← Back to branch summary

~clint-fewbar/ubuntu/precise/erlang/merge-15b

« back to all changes in this revision

Viewing changes to lib/ssl/test/ssl_basic_SUITE.erl

  • Committer: Package Import Robot
  • Author(s): Sergei Golovan
  • Date: 2011-12-15 19:20:10 UTC
  • mfrom: (1.1.18) (3.5.15 sid)
  • mto: (3.5.16 sid)
  • mto: This revision was merged to the branch mainline in revision 33.
  • Revision ID: package-import@ubuntu.com-20111215192010-jnxcfe3tbrpp0big
Tags: 1:15.b-dfsg-1
* New upstream release.
* Upload to experimental because this release breaks external drivers
  API along with ABI, so several applications are to be fixed.
* Removed SSL patch because the old SSL implementation is removed from
  the upstream distribution.
* Removed never used patch which added native code to erlang beam files.
* Removed the erlang-docbuilder binary package because the docbuilder
  application was dropped by upstream.
* Documented dropping ${erlang-docbuilder:Depends} substvar in
  erlang-depends(1) manpage.
* Made erlang-base and erlang-base-hipe provide virtual package
  erlang-abi-15.b (the number means the first erlang version, which
  provides current ABI).

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/ssl/test/ssl_basic_SUITE.erl
1
1
%%
2
2
%% %CopyrightBegin%
3
3
%%
4
 
%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
 
4
%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
5
5
%%
6
6
%% The contents of this file are subject to the Erlang Public License,
7
7
%% Version 1.1, (the "License"); you may not use this file except in
24
24
%% Note: This directive should only be used in test suites.
25
25
-compile(export_all).
26
26
 
27
 
-include("test_server.hrl").
28
 
-include("test_server_line.hrl").
 
27
-include_lib("common_test/include/ct.hrl").
29
28
-include_lib("public_key/include/public_key.hrl").
 
29
 
30
30
-include("ssl_alert.hrl").
 
31
-include("ssl_internal.hrl").
 
32
-include("ssl_record.hrl").
31
33
 
32
34
-define('24H_in_sec', 86400).  
33
35
-define(TIMEOUT, 60000).
34
36
-define(LONG_TIMEOUT, 600000).
35
37
-define(EXPIRE, 10).
36
38
-define(SLEEP, 500).
 
39
-define(RENEGOTIATION_DISABLE_TIME, 12000).
37
40
 
38
41
%% Test server callback functions
39
42
%%--------------------------------------------------------------------
47
50
%%--------------------------------------------------------------------
48
51
init_per_suite(Config0) ->
49
52
    Dog = ssl_test_lib:timetrap(?LONG_TIMEOUT *2),
50
 
    crypto:start(),
51
 
    application:start(public_key),
52
 
    ssl:start(),
53
 
    
54
 
    %% make rsa certs using oppenssl
55
 
    Result = 
56
 
        (catch make_certs:all(?config(data_dir, Config0), 
57
 
                              ?config(priv_dir, Config0))),
58
 
    test_server:format("Make certs  ~p~n", [Result]),
59
 
 
60
 
    Config1 = ssl_test_lib:make_dsa_cert(Config0),
61
 
    Config = ssl_test_lib:cert_options(Config1),
62
 
    [{watchdog, Dog} | Config].
63
 
 
 
53
    try crypto:start() of
 
54
        ok ->
 
55
            application:start(public_key),
 
56
            ssl:start(),
 
57
 
 
58
            %% make rsa certs using oppenssl
 
59
            Result =
 
60
                (catch make_certs:all(?config(data_dir, Config0),
 
61
                                      ?config(priv_dir, Config0))),
 
62
            test_server:format("Make certs  ~p~n", [Result]),
 
63
 
 
64
            Config1 = ssl_test_lib:make_dsa_cert(Config0),
 
65
            Config = ssl_test_lib:cert_options(Config1),
 
66
            [{watchdog, Dog} | Config]
 
67
    catch _:_ ->
 
68
            {skip, "Crypto did not start"}
 
69
    end.
64
70
%%--------------------------------------------------------------------
65
71
%% Function: end_per_suite(Config) -> _
66
72
%% Config - [tuple()]
69
75
%%--------------------------------------------------------------------
70
76
end_per_suite(_Config) ->
71
77
    ssl:stop(),
72
 
    crypto:stop().
 
78
    application:stop(crypto).
73
79
 
74
80
%%--------------------------------------------------------------------
75
81
%% Function: init_per_testcase(TestCase, Config) -> Config
84
90
%% variable, but should NOT alter/remove any existing entries.
85
91
%% Description: Initialization before each test case
86
92
%%--------------------------------------------------------------------
 
93
init_per_testcase(session_cache_process_list, Config) ->
 
94
    init_customized_session_cache(list, Config);
 
95
 
 
96
init_per_testcase(session_cache_process_mnesia, Config) ->
 
97
    mnesia:start(),
 
98
    init_customized_session_cache(mnesia, Config);
 
99
 
87
100
init_per_testcase(reuse_session_expired, Config0) ->
88
101
    Config = lists:keydelete(watchdog, 1, Config0),
89
102
    Dog = ssl_test_lib:timetrap(?EXPIRE * 1000 * 5),
125
138
    ssl:start(),
126
139
    Config;
127
140
 
 
141
init_per_testcase(different_ca_peer_sign, Config0) ->
 
142
    ssl_test_lib:make_mix_cert(Config0);
 
143
 
128
144
init_per_testcase(_TestCase, Config0) ->
129
145
    Config = lists:keydelete(watchdog, 1, Config0),
130
146
    Dog = test_server:timetrap(?TIMEOUT),
131
147
   [{watchdog, Dog} | Config].
132
148
 
 
149
init_customized_session_cache(Type, Config0) ->
 
150
    Config = lists:keydelete(watchdog, 1, Config0),
 
151
    Dog = test_server:timetrap(?TIMEOUT),
 
152
    ssl:stop(),
 
153
    application:load(ssl),
 
154
    application:set_env(ssl, session_cb, ?MODULE),
 
155
    application:set_env(ssl, session_cb_init_args, [Type]),
 
156
    ssl:start(),
 
157
    [{watchdog, Dog} | Config].
 
158
 
133
159
%%--------------------------------------------------------------------
134
160
%% Function: end_per_testcase(TestCase, Config) -> _
135
161
%% Case - atom()
138
164
%%   A list of key/value pairs, holding the test case configuration.
139
165
%% Description: Cleanup after each test case
140
166
%%--------------------------------------------------------------------
 
167
end_per_testcase(session_cache_process_list, Config) ->
 
168
    application:unset_env(ssl, session_cb),
 
169
    end_per_testcase(default_action, Config);
 
170
end_per_testcase(session_cache_process_mnesia, Config) ->
 
171
    application:unset_env(ssl, session_cb),
 
172
    application:unset_env(ssl, session_cb_init_args),
 
173
    mnesia:stop(),
 
174
    ssl:stop(),
 
175
    ssl:start(),
 
176
    end_per_testcase(default_action, Config);
141
177
end_per_testcase(reuse_session_expired, Config) ->
142
178
    application:unset_env(ssl, session_lifetime),
143
179
    end_per_testcase(default_action, Config);
166
202
%%   Name of a test case.
167
203
%% Description: Returns a list of all test cases in this test suite
168
204
%%--------------------------------------------------------------------
169
 
all(doc) -> 
170
 
    ["Test the basic ssl functionality"];
 
205
suite() -> [{ct_hooks,[ts_install_cth]}].
171
206
 
172
 
all(suite) -> 
 
207
all() -> 
173
208
    [app, alerts, connection_info, protocol_versions,
174
 
     empty_protocol_versions, controlling_process, controller_dies,
175
 
     client_closes_socket, peercert, connect_dist, peername, sockname,
176
 
     socket_options, misc_ssl_options, versions, cipher_suites,
177
 
     upgrade, upgrade_with_timeout, tcp_connect, ipv6, ekeyfile,
178
 
     ecertfile, ecacertfile, eoptions, shutdown, shutdown_write,
179
 
     shutdown_both, shutdown_error, 
 
209
     empty_protocol_versions, controlling_process,
 
210
     controller_dies, client_closes_socket,
 
211
     connect_dist, peername, peercert, sockname, socket_options,
 
212
     invalid_inet_get_option, invalid_inet_get_option_not_list,
 
213
     invalid_inet_get_option_improper_list,
 
214
     invalid_inet_set_option, invalid_inet_set_option_not_list,
 
215
     invalid_inet_set_option_improper_list,
 
216
     misc_ssl_options, versions, cipher_suites, upgrade,
 
217
     upgrade_with_timeout, tcp_connect, tcp_connect_big, ipv6, ekeyfile,
 
218
     ecertfile, ecacertfile, eoptions, shutdown,
 
219
     shutdown_write, shutdown_both, shutdown_error,
180
220
     ciphers_rsa_signed_certs, ciphers_rsa_signed_certs_ssl3,
181
221
     ciphers_rsa_signed_certs_openssl_names,
182
222
     ciphers_rsa_signed_certs_openssl_names_ssl3,
183
 
