(_) -> ranch_ssl, Opts, active_echo_protocol, []), Port = ranch:get_port(Name), - {ok, Socket} = ssl:connect("localhost", Port, - [binary, {active, false}, {packet, raw}, {versions, ['tlsv1.2']}]), + {ok, Socket} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}]), ok = ssl:send(Socket, <<"SSL Ranch is working!">>), {ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket, 21, 1000), ok = ranch:stop_listener(Name), @@ -763,8 +764,9 @@ do_ssl_active_n_echo() -> ranch_ssl, Opts, batch_echo_protocol, [{batch_size, 3}]), Port = ranch:get_port(Name), - {ok, Socket} = ssl:connect("localhost", Port, - [binary, {active, false}, {packet, raw}, {versions, ['tlsv1.2']}]), + {ok, Socket} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}]), ok = ssl:send(Socket, <<"One">>), {ok, <<"OK">>} = ssl:recv(Socket, 2, 1000), ok = ssl:send(Socket, <<"Two">>), @@ -786,8 +788,9 @@ ssl_echo(_) -> ranch_ssl, Opts, echo_protocol, []), Port = ranch:get_port(Name), - {ok, Socket} = ssl:connect("localhost", Port, - [binary, {active, false}, {packet, raw}, {versions, ['tlsv1.2']}]), + {ok, Socket} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}]), ok = ssl:send(Socket, <<"SSL Ranch is working!">>), {ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket, 21, 1000), ok = ranch:stop_listener(Name), @@ -808,13 +811,17 @@ ssl_handshake(_) -> ranch_ssl, [{handshake, hello}|DefaultOpts], handshake_protocol, #{"ranch1" => Opts1, "ranch2" => Opts2}), Port = ranch:get_port(Name), - {ok, Socket1} = ssl:connect("localhost", Port, [binary, {active, false}, {packet, raw}, - {versions, ['tlsv1.2']}, {server_name_indication, "ranch1"}], 5000), + {ok, Socket1} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}, + {server_name_indication, "ranch1"}], 5000), {ok, Cert1} = ssl:peercert(Socket1), ok = ssl:send(Socket1, <<"SSL Ranch is working!">>), {ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket1, 21, 1000), - {ok, Socket2} = ssl:connect("localhost", Port, [binary, {active, false}, {packet, raw}, - {versions, ['tlsv1.2']}, {server_name_indication, "ranch2"}], 5000), + {ok, Socket2} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}, + {server_name_indication, "ranch2"}], 5000), {ok, Cert2} = ssl:peercert(Socket2), ok = ssl:send(Socket2, <<"SSL Ranch is working!">>), {ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket2, 21, 1000), @@ -843,8 +850,9 @@ do_ssl_local_echo() -> ranch_ssl, #{socket_opts => [{ip, {local, SockFile}}|Opts]}, echo_protocol, []), undefined = ranch:get_port(Name), - {ok, Socket} = ssl:connect({local, SockFile}, 0, - [binary, {active, false}, {packet, raw}, {versions, ['tlsv1.2']}]), + {ok, Socket} = ssl:connect({local, SockFile}, 0, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}]), ok = ssl:send(Socket, <<"SSL Ranch is working!">>), {ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket, 21, 1000), ok = ranch:stop_listener(Name), @@ -866,8 +874,9 @@ ssl_sni_echo(_) -> ranch_ssl, [{sni_hosts, [{"localhost", Opts}]}], echo_protocol, []), Port = ranch:get_port(Name), - {ok, Socket} = ssl:connect("localhost", Port, - [binary, {active, false}, {packet, raw}, {versions, ['tlsv1.2']}]), + {ok, Socket} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}]), ok = ssl:send(Socket, <<"SSL Ranch is working!">>), {ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket, 21, 1000), ok = ranch:stop_listener(Name), @@ -886,8 +895,9 @@ ssl_sni_fail(_) -> Port = ranch:get_port(Name), %% We stick to TLS 1.2 because there seems to be a bug in OTP-23.0rc2 %% that leads to a malformed_handshake_data error. - {error, _} = ssl:connect("localhost", Port, - [binary, {active, false}, {packet, raw}, {versions, ['tlsv1.2']}]), + {error, _} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}]), ok = ranch:stop_listener(Name), %% Make sure the listener stopped. {'EXIT', _} = begin catch ranch:get_port(Name) end, @@ -904,7 +914,7 @@ ssl_tls_psk(_) -> Port = ranch:get_port(Name), {ok, Socket} = ssl:connect("localhost", Port, [ binary, {active, false}, {ciphers, Ciphers}, - {user_lookup_fun, LookupFun}, {versions, ['tlsv1.2']} + {user_lookup_fun, LookupFun}, {verify, verify_none}, {versions, ['tlsv1.2']} ]), ok = ssl:send(Socket, <<"SSL Ranch is working!">>), {ok, <<"SSL Ranch is working!">>} = ssl:recv(Socket, 21, 1000), @@ -926,7 +936,7 @@ ssl_tls_psk_fail(_) -> Port = ranch:get_port(Name), {error, _} = ssl:connect("localhost", Port, [ binary, {active, false}, {ciphers, Ciphers}, - {user_lookup_fun, ClientLookupFun}, {versions, ['tlsv1.2']} + {user_lookup_fun, ClientLookupFun}, {verify, verify_none}, {versions, ['tlsv1.2']} ]), ok = ranch:stop_listener(Name), %% Make sure the listener stopped. @@ -969,8 +979,9 @@ ssl_graceful(_) -> Port = ranch:get_port(Name), %% Make sure connections with a fresh listener work. running = ranch:get_status(Name), - {ok, Socket1} = ssl:connect("localhost", Port, - [binary, {active, false}, {packet, raw}, {versions, ['tlsv1.2']}]), + {ok, Socket1} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}]), ok = ssl:send(Socket1, <<"SSL with fresh listener">>), {ok, <<"SSL with fresh listener">>} = ssl:recv(Socket1, 23, 1000), %% Suspend listener, make sure established connections keep running. @@ -979,15 +990,17 @@ ssl_graceful(_) -> ok = ssl:send(Socket1, <<"SSL with suspended listener">>), {ok, <<"SSL with suspended listener">>} = ssl:recv(Socket1, 27, 1000), %% Make sure new connections are refused on the suspended listener. - {error, econnrefused} = ssl:connect("localhost", Port, - [binary, {active, false}, {packet, raw}, {versions, ['tlsv1.2']}]), + {error, econnrefused} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}]), %% Make sure transport options can be changed when listener is suspended. ok = ranch:set_transport_options(Name, #{socket_opts => [{port, Port}|Opts]}), %% Resume listener, make sure connections can be established again. ok = ranch:resume_listener(Name), running = ranch:get_status(Name), - {ok, Socket2} = ssl:connect("localhost", Port, - [binary, {active, false}, {packet, raw}, {versions, ['tlsv1.2']}]), + {ok, Socket2} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}]), ok = ssl:send(Socket2, <<"SSL with resumed listener">>), {ok, <<"SSL with resumed listener">>} = ssl:recv(Socket2, 25, 1000), ok = ranch:stop_listener(Name), @@ -1004,8 +1017,9 @@ ssl_getopts_capability(_) -> ranch_ssl, Opts, transport_capabilities_protocol, []), Port=ranch:get_port(Name), - {ok, Socket}=ssl:connect("localhost", Port, - [binary, {active, false}, {packet, raw}, {versions, ['tlsv1.2']}]), + {ok, Socket} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}]), ok=ssl:send(Socket, <<"getopts/2">>), {ok, <<"OK">>}=ssl:recv(Socket, 0, 1000), ok=ranch:stop_listener(Name), @@ -1021,8 +1035,9 @@ ssl_getstat_capability(_) -> ranch_ssl, Opts, transport_capabilities_protocol, []), Port=ranch:get_port(Name), - {ok, Socket}=ssl:connect("localhost", Port, - [binary, {active, false}, {packet, raw}, {versions, ['tlsv1.2']}]), + {ok, Socket} = ssl:connect("localhost", Port, [ + binary, {active, false}, {packet, raw}, + {verify, verify_none}, {versions, ['tlsv1.2']}]), ok=ssl:send(Socket, <<"getstat/1">>), {ok, <<"OK">>}=ssl:recv(Socket, 0, 1000), ok=ssl:send(Socket, <<"getstat/2">>), @@ -1101,7 +1116,10 @@ do_ssl_unsupported_tlsv13_options() -> ok = lists:foreach( fun (CheckOpt) -> Opts1 = Opts ++ [CheckOpt], - {error, {options, dependency, _}} = ssl:listen(0, Opts1), + case ssl:listen(0, Opts1) of + {error, {options, dependency, _}} -> ok; %% Before OTP-26. + {error, {options, incompatible, _}} -> ok %% OTP-26+. + end, {ok, _} = ranch:start_listener(Name, ranch_ssl, #{socket_opts => Opts1}, echo_protocol, []), diff --git a/test/proxy_header_SUITE.erl b/test/proxy_header_SUITE.erl index 4842a58..5845d31 100644 --- a/test/proxy_header_SUITE.erl +++ b/test/proxy_header_SUITE.erl @@ -216,7 +216,7 @@ do_proxy_header_ssl(Name, ProxyInfo, Data1, Data2) -> Port = ranch:get_port(Name), {ok, Socket0} = gen_tcp:connect("localhost", Port, [binary, {active, false}, {packet, raw}]), ok = gen_tcp:send(Socket0, [ranch_proxy_header:header(ProxyInfo)]), - {ok, Socket} = ssl:connect(Socket0, [{versions, ['tlsv1.2']}], 1000), + {ok, Socket} = ssl:connect(Socket0, [{verify, verify_none}, {versions, ['tlsv1.2']}], 1000), ok = ssl:send(Socket, Data1), receive {proxy_protocol, ProxyInfo} -> -- cgit v1.2.3