     ciphers_dsa_signed_certs, 
184
 
     ciphers_dsa_signed_certs_ssl3,
 
223
     ciphers_dsa_signed_certs, ciphers_dsa_signed_certs_ssl3,
185
224
     ciphers_dsa_signed_certs_openssl_names,
186
225
     ciphers_dsa_signed_certs_openssl_names_ssl3,
187
226
     anonymous_cipher_suites,
188
227
     default_reject_anonymous,
189
228
     send_close,
190
 
     close_transport_accept, dh_params, server_verify_peer_passive,
191
 
     server_verify_peer_active, server_verify_peer_active_once,
 
229
     close_transport_accept, dh_params,
 
230
     server_verify_peer_passive, server_verify_peer_active,
 
231
     server_verify_peer_active_once,
192
232
     server_verify_none_passive, server_verify_none_active,
193
 
     server_verify_none_active_once, server_verify_no_cacerts,
194
 
     server_require_peer_cert_ok, server_require_peer_cert_fail,
 
233
     server_verify_none_active_once,
 
234
     server_verify_no_cacerts, server_require_peer_cert_ok,
 
235
     server_require_peer_cert_fail,
195
236
     server_verify_client_once_passive,
196
237
     server_verify_client_once_active,
197
 
     server_verify_client_once_active_once, client_verify_none_passive,
198
 
     client_verify_none_active, client_verify_none_active_once,
199
 
     reuse_session, reuse_session_expired,
200
 
     server_does_not_want_to_reuse_session, client_renegotiate,
201
 
     server_renegotiate, client_renegotiate_reused_session,
202
 
     server_renegotiate_reused_session, client_no_wrap_sequence_number,
203
 
     server_no_wrap_sequence_number, extended_key_usage,
204
 
     no_authority_key_identifier,
205
 
     invalid_signature_client, invalid_signature_server, cert_expired,
206
 
     client_with_cert_cipher_suites_handshake, unknown_server_ca_fail,
207
 
     der_input, unknown_server_ca_accept_verify_none, unknown_server_ca_accept_verify_peer,
208
 
     unknown_server_ca_accept_backwardscompatibilty
 
238
     server_verify_client_once_active_once,
 
239
     client_verify_none_passive, client_verify_none_active,
 
240
     client_verify_none_active_once,
 
241
     reuse_session,
 
242
     reuse_session_expired,
 
243
     server_does_not_want_to_reuse_session,
 
244
     client_renegotiate, server_renegotiate,
 
245
     client_renegotiate_reused_session,
 
246
     server_renegotiate_reused_session,
 
247
     client_no_wrap_sequence_number,
 
248
     server_no_wrap_sequence_number, extended_key_usage_verify_peer,
 
249
     extended_key_usage_verify_none,
 
250
     no_authority_key_identifier, invalid_signature_client,
 
251
     invalid_signature_server, cert_expired,
 
252
     client_with_cert_cipher_suites_handshake,
 
253
     unknown_server_ca_fail, der_input,
 
254
     unknown_server_ca_accept_verify_none,
 
255
     unknown_server_ca_accept_verify_peer,
 
256
     unknown_server_ca_accept_backwardscompatibility,
 
257
     %%different_ca_peer_sign,
 
258
     no_reuses_session_server_restart_new_cert,
 
259
     no_reuses_session_server_restart_new_cert_file, reuseaddr,
 
260
     hibernate, connect_twice, renegotiate_dos_mitigate_active,
 
261
     renegotiate_dos_mitigate_passive,
 
262
     tcp_error_propagation_in_active_mode, rizzo, no_rizzo_rc4
209
263
    ].
210
264
 
 
265
groups() -> 
 
266
    [].
 
267
 
 
268
init_per_group(_GroupName, Config) ->
 
269
    Config.
 
270
 
 
271
end_per_group(_GroupName, Config) ->
 
272
    Config.
 
273
 
211
274
%% Test cases starts here.
212
275
%%--------------------------------------------------------------------
213
276
app(doc) ->
321
384
    
322
385
    ssl_test_lib:close(Server),
323
386
    ssl_test_lib:close(Client).
324
 
 
325
387
%%--------------------------------------------------------------------
326
388
 
327
389
controlling_process(doc) -> 
334
396
    ClientOpts = ?config(client_opts, Config),
335
397
    ServerOpts = ?config(server_opts, Config),
336
398
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
337
 
    ClientMsg = "Hello server",
338
 
    ServerMsg = "Hello client",
 
399
    ClientMsg = "Server hello",
 
400
    ServerMsg = "Client hello",
339
401
   
340
402
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
341
403
                                        {from, self()}, 
356
418
                       [self(), Client, Server]),
357
419
    
358
420
    receive 
 
421
        {ssl, _, "S"} ->
 
422
            receive_s_rizzo_duong_beast();
359
423
        {ssl, _, ServerMsg} ->
360
424
            receive 
361
425
                {ssl, _, ClientMsg} ->
362
426
                    ok
363
427
            end;
 
428
        {ssl, _, "C"} ->
 
429
            receive_c_rizzo_duong_beast();
364
430
        {ssl, _, ClientMsg} ->
365
431
              receive 
366
432
                  {ssl, _, ServerMsg} ->
381
447
    ssl:send(Socket, Msg),
382
448
    no_result_msg.
383
449
 
 
450
receive_s_rizzo_duong_beast() ->
 
451
    receive 
 
452
        {ssl, _, "erver hello"} ->
 
453
            receive 
 
454
                {ssl, _, "C"} ->
 
455
                    receive
 
456
                        {ssl, _, "lient hello"} ->
 
457
                            ok
 
458
                    end
 
459
            end
 
460
    end.
 
461
receive_c_rizzo_duong_beast() ->
 
462
    receive 
 
463
        {ssl, _, "lient hello"} ->
 
464
            receive
 
465
                {ssl, _, "S"} ->
 
466
                    receive
 
467
                        {ssl, _, "erver hello"} ->
 
468
                            ok
 
469
                    end
 
470
            end
 
471
    end.
384
472
%%--------------------------------------------------------------------
385
473
controller_dies(doc) -> 
386
474
    ["Test that the socket is closed after controlling process dies"];
521
609
    
522
610
    _Client = spawn_link(Connect),
523
611
 
524
 
    ssl_test_lib:check_result(Server, {error,closed}),
525
 
    
526
 
    ssl_test_lib:close(Server).
527
 
 
528
 
%%--------------------------------------------------------------------
529
 
 
530
 
peercert(doc) -> 
531
 
    [""];
532
 
 
533
 
peercert(suite) -> 
534
 
    [];
535
 
 
536
 
peercert(Config) when is_list(Config) -> 
537
 
    ClientOpts = ?config(client_opts, Config),
538
 
    ServerOpts = ?config(server_opts, Config),
539
 
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
540
 
    
541
 
    Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0}, 
542
 
                                        {from, self()}, 
543
 
                           {mfa, {?MODULE, peercert_result, []}},
544
 
                           {options, ServerOpts}]),
545
 
    Port = ssl_test_lib:inet_port(Server),
546
 
    Client = ssl_test_lib:start_client([{node, ServerNode}, {port, Port}, 
547
 
                                        {host, Hostname},
548
 
                           {from, self()}, 
549
 
                           {mfa, {?MODULE, peercert_result, []}},
550
 
                           {options, ClientOpts}]),
551
 
    
552
 
    CertFile = proplists:get_value(certfile, ServerOpts),
553
 
    [{'Certificate', BinCert, _}]= ssl_test_lib:pem_to_der(CertFile),
554
 
    ErlCert = public_key:pkix_decode_cert(BinCert, otp),
555
 
       
556
 
    ServerMsg = {{error, no_peercert}, {error, no_peercert}},
557
 
    ClientMsg = {{ok, BinCert}, {ok, ErlCert}},
558
 
    
559
 
    test_server:format("Testcase ~p, Client ~p  Server ~p ~n", 
560
 
                       [self(), Client, Server]),
561
 
    
562
 
    ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
563
 
    
564
 
    ssl_test_lib:close(Server),
565
 
    ssl_test_lib:close(Client).
566
 
 
567
 
peercert_result(Socket) ->
568
 
    Result1 = ssl:peercert(Socket),
569
 
    Result2 = ssl:peercert(Socket, [ssl]), 
570
 
    {Result1, Result2}.
 
612
    ssl_test_lib:check_result(Server, {error,closed}).
571
613
 
572
614
%%--------------------------------------------------------------------
573
615
connect_dist(doc) -> 
650
692
    ssl:peername(S).
651
693
 
652
694
%%--------------------------------------------------------------------
 
695
peercert(doc) ->
 
696
    [""];
 
697
peercert(suite) ->
 
698
    [];
 
699
peercert(Config) when is_list(Config) ->
 
700
    ClientOpts = ?config(client_opts, Config),
 
701
    ServerOpts = ?config(server_opts, Config),
 
702
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
703
 
 
704
    Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
 
705
                                        {from, self()},
 
706
                           {mfa, {?MODULE, peercert_result, []}},
 
707
                           {options, ServerOpts}]),
 
708
    Port = ssl_test_lib:inet_port(Server),
 
709
    Client = ssl_test_lib:start_client([{node, ServerNode}, {port, Port},
 
710
                                        {host, Hostname},
 
711
                           {from, self()},
 
712
                           {mfa, {?MODULE, peercert_result, []}},
 
713
                           {options, ClientOpts}]),
 
714
 
 
715
    CertFile = proplists:get_value(certfile, ServerOpts),
 
716
    [{'Certificate', BinCert, _}]= ssl_test_lib:pem_to_der(CertFile),
 
717
 
 
718
    ServerMsg = {error, no_peercert},
 
719
    ClientMsg = {ok, BinCert},
 
720
 
 
721
    test_server:format("Testcase ~p, Client ~p  Server ~p ~n",
 
722
                       [self(), Client, Server]),
 
723
 
 
724
    ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
 
725
 
 
726
    ssl_test_lib:close(Server),
 
727
    ssl_test_lib:close(Client).
 
728
 
 
729
peercert_result(Socket) ->
 
730
    ssl:peercert(Socket).
 
731
 
 
732
%%--------------------------------------------------------------------
653
733
sockname(doc) -> 
654
734
    ["Test API function sockname/1"];
655
735
 
738
818
    ssl_test_lib:check_result(Server, ok, Client, ok),
739
819
 
740
820
    ssl_test_lib:close(Server),
741
 
    ssl_test_lib:close(Client),
742
821
    
743
822
    {ok, Listen} = ssl:listen(0, ServerOpts),
744
823
    {ok,[{mode,list}]} = ssl:getopts(Listen, [mode]),
756
835
    {ok,[{nodelay,false}]} = ssl:getopts(Socket, [nodelay]),  
757
836
    ssl:setopts(Socket, [{nodelay, true}]),
758
837
    {ok,[{nodelay, true}]} = ssl:getopts(Socket, [nodelay]),
759
 
    ok.
 
838
    {ok, All} = ssl:getopts(Socket, []),
 
839
    test_server:format("All opts ~p~n", [All]),
 
840
    ok.
 
841
 
 
842
 
 
843
%%--------------------------------------------------------------------
 
844
invalid_inet_get_option(doc) ->
 
845
    ["Test handling of invalid inet options in getopts"];
 
846
 
 
847
invalid_inet_get_option(suite) ->
 
848
    [];
 
849
 
 
850
invalid_inet_get_option(Config) when is_list(Config) ->
 
851
    ClientOpts = ?config(client_opts, Config),
 
852
    ServerOpts = ?config(server_opts, Config),
 
853
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
854
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
855
                                        {from, self()},
 
856
                           {mfa, {?MODULE, get_invalid_inet_option, []}},
 
857
                           {options, ServerOpts}]),
 
858
    Port = ssl_test_lib:inet_port(Server),
 
859
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
860
                                        {host, Hostname},
 
861
                           {from, self()},
 
862
                           {mfa, {ssl_test_lib, no_result, []}},
 
863
                           {options, ClientOpts}]),
 
864
 
 
865
    test_server:format("Testcase ~p, Client ~p  Server ~p ~n",
 
866
                       [self(), Client, Server]),
 
867
 
 
868
    ssl_test_lib:check_result(Server, ok),
 
869
    ssl_test_lib:close(Server),
 
870
    ssl_test_lib:close(Client).
 
871
 
 
872
 
 
873
get_invalid_inet_option(Socket) ->
 
874
    {error, {eoptions, {inet_option, foo, _}}} = ssl:getopts(Socket, [foo]),
 
875
    ok.
 
876
 
 
877
%%--------------------------------------------------------------------
 
878
invalid_inet_get_option_not_list(doc) ->
 
879
    ["Test handling of invalid type in getopts"];
 
880
 
 
881
invalid_inet_get_option_not_list(suite) ->
 
882
    [];
 
883
 
 
884
invalid_inet_get_option_not_list(Config) when is_list(Config) ->
 
885
    ClientOpts = ?config(client_opts, Config),
 
886
    ServerOpts = ?config(server_opts, Config),
 
887
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
888
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
889
                                        {from, self()},
 
890
                           {mfa, {?MODULE, get_invalid_inet_option_not_list, []}},
 
891
                           {options, ServerOpts}]),
 
892
    Port = ssl_test_lib:inet_port(Server),
 
893
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
894
                                        {host, Hostname},
 
895
                           {from, self()},
 
896
                           {mfa, {ssl_test_lib, no_result, []}},
 
897
                           {options, ClientOpts}]),
 
898
 
 
899
    test_server:format("Testcase ~p, Client ~p  Server ~p ~n",
 
900
                       [self(), Client, Server]),
760
901
    
 
902
    ssl_test_lib:check_result(Server, ok),
 
903
    ssl_test_lib:close(Server),
 
904
    ssl_test_lib:close(Client).
 
905
 
 
906
 
 
907
get_invalid_inet_option_not_list(Socket) ->
 
908
    {error, {eoptions, {inet_options, some_invalid_atom_here}}}
 
909
     = ssl:getopts(Socket, some_invalid_atom_here),
 
910
     ok.
 
911
 
 
912
%%--------------------------------------------------------------------
 
913
invalid_inet_get_option_improper_list(doc) ->
 
914
    ["Test handling of invalid type in getopts"];
 
915
 
 
916
invalid_inet_get_option_improper_list(suite) ->
 
917
    [];
 
918
 
 
919
invalid_inet_get_option_improper_list(Config) when is_list(Config) ->
 
920
    ClientOpts = ?config(client_opts, Config),
 
921
    ServerOpts = ?config(server_opts, Config),
 
922
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
923
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
924
                                        {from, self()},
 
925
                           {mfa, {?MODULE, get_invalid_inet_option_improper_list, []}},
 
926
                           {options, ServerOpts}]),
 
927
    Port = ssl_test_lib:inet_port(Server),
 
928
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
929
                                        {host, Hostname},
 
930
                           {from, self()},
 
931
                           {mfa, {ssl_test_lib, no_result, []}},
 
932
                           {options, ClientOpts}]),
 
933
 
 
934
    test_server:format("Testcase ~p, Client ~p  Server ~p ~n",
 
935
                       [self(), Client, Server]),
 
936
 
 
937
    ssl_test_lib:check_result(Server, ok),
 
938
    ssl_test_lib:close(Server),
 
939
    ssl_test_lib:close(Client).
 
940
 
 
941
 
 
942
get_invalid_inet_option_improper_list(Socket) ->
 
943
    {error, {eoptions, {inet_option, foo,_}}} = ssl:getopts(Socket, [packet | foo]),
 
944
    ok.
 
945
 
 
946
%%--------------------------------------------------------------------
 
947
invalid_inet_set_option(doc) ->
 
948
    ["Test handling of invalid inet options in setopts"];
 
949
 
 
950
invalid_inet_set_option(suite) ->
 
951
    [];
 
952
 
 
953
invalid_inet_set_option(Config) when is_list(Config) ->
 
954
    ClientOpts = ?config(client_opts, Config),
 
955
    ServerOpts = ?config(server_opts, Config),
 
956
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
957
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
958
                                        {from, self()},
 
959
                           {mfa, {?MODULE, set_invalid_inet_option, []}},
 
960
                           {options, ServerOpts}]),
 
961
    Port = ssl_test_lib:inet_port(Server),
 
962
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
963
                                        {host, Hostname},
 
964
                           {from, self()},
 
965
                           {mfa, {ssl_test_lib, no_result, []}},
 
966
                           {options, ClientOpts}]),
 
967
 
 
968
    test_server:format("Testcase ~p, Client ~p  Server ~p ~n",
 
969
                       [self(), Client, Server]),
 
970
 
 
971
    ssl_test_lib:check_result(Server, ok),
 
972
    ssl_test_lib:close(Server),
 
973
    ssl_test_lib:close(Client).
 
974
 
 
975
set_invalid_inet_option(Socket) ->
 
976
    {error, {eoptions, {inet_opt, {packet, foo}}}} = ssl:setopts(Socket, [{packet, foo}]),
 
977
    {error, {eoptions, {inet_opt, {header, foo}}}} = ssl:setopts(Socket, [{header, foo}]),
 
978
    {error, {eoptions, {inet_opt, {active, foo}}}} = ssl:setopts(Socket, [{active, foo}]),
 
979
    {error, {eoptions, {inet_opt, {mode, foo}}}}   = ssl:setopts(Socket, [{mode, foo}]),
 
980
    ok.
 
981
%%--------------------------------------------------------------------
 
982
invalid_inet_set_option_not_list(doc) ->
 
983
    ["Test handling of invalid type in setopts"];
 
984
 
 
985
invalid_inet_set_option_not_list(suite) ->
 
986
    [];
 
987
 
 
988
invalid_inet_set_option_not_list(Config) when is_list(Config) ->
 
989
    ClientOpts = ?config(client_opts, Config),
 
990
    ServerOpts = ?config(server_opts, Config),
 
991
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
992
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
993
                                        {from, self()},
 
994
                           {mfa, {?MODULE, set_invalid_inet_option_not_list, []}},
 
995
                           {options, ServerOpts}]),
 
996
    Port = ssl_test_lib:inet_port(Server),
 
997
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
998
                                        {host, Hostname},
 
999
                           {from, self()},
 
1000
                           {mfa, {ssl_test_lib, no_result, []}},
 
1001
                           {options, ClientOpts}]),
 
1002
 
 
1003
    test_server:format("Testcase ~p, Client ~p  Server ~p ~n",
 
1004
                       [self(), Client, Server]),
 
1005
 
 
1006
    ssl_test_lib:check_result(Server, ok),
 
1007
    ssl_test_lib:close(Server),
 
1008
    ssl_test_lib:close(Client).
 
1009
 
 
1010
 
 
1011
set_invalid_inet_option_not_list(Socket) ->
 
1012
    {error, {eoptions, {not_a_proplist, some_invalid_atom_here}}}
 
1013
        = ssl:setopts(Socket, some_invalid_atom_here),
 
1014
    ok.
 
1015
 
 
1016
%%--------------------------------------------------------------------
 
1017
invalid_inet_set_option_improper_list(doc) ->
 
1018
    ["Test handling of invalid tye in setopts"];
 
1019
 
 
1020
invalid_inet_set_option_improper_list(suite) ->
 
1021
    [];
 
1022
 
 
1023
invalid_inet_set_option_improper_list(Config) when is_list(Config) ->
 
1024
    ClientOpts = ?config(client_opts, Config),
 
1025
    ServerOpts = ?config(server_opts, Config),
 
1026
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
1027
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
1028
                                        {from, self()},
 
1029
                           {mfa, {?MODULE, set_invalid_inet_option_improper_list, []}},
 
1030
                           {options, ServerOpts}]),
 
1031
    Port = ssl_test_lib:inet_port(Server),
 
1032
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
1033
                                        {host, Hostname},
 
1034
                           {from, self()},
 
1035
                           {mfa, {ssl_test_lib, no_result, []}},
 
1036
                           {options, ClientOpts}]),
 
1037
 
 
1038
    test_server:format("Testcase ~p, Client ~p  Server ~p ~n",
 
1039
                       [self(), Client, Server]),
 
1040
 
 
1041
    ssl_test_lib:check_result(Server, ok),
 
1042
    ssl_test_lib:close(Server),
 
1043
    ssl_test_lib:close(Client).
 
1044
 
 
1045
set_invalid_inet_option_improper_list(Socket) ->
 
1046
    {error, {eoptions, {not_a_proplist, [{packet, 0} | {foo, 2}]}}} =
 
1047
        ssl:setopts(Socket, [{packet, 0} | {foo, 2}]),
 
1048
    ok.
 
1049
 
761
1050
%%--------------------------------------------------------------------
762
1051
misc_ssl_options(doc) ->
763
1052
    ["Test what happens when we give valid options"];
841
1130
    ssl_test_lib:close(Server),
842
1131
    ssl_test_lib:close(Client).
843
1132
 
 
1133
%%--------------------------------------------------------------------
844
1134
send_close(doc) -> 
845
1135
    [""];
846
1136
 
867
1157
    ok = ssl:send(SslS, "Hello world"),      
868
1158
    {ok,<<"Hello world">>} = ssl:recv(SslS, 11),    
869
1159
    gen_tcp:close(TcpS),    
870
 
    {error, _} = ssl:send(SslS, "Hello world"),    
871
 
    ssl_test_lib:close(Server).
 
1160
    {error, _} = ssl:send(SslS, "Hello world").
872
1161
 
873
1162
%%--------------------------------------------------------------------
874
1163
close_transport_accept(doc) ->
971
1260
    %% Make sure binary is inherited from tcp socket and that we do
972
1261
    %% not get the list default!
973
1262
    receive 
 
1263
        {ssl, _, <<"H">>} ->
 
1264
            receive 
 
1265
                {ssl, _, <<"ello world">>} ->
 
1266
                    ok
 
1267
            end;
974
1268
        {ssl, _, <<"Hello world">>}  ->
975
1269
            ok
976
1270
    end.
1043
1337
                {Server, {error, Error}} ->
1044
1338
                    test_server:format("Error ~p", [Error])
1045
1339
            end
1046
 
    end,
1047
 
    ssl_test_lib:close(Server).
1048
 
 
 
1340
    end.
 
1341
 
 
1342
tcp_connect_big(doc) ->
 
1343
    ["Test what happens when a tcp tries to connect, i,e. a bad big (ssl) packet is sent first"];
 
1344
 
 
1345
tcp_connect_big(suite) ->
 
1346
    [];
 
1347
 
 
1348
tcp_connect_big(Config) when is_list(Config) ->
 
1349
    ServerOpts = ?config(server_opts, Config),
 
1350
    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
1351
    TcpOpts = [binary, {reuseaddr, true}],
 
1352
 
 
1353
    Server = ssl_test_lib:start_upgrade_server([{node, ServerNode}, {port, 0},
 
1354
                                                {from, self()},
 
1355
                                                {timeout, 5000},
 
1356
                                                {mfa, {?MODULE, dummy, []}},
 
1357
                                                {tcp_options, TcpOpts},
 
1358
                                                {ssl_options, ServerOpts}]),
 
1359
    Port = ssl_test_lib:inet_port(Server),
 
1360
 
 
1361
    {ok, Socket} = gen_tcp:connect(Hostname, Port, [binary, {packet, 0}]),
 
1362
    test_server:format("Testcase ~p connected to Server ~p ~n", [self(), Server]),
 
1363
 
 
1364
    Rand = crypto:rand_bytes(?MAX_CIPHER_TEXT_LENGTH+1),
 
1365
    gen_tcp:send(Socket, <<?BYTE(0),
 
1366
                           ?BYTE(3), ?BYTE(1), ?UINT16(?MAX_CIPHER_TEXT_LENGTH), Rand/binary>>),
 
1367
 
 
1368
    receive
 
1369
        {tcp_closed, Socket} ->
 
1370
            receive
 
1371
                {Server, {error, timeout}} ->
 
1372
                    test_server:fail("hangs");
 
1373
                {Server, {error, Error}} ->
 
1374
                    test_server:format("Error ~p", [Error])
 
1375
            end
 
1376
    end.
1049
1377
 
1050
1378
dummy(_Socket) ->
1051
1379
    %% Should not happen as the ssl connection will not be established
1053
1381
    exit(kill).
1054
1382
 
1055
1383
%%--------------------------------------------------------------------
 
1384
ipv6() ->
 
1385
    [{require, ipv6_hosts}].
1056
1386
ipv6(doc) ->
1057
1387
    ["Test ipv6."];
1058
1388
ipv6(suite) ->
1060
1390
ipv6(Config) when is_list(Config) ->
1061
1391
    {ok, Hostname0} = inet:gethostname(),
1062
1392
    
1063
 
    case lists:member(list_to_atom(Hostname0), ?config(ipv6_hosts, Config)) of
 
1393
    case lists:member(list_to_atom(Hostname0), ct:get_config(ipv6_hosts)) of
1064
1394
        true ->
1065
1395
            ClientOpts = ?config(client_opts, Config),
1066
1396
            ServerOpts = ?config(server_opts, Config),
1149
1479
    
1150
1480
 
1151
1481
%%--------------------------------------------------------------------
1152
 
ecacertfile(doc) -> 
 
1482
ecacertfile(doc) ->
1153
1483
    ["Test what happens with an invalid cacert file"];
1154
1484
 
1155
 
ecacertfile(suite) -> 
 
1485
ecacertfile(suite) ->
1156
1486
    [];
1157
1487
 
1158
 
ecacertfile(Config) when is_list(Config) -> 
 
1488
ecacertfile(Config) when is_list(Config) ->
1159
1489
    ClientOpts    = [{reuseaddr, true}|?config(client_opts, Config)],
1160
1490
    ServerBadOpts = [{reuseaddr, true}|?config(server_bad_ca, Config)],
1161
1491
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1225
1555
            end,
1226
1556
 
1227
1557
    TestOpts = [{versions, [sslv2, sslv3]}, 
1228
 
                {ssl_imp, cool},
1229
1558
                {verify, 4}, 
1230
1559
                {verify_fun, function},
1231
1560
                {fail_if_no_peer_cert, 0}, 
1237
1566
                {cacertfile, ""}, 
1238
1567
                {dhfile,'dh.pem' },
1239
1568
                {ciphers, [{foo, bar, sha, ignore}]},
1240
 
                {reuse_session, foo}, 
1241
 
                {reuse_sessions, 0}, 
 
1569
                {reuse_session, foo},
 
1570
                {reuse_sessions, 0},
1242
1571
                {renegotiate_at, "10"},
1243
 
                {debug, 1}, 
 
1572
                {debug, 1},
1244
1573
                {mode, depech},
1245
 
                {packet, 8.0}, 
1246
 
                {packet_size, "2"}, 
1247
 
                {header, a}, 
 
1574
                {packet, 8.0},
 
1575
                {packet_size, "2"},
 
1576
                {header, a},
1248
1577
                {active, trice},
1249
1578
                {key, 'key.pem' }],
1250
1579
 
1532
1861
    Suite.
1533
1862
 
1534
1863
cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->   
1535
 
    process_flag(trap_exit, true),
 
1864
    %% process_flag(trap_exit, true),
1536
1865
    test_server:format("Testing CipherSuite ~p~n", [CipherSuite]),
1537
1866
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1538
1867
    
1556
1885
    Result = ssl_test_lib:wait_for_result(Server, ok, Client, ok),   
1557
1886
 
1558
1887
    ssl_test_lib:close(Server),
1559
 
    receive 
1560
 
        {'EXIT', Server, normal} ->
1561
 
            ok
1562
 
     end,
1563
1888
    ssl_test_lib:close(Client),
1564
 
    receive 
1565
 
        {'EXIT', Client, normal} ->
1566
 
            ok
1567
 
    end,
1568
 
    process_flag(trap_exit, false),
 
1889
 
1569
1890
    case Result of
1570
1891
        ok ->
1571
1892
            [];
1607
1928
    [];
1608
1929
 
1609
1930
reuse_session(Config) when is_list(Config) -> 
1610
 
    process_flag(trap_exit, true),
1611
1931
    ClientOpts = ?config(client_opts, Config),
1612
1932
    ServerOpts = ?config(server_opts, Config),
1613
1933
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1615
1935
    Server = 
1616
1936
        ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
1617
1937
                                   {from, self()},
1618
 
                      {mfa, {?MODULE, session_info_result, []}},
1619
 
                      {options, ServerOpts}]),
 
1938
                                   {mfa, {ssl_test_lib, session_info_result, []}},
 
1939
                                   {options, ServerOpts}]),
1620
1940
    Port = ssl_test_lib:inet_port(Server),
1621
1941
    Client0 =
1622
1942
        ssl_test_lib:start_client([{node, ClientNode}, 
1623
1943
                      {port, Port}, {host, Hostname},
1624
 
                            {mfa, {ssl_test_lib, no_result, []}},
 
1944
                                   {mfa, {ssl_test_lib, no_result, []}},
1625
1945
                      {from, self()},  {options, ClientOpts}]),   
1626
1946
    SessionInfo = 
1627
1947
        receive
1629
1949
                Info
1630
1950
        end,
1631
1951
       
1632
 
    Server ! listen,
 
1952
    Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
1633
1953
    
1634
1954
    %% Make sure session is registered
1635
1955
    test_server:sleep(?SLEEP),
1636
1956
 
1637
1957
    Client1 =
1638
 
        ssl_test_lib:start_client([{node, ClientNode}, 
1639
 
                      {port, Port}, {host, Hostname},
1640
 
                      {mfa, {?MODULE, session_info_result, []}},
1641
 
                      {from, self()},  {options, ClientOpts}]),    
 
1958
        ssl_test_lib:start_client([{node, ClientNode},
 
1959
                                   {port, Port}, {host, Hostname},
 
1960
                                   {mfa, {ssl_test_lib, session_info_result, []}},
 
1961
                                   {from, self()},  {options, ClientOpts}]),
1642
1962
    receive
1643
1963
        {Client1, SessionInfo} ->
1644
1964
            ok;
1648
1968
            test_server:fail(session_not_reused)
1649
1969
    end,
1650
1970
    
1651
 
    Server ! listen,
 
1971
    Server !  {listen, {mfa, {ssl_test_lib, no_result, []}}},
1652
1972
    
1653
1973
    Client2 =
1654
 
        ssl_test_lib:start_client([{node, ClientNode}, 
 
1974
        ssl_test_lib:start_client([{node, ClientNode},
1655
1975
                      {port, Port}, {host, Hostname},
1656
 
                            {mfa, {?MODULE, session_info_result, []}},
 
1976
                            {mfa, {ssl_test_lib, session_info_result, []}},
1657
1977
                      {from, self()},  {options, [{reuse_sessions, false}
1658
1978
                                                  | ClientOpts]}]),   
1659
1979
    receive
1665
1985
    end,
1666
1986
    
1667
1987
    ssl_test_lib:close(Server),
1668
 
    ssl_test_lib:close(Client0),
1669
 
    ssl_test_lib:close(Client1),
1670
 
    ssl_test_lib:close(Client2),
1671
 
 
1672
1988
 
1673
1989
    Server1 = 
1674
1990
        ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
1675
1991
                                   {from, self()},
1676
 
                      {mfa, {?MODULE, session_info_result, []}},
 
1992
                      {mfa, {ssl_test_lib, session_info_result, []}},
1677
1993
                      {options, [{reuse_sessions, false} | ServerOpts]}]),
1678
1994
    
1679
1995
    Port1 = ssl_test_lib:inet_port(Server1),
1680
1996
    Client3 =
1681
1997
        ssl_test_lib:start_client([{node, ClientNode}, 
1682
1998
                                   {port, Port1}, {host, Hostname},
1683
 
                                   {mfa, {?MODULE, session_info_result, []}},
 
1999
                                   {mfa, {ssl_test_lib, no_result, []}},
1684
2000
                                   {from, self()},  {options, ClientOpts}]), 
1685
2001
 
1686
2002
    SessionInfo1 = 
1689
2005
                Info1
1690
2006
        end,
1691
2007
       
1692
 
    Server1 ! listen,
 
2008
    Server1 ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
1693
2009
    
1694
2010
    %% Make sure session is registered
1695
2011
    test_server:sleep(?SLEEP),
1697
2013
    Client4 = 
1698
2014
        ssl_test_lib:start_client([{node, ClientNode}, 
1699
2015
                                   {port, Port1}, {host, Hostname},
1700
 
                                   {mfa, {?MODULE, session_info_result, []}},
 
2016
                                   {mfa, {ssl_test_lib, session_info_result, []}},
1701
2017
                                   {from, self()},  {options, ClientOpts}]),
1702
2018
    
1703
2019
    receive
1705
2021
            test_server:fail(
1706
2022
              session_reused_when_session_reuse_disabled_by_server);
1707
2023
        {Client4, _Other} ->
 
2024
            test_server:format("OTHER: ~p ~n", [_Other]),
1708
2025
            ok
1709
2026
    end,
1710
 
    
 
2027
 
1711
2028
    ssl_test_lib:close(Server1),
 
2029
    ssl_test_lib:close(Client0),
 
2030
    ssl_test_lib:close(Client1),
 
2031
    ssl_test_lib:close(Client2),
1712
2032
    ssl_test_lib:close(Client3),
1713
 
    ssl_test_lib:close(Client4),
1714
 
    process_flag(trap_exit, false).
1715
 
 
1716
 
 
1717
 
session_info_result(Socket) ->                                            
1718
 
    ssl:session_info(Socket).
 
2033
    ssl_test_lib:close(Client4).
1719
2034
 
1720
2035
%%--------------------------------------------------------------------
1721
2036
reuse_session_expired(doc) -> 
1725
2040
    [];
1726
2041
 
1727
2042
reuse_session_expired(Config) when is_list(Config) -> 
1728
 
    process_flag(trap_exit, true),
1729
2043
    ClientOpts = ?config(client_opts, Config),
1730
2044
    ServerOpts = ?config(server_opts, Config),
1731
2045
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1733
2047
    Server = 
1734
2048
        ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
1735
2049
                                   {from, self()},
1736
 
                      {mfa, {?MODULE, session_info_result, []}},
 
2050
                      {mfa, {ssl_test_lib, session_info_result, []}},
1737
2051
                      {options, ServerOpts}]),
1738
2052
    Port = ssl_test_lib:inet_port(Server),
1739
2053
    Client0 =
1746
2060
            {Server, Info} ->
1747
2061
                Info
1748
2062
        end,
1749
 
       
1750
 
    Server ! listen,
 
2063
 
 
2064
    Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
1751
2065
    
1752
2066
    %% Make sure session is registered
1753
2067
    test_server:sleep(?SLEEP),
1755
2069
    Client1 =
1756
2070
        ssl_test_lib:start_client([{node, ClientNode}, 
1757
2071
                      {port, Port}, {host, Hostname},
1758
 
                      {mfa, {?MODULE, session_info_result, []}},
 
2072
                      {mfa, {ssl_test_lib, session_info_result, []}},
1759
2073
                      {from, self()},  {options, ClientOpts}]),    
1760
2074
    receive
1761
2075
        {Client1, SessionInfo} ->
1767
2081
    end,
1768
2082
    
1769
2083
    Server ! listen,
1770
 
    
 
2084
 
1771
2085
    %% Make sure session is unregistered due to expiration
1772
2086
    test_server:sleep((?EXPIRE+1) * 1000),
1773
2087
    
1774
2088
    Client2 =
1775
2089
        ssl_test_lib:start_client([{node, ClientNode}, 
1776
2090
                      {port, Port}, {host, Hostname},
1777
 
                                   {mfa, {?MODULE, session_info_result, []}},
 
2091
                                   {mfa, {ssl_test_lib, session_info_result, []}},
1778
2092
                                   {from, self()},  {options, ClientOpts}]),   
1779
2093
    receive
1780
2094
        {Client2, SessionInfo} ->
1782
2096
        {Client2, _} ->
1783
2097
            ok
1784
2098
    end,
1785
 
    
 
2099
    process_flag(trap_exit, false),
1786
2100
    ssl_test_lib:close(Server),
1787
2101
    ssl_test_lib:close(Client0),
1788
2102
    ssl_test_lib:close(Client1),
1789
 
    ssl_test_lib:close(Client2),
1790
 
    process_flag(trap_exit, false).
 
2103
    ssl_test_lib:close(Client2).
 
2104
 
1791
2105
%%--------------------------------------------------------------------
1792
2106
server_does_not_want_to_reuse_session(doc) -> 
1793
2107
    ["Test reuse of sessions (short handshake)"];
1803
2117
    Server = 
1804
2118
        ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
1805
2119
                                   {from, self()},
1806
 
                      {mfa, {?MODULE, session_info_result, []}},
 
2120
                      {mfa, {ssl_test_lib, session_info_result, []}},
1807
2121
                                   {options, [{reuse_session, fun(_,_,_,_) ->
1808
2122
                                                                      false
1809
2123
                                                              end} | 
1820
2134
                Info
1821
2135
        end,
1822
2136
       
1823
 
    Server ! listen,
 
2137
    Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
1824
2138
    
1825
2139
    %% Make sure session is registered
1826
2140
    test_server:sleep(?SLEEP),
 
2141
    ssl_test_lib:close(Client0),
1827
2142
 
1828
2143
    Client1 =
1829
2144
        ssl_test_lib:start_client([{node, ClientNode}, 
1830
2145
                      {port, Port}, {host, Hostname},
1831
 
                      {mfa, {?MODULE, session_info_result, []}},
 
2146
                      {mfa, {ssl_test_lib, session_info_result, []}},
1832
2147
                      {from, self()},  {options, ClientOpts}]),    
1833
2148
    receive
1834
2149
        {Client1, SessionInfo} ->
1836
2151
        {Client1, _Other} ->
1837
2152
           ok
1838
2153
    end,
1839
 
    
 
2154
 
1840
2155
    ssl_test_lib:close(Server),
1841
 
    ssl_test_lib:close(Client0),
1842
 
    ssl_test_lib:close(Client1),
1843
 
    process_flag(trap_exit, false).
 
2156
    ssl_test_lib:close(Client1).
1844
2157
 
1845
2158
%%--------------------------------------------------------------------
1846
2159
 
2007
2320
    ssl_test_lib:check_result(Server, ok, Client, ok),
2008
2321
    ssl_test_lib:close(Server),
2009
2322
    ssl_test_lib:close(Client).
 
2323
 
2010
2324
%%--------------------------------------------------------------------
2011
2325
 
2012
2326
server_verify_client_once_passive(doc) -> 
2033
2347
                                        {options, [{active, false} | ClientOpts]}]),
2034
2348
    
2035
2349
    ssl_test_lib:check_result(Server, ok, Client0, ok),
 
2350
    Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
2036
2351
    ssl_test_lib:close(Client0),
2037
 
    Server ! listen,
2038
2352
    Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
2039
2353
                                        {host, Hostname},
2040
2354
                                        {from, self()}, 
2060
2374
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
2061
2375
                                        {from, self()}, 
2062
2376
                                        {mfa, {?MODULE, send_recv_result_active, []}},
2063
 
                                        {options, [{active, once}, {verify, verify_peer},
 
2377
                                        {options, [{active, true}, {verify, verify_peer},
2064
2378
                                                   {verify_client_once, true}
2065
2379
                                                   | ServerOpts]}]),
2066
2380
    Port  = ssl_test_lib:inet_port(Server),
2071
2385
                                         {options, [{active, true} | ClientOpts]}]),
2072
2386
    
2073
2387
    ssl_test_lib:check_result(Server, ok, Client0, ok),
 
2388
    Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
2074
2389
    ssl_test_lib:close(Client0),
2075
 
    Server ! listen,
2076
2390
    Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
2077
2391
                                        {host, Hostname},
2078
2392
                                        {from, self()}, 
2083
2397
    ssl_test_lib:close(Server),
2084
2398
    ssl_test_lib:close(Client1).
2085
2399
    
2086
 
 
2087
2400
%%--------------------------------------------------------------------
2088
2401
 
2089
2402
server_verify_client_once_active_once(doc) -> 
2110
2423
                                        {options, [{active, once} | ClientOpts]}]),
2111
2424
    
2112
2425
    ssl_test_lib:check_result(Server, ok, Client0, ok),
 
2426
    Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
2113
2427
    ssl_test_lib:close(Client0),
2114
 
    Server ! listen,
2115
 
    
2116
2428
    Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
2117
 
                                        {host, Hostname},
2118
 
                                        {from, self()}, 
2119
 
                                        {mfa, {?MODULE, result_ok, []}},
2120
 
                                        {options, [{active, once} | ClientOpts]}]),
 
2429
                                         {host, Hostname},
 
2430
                                         {from, self()},
 
2431
                                         {mfa, {?MODULE, result_ok, []}},
 
2432
                                         {options, [{active, once} | ClientOpts]}]),
2121
2433
    
2122
2434
    ssl_test_lib:check_result(Client1, ok),
2123
2435
    ssl_test_lib:close(Server),
2124
2436
    ssl_test_lib:close(Client1).
2125
 
    
 
2437
 
2126
2438
%%--------------------------------------------------------------------
2127
2439
 
2128
2440
server_verify_no_cacerts(doc) -> 
2130
2442
 
2131
2443
server_verify_no_cacerts(suite) -> 
2132
2444
    [];
2133
 
 
2134
2445
server_verify_no_cacerts(Config) when is_list(Config) ->
2135
 
    ServerOpts =  ServerOpts =  ?config(server_opts, Config), 
 
2446
    ServerOpts =  ?config(server_opts, Config),
2136
2447
    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
2137
2448
    Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, 
2138
2449
                                              {from, self()}, 
2293
2604
    ssl_test_lib:close(Server),
2294
2605
    ssl_test_lib:close(Client).
2295
2606
 
2296
 
 
2297
 
 
2298
2607
%%--------------------------------------------------------------------
2299
2608
client_renegotiate(doc) -> 
2300
2609
    ["Test ssl:renegotiate/1 on client."];
2303
2612
    [];
2304
2613
 
2305
2614
client_renegotiate(Config) when is_list(Config) ->
2306
 
    process_flag(trap_exit, true),
2307
2615
    ServerOpts = ?config(server_opts, Config),  
2308
2616
    ClientOpts = ?config(client_opts, Config),  
2309
2617
 
2318
2626
                                   {options, ServerOpts}]),
2319
2627
    Port = ssl_test_lib:inet_port(Server),
2320
2628
 
2321
 
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 
2629
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2322
2630
                                        {host, Hostname},
2323
2631
                                        {from, self()}, 
2324
2632
                                        {mfa, {?MODULE, 
2326
2634
                                        {options, [{reuse_sessions, false} | ClientOpts]}]),
2327
2635
    
2328
2636
    ssl_test_lib:check_result(Client, ok, Server, ok), 
2329
 
 
2330
2637
    ssl_test_lib:close(Server),
2331
 
    ssl_test_lib:close(Client),
2332
 
    process_flag(trap_exit, false),
2333
 
    ok.
 
2638
    ssl_test_lib:close(Client).
 
2639
 
2334
2640
%%--------------------------------------------------------------------
2335
2641
server_renegotiate(doc) -> 
2336
2642
    ["Test ssl:renegotiate/1 on server."];
2339
2645
    [];
2340
2646
 
2341
2647
server_renegotiate(Config) when is_list(Config) ->
2342
 
    process_flag(trap_exit, true),
2343
2648
    ServerOpts = ?config(server_opts, Config),  
2344
2649
    ClientOpts = ?config(client_opts, Config),  
2345
2650
 
2362
2667
    
2363
2668
    ssl_test_lib:check_result(Server, ok, Client, ok),
2364
2669
    ssl_test_lib:close(Server),
2365
 
    ssl_test_lib:close(Client),
2366
 
    ok.
 
2670
    ssl_test_lib:close(Client).
2367
2671
 
2368
2672
%%--------------------------------------------------------------------
2369
2673
client_renegotiate_reused_session(doc) -> 
2373
2677
    [];
2374
2678
 
2375
2679
client_renegotiate_reused_session(Config) when is_list(Config) ->
2376
 
    process_flag(trap_exit, true),
2377
2680
    ServerOpts = ?config(server_opts, Config),  
2378
2681
    ClientOpts = ?config(client_opts, Config),  
2379
2682
 
2396
2699
                                        {options, [{reuse_sessions, true} | ClientOpts]}]),
2397
2700
    
2398
2701
    ssl_test_lib:check_result(Client, ok, Server, ok), 
2399
 
 
2400
2702
    ssl_test_lib:close(Server),
2401
 
    ssl_test_lib:close(Client),
2402
 
    process_flag(trap_exit, false),
2403
 
    ok.
 
2703
    ssl_test_lib:close(Client).
2404
2704
%%--------------------------------------------------------------------
2405
2705
server_renegotiate_reused_session(doc) -> 
2406
2706
    ["Test ssl:renegotiate/1 on server when the ssl session will be reused."];
2409
2709
    [];
2410
2710
 
2411
2711
server_renegotiate_reused_session(Config) when is_list(Config) ->
2412
 
    process_flag(trap_exit, true),
2413
2712
    ServerOpts = ?config(server_opts, Config),  
2414
2713
    ClientOpts = ?config(client_opts, Config),  
2415
2714
 
2432
2731
    
2433
2732
    ssl_test_lib:check_result(Server, ok, Client, ok),
2434
2733
    ssl_test_lib:close(Server),
2435
 
    ssl_test_lib:close(Client),
2436
 
    ok.
2437
 
 
 
2734
    ssl_test_lib:close(Client).
2438
2735
%%--------------------------------------------------------------------
2439
2736
client_no_wrap_sequence_number(doc) -> 
2440
2737
    ["Test that erlang client will renegotiate session when",  
2446
2743
    [];
2447
2744
 
2448
2745
client_no_wrap_sequence_number(Config) when is_list(Config) ->
2449
 
    process_flag(trap_exit, true),
2450
2746
    ServerOpts = ?config(server_opts, Config),  
2451
2747
    ClientOpts = ?config(client_opts, Config),  
2452
2748
 
2462
2758
                                   {options, ServerOpts}]),
2463
2759
    Port = ssl_test_lib:inet_port(Server),
2464
2760
 
 
2761
    Version = ssl_record:highest_protocol_version(ssl_record:supported_protocol_versions()),
 
2762
 
2465
2763
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
2466
2764
                                        {host, Hostname},
2467
2765
                                        {from, self()}, 
2468
2766
                                        {mfa, {ssl_test_lib, 
2469
 
                                               trigger_renegotiate, [[ErlData, N+2]]}},
 
2767
                                               trigger_renegotiate, [[ErlData, treashold(N, Version)]]}},
2470
2768
                                        {options, [{reuse_sessions, false},
2471
2769
                                                   {renegotiate_at, N} | ClientOpts]}]),
2472
2770
    
2473
2771
    ssl_test_lib:check_result(Client, ok), 
 
2772
    ssl_test_lib:close(Server),
 
2773
    ssl_test_lib:close(Client).
2474
2774
 
2475
 
    ssl_test_lib:close(Server),
2476
 
    ssl_test_lib:close(Client),
2477
 
    process_flag(trap_exit, false),
2478
 
    ok.
 
2775
 %% First two clauses handles 1/n-1 splitting countermeasure Rizzo/Duong-Beast
 
2776
treashold(N, {3,0}) ->
 
2777
    (N div 2) + 1;
 
2778
treashold(N, {3,1}) ->
 
2779
    (N div 2) + 1;
 
2780
treashold(N, _) ->
 
2781
    N + 1.
 
2782
    
2479
2783
%%--------------------------------------------------------------------
2480
2784
server_no_wrap_sequence_number(doc) -> 
2481
2785
    ["Test that erlang server will renegotiate session when",  
2487
2791
    [];
2488
2792
 
2489
2793
server_no_wrap_sequence_number(Config) when is_list(Config) ->
2490
 
    process_flag(trap_exit, true),
2491
2794
    ServerOpts = ?config(server_opts, Config),  
2492
2795
    ClientOpts = ?config(client_opts, Config),  
2493
2796
 
2511
2814
    
2512
2815
    ssl_test_lib:check_result(Server, ok),
2513
2816
    ssl_test_lib:close(Server),
2514
 
    ssl_test_lib:close(Client),
2515
 
    ok.
2516
 
 
 
2817
    ssl_test_lib:close(Client).
2517
2818
%%--------------------------------------------------------------------
2518
 
extended_key_usage(doc) -> 
2519
 
    ["Test cert that has a critical extended_key_usage extension"];
 
2819
extended_key_usage_verify_peer(doc) ->
 
2820
    ["Test cert that has a critical extended_key_usage extension in verify_peer mode"];
2520
2821
 
2521
 
extended_key_usage(suite) -> 
 
2822
extended_key_usage_verify_peer(suite) ->
2522
2823
    [];
2523
2824
 
2524
 
extended_key_usage(Config) when is_list(Config) -> 
 
2825
extended_key_usage_verify_peer(Config) when is_list(Config) ->
2525
2826
    ClientOpts = ?config(client_verification_opts, Config),
2526
2827
    ServerOpts = ?config(server_verification_opts, Config),
2527
2828
    PrivDir = ?config(priv_dir, Config),
2528
2829
   
2529
2830
    KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"), 
2530
2831
    [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
2531
 
    Key = public_key:pem_entry_decode(KeyEntry),
 
2832
    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
2532
2833
 
2533
2834
    ServerCertFile = proplists:get_value(certfile, ServerOpts),
2534
2835
    NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
2537
2838
    ServerExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-serverAuth']},
2538
2839
    ServerOTPTbsCert = ServerOTPCert#'OTPCertificate'.tbsCertificate,
2539
2840
    ServerExtensions =  ServerOTPTbsCert#'OTPTBSCertificate'.extensions,
2540
 
    NewServerOTPTbsCert = ServerOTPTbsCert#'OTPTBSCertificate'{extensions = 
2541
 
                                                               [ServerExtKeyUsageExt | 
 
2841
    NewServerOTPTbsCert = ServerOTPTbsCert#'OTPTBSCertificate'{extensions =
 
2842
                                                               [ServerExtKeyUsageExt |
2542
2843
                                                                ServerExtensions]},
2543
 
    NewServerDerCert = public_key:pkix_sign(NewServerOTPTbsCert, Key), 
 
2844
    NewServerDerCert = public_key:pkix_sign(NewServerOTPTbsCert, Key),
2544
2845
    ssl_test_lib:der_to_pem(NewServerCertFile, [{'Certificate', NewServerDerCert, not_encrypted}]),
2545
2846
    NewServerOpts = [{certfile, NewServerCertFile} | proplists:delete(certfile, ServerOpts)],
2546
 
    
 
2847
 
2547
2848
    ClientCertFile = proplists:get_value(certfile, ClientOpts),
2548
2849
    NewClientCertFile = filename:join(PrivDir, "client/new_cert.pem"),
2549
2850
    [{'Certificate', ClientDerCert, _}] = ssl_test_lib:pem_to_der(ClientCertFile),
2551
2852
    ClientExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-clientAuth']},
2552
2853
    ClientOTPTbsCert = ClientOTPCert#'OTPCertificate'.tbsCertificate,
2553
2854
    ClientExtensions =  ClientOTPTbsCert#'OTPTBSCertificate'.extensions,
2554
 
    NewClientOTPTbsCert = ClientOTPTbsCert#'OTPTBSCertificate'{extensions = 
 
2855
    NewClientOTPTbsCert = ClientOTPTbsCert#'OTPTBSCertificate'{extensions =
2555
2856
                                                               [ClientExtKeyUsageExt |
2556
2857
                                                                ClientExtensions]},
2557
 
    NewClientDerCert = public_key:pkix_sign(NewClientOTPTbsCert, Key), 
 
2858
    NewClientDerCert = public_key:pkix_sign(NewClientOTPTbsCert, Key),
2558
2859
    ssl_test_lib:der_to_pem(NewClientCertFile, [{'Certificate', NewClientDerCert, not_encrypted}]),
2559
2860
    NewClientOpts = [{certfile, NewClientCertFile} | proplists:delete(certfile, ClientOpts)],
2560
2861
 
2561
2862
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2562
 
    
2563
 
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
2564
 
                                        {from, self()}, 
 
2863
 
 
2864
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
2865
                                        {from, self()},
2565
2866
                           {mfa, {?MODULE, send_recv_result_active, []}},
2566
2867
                           {options, [{verify, verify_peer} | NewServerOpts]}]),
2567
2868
    Port = ssl_test_lib:inet_port(Server),
2568
 
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 
2869
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2569
2870
                                        {host, Hostname},
2570
 
                           {from, self()}, 
 
2871
                           {from, self()},
2571
2872
                           {mfa, {?MODULE, send_recv_result_active, []}},
2572
2873
                                        {options, [{verify, verify_peer} | NewClientOpts]}]),
2573
 
    
2574
 
    ssl_test_lib:check_result(Server, ok, Client, ok),
2575
 
    
 
2874
 
 
2875
    ssl_test_lib:check_result(Server, ok, Client, ok),
 
2876
 
 
2877
    ssl_test_lib:close(Server),
 
2878
    ssl_test_lib:close(Client).
 
2879
 
 
2880
%%--------------------------------------------------------------------
 
2881
extended_key_usage_verify_none(doc) ->
 
2882
    ["Test cert that has a critical extended_key_usage extension in verify_none mode"];
 
2883
 
 
2884
extended_key_usage_verify_none(suite) ->
 
2885
    [];
 
2886
 
 
2887
extended_key_usage_verify_none(Config) when is_list(Config) ->
 
2888
    ClientOpts = ?config(client_verification_opts, Config),
 
2889
    ServerOpts = ?config(server_verification_opts, Config),
 
2890
    PrivDir = ?config(priv_dir, Config),
 
2891
 
 
2892
    KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
 
2893
    [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
 
2894
    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
 
2895
 
 
2896
    ServerCertFile = proplists:get_value(certfile, ServerOpts),
 
2897
    NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
 
2898
    [{'Certificate', ServerDerCert, _}] = ssl_test_lib:pem_to_der(ServerCertFile),
 
2899
    ServerOTPCert = public_key:pkix_decode_cert(ServerDerCert, otp),
 
2900
    ServerExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-serverAuth']},
 
2901
    ServerOTPTbsCert = ServerOTPCert#'OTPCertificate'.tbsCertificate,
 
2902
    ServerExtensions =  ServerOTPTbsCert#'OTPTBSCertificate'.extensions,
 
2903
    NewServerOTPTbsCert = ServerOTPTbsCert#'OTPTBSCertificate'{extensions =
 
2904
                                                               [ServerExtKeyUsageExt |
 
2905
                                                                ServerExtensions]},
 
2906
    NewServerDerCert = public_key:pkix_sign(NewServerOTPTbsCert, Key),
 
2907
    ssl_test_lib:der_to_pem(NewServerCertFile, [{'Certificate', NewServerDerCert, not_encrypted}]),
 
2908
    NewServerOpts = [{certfile, NewServerCertFile} | proplists:delete(certfile, ServerOpts)],
 
2909
 
 
2910
    ClientCertFile = proplists:get_value(certfile, ClientOpts),
 
2911
    NewClientCertFile = filename:join(PrivDir, "client/new_cert.pem"),
 
2912
    [{'Certificate', ClientDerCert, _}] = ssl_test_lib:pem_to_der(ClientCertFile),
 
2913
    ClientOTPCert = public_key:pkix_decode_cert(ClientDerCert, otp),
 
2914
    ClientExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-clientAuth']},
 
2915
    ClientOTPTbsCert = ClientOTPCert#'OTPCertificate'.tbsCertificate,
 
2916
    ClientExtensions =  ClientOTPTbsCert#'OTPTBSCertificate'.extensions,
 
2917
    NewClientOTPTbsCert = ClientOTPTbsCert#'OTPTBSCertificate'{extensions =
 
2918
                                                                   [ClientExtKeyUsageExt |
 
2919
                                                                    ClientExtensions]},
 
2920
    NewClientDerCert = public_key:pkix_sign(NewClientOTPTbsCert, Key),
 
2921
    ssl_test_lib:der_to_pem(NewClientCertFile, [{'Certificate', NewClientDerCert, not_encrypted}]),
 
2922
    NewClientOpts = [{certfile, NewClientCertFile} | proplists:delete(certfile, ClientOpts)],
 
2923
 
 
2924
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
2925
 
 
2926
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
2927
                                        {from, self()},
 
2928
                           {mfa, {?MODULE, send_recv_result_active, []}},
 
2929
                           {options, [{verify, verify_none} | NewServerOpts]}]),
 
2930
    Port = ssl_test_lib:inet_port(Server),
 
2931
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
2932
                                        {host, Hostname},
 
2933
                           {from, self()},
 
2934
                           {mfa, {?MODULE, send_recv_result_active, []}},
 
2935
                                        {options, [{verify, verify_none} | NewClientOpts]}]),
 
2936
 
 
2937
    ssl_test_lib:check_result(Server, ok, Client, ok),
 
2938
 
2576
2939
    ssl_test_lib:close(Server),
2577
2940
    ssl_test_lib:close(Client).
2578
2941
 
2590
2953
   
2591
2954
    KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
2592
2955
    [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
2593
 
    Key = public_key:pem_entry_decode(KeyEntry),
 
2956
    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
2594
2957
 
2595
2958
    CertFile = proplists:get_value(certfile, ServerOpts),
2596
2959
    NewCertFile = filename:join(PrivDir, "server/new_cert.pem"),
2648
3011
   
2649
3012
    KeyFile = filename:join(PrivDir, "server/key.pem"),
2650
3013
    [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
2651
 
    Key = public_key:pem_entry_decode(KeyEntry),
 
3014
    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
2652
3015
 
2653
3016
    ServerCertFile = proplists:get_value(certfile, ServerOpts),
2654
3017
    NewServerCertFile = filename:join(PrivDir, "server/invalid_cert.pem"),
2670
3033
                                              {from, self()}, 
2671
3034
                                              {options, [{verify, verify_peer} | ClientOpts]}]),
2672
3035
    
2673
 
    ssl_test_lib:check_result(Server, {error, "bad certificate"}, 
2674
 
                              Client, {error,"bad certificate"}).
 
3036
    tcp_delivery_workaround(Server, {error, "bad certificate"},
 
3037
                            Client, {error,"bad certificate"}).
2675
3038
    
2676
3039
%%--------------------------------------------------------------------
2677
3040
 
2688
3051
   
2689
3052
    KeyFile = filename:join(PrivDir, "client/key.pem"),
2690
3053
    [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
2691
 
    Key = public_key:pem_entry_decode(KeyEntry),
 
3054
    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
2692
3055
 
2693
3056
    ClientCertFile = proplists:get_value(certfile, ClientOpts),
2694
3057
    NewClientCertFile = filename:join(PrivDir, "client/invalid_cert.pem"),
2716
3079
tcp_delivery_workaround(Server, ServerMsg, Client, ClientMsg) ->
2717
3080
    receive 
2718
3081
        {Server, ServerMsg} ->
2719
 
            receive 
2720
 
                {Client, ClientMsg} ->
2721
 
                    ok;
2722
 
                {Client, {error,closed}} ->
2723
 
                    test_server:format("client got close");
2724
 
                Unexpected ->
2725
 
                    test_server:fail(Unexpected) 
2726
 
            end;
 
3082
            client_msg(Client, ClientMsg);
2727
3083
        {Client, ClientMsg} ->
2728
 
            receive 
2729
 
                {Server, ServerMsg} ->
2730
 
                    ok;
2731
 
                Unexpected ->
2732
 
                    test_server:fail(Unexpected) 
2733
 
            end;
 
3084
            server_msg(Server, ServerMsg);
2734
3085
        {Client, {error,closed}} ->
2735
 
            receive 
2736
 
                {Server, ServerMsg} ->
2737
 
                    ok;
2738
 
                Unexpected ->
2739
 
                    test_server:fail(Unexpected) 
2740
 
            end;
2741
 
        {Server, {error,closed}} ->
2742
 
            receive 
2743
 
                {Client, ClientMsg} ->
2744
 
                    ok;
2745
 
                {Client, {error,closed}} ->
2746
 
                    test_server:format("client got close"),
2747
 
                    ok;
2748
 
                Unexpected ->
2749
 
                    test_server:fail(Unexpected) 
2750
 
            end;
2751
 
        Unexpected ->
2752
 
            test_server:fail(Unexpected)
2753
 
    end.
 
3086
            server_msg(Server, ServerMsg);
 
3087
        {Server, {error,closed}} ->
 
3088
            client_msg(Client, ClientMsg);
 
3089
        {Client, {error, esslconnect}} ->
 
3090
            server_msg(Server, ServerMsg);
 
3091
        {Server, {error, esslaccept}} ->
 
3092
            client_msg(Client, ClientMsg)
 
3093
    end.
 
3094
 
 
3095
client_msg(Client, ClientMsg) ->
 
3096
    receive
 
3097
        {Client, ClientMsg} ->
 
3098
            ok;
 
3099
        {Client, {error,closed}} ->
 
3100
            test_server:format("client got close"),
 
3101
            ok;
 
3102
        {Client, {error, esslconnect}} ->
 
3103
            test_server:format("client got econnaborted"),
 
3104
            ok;
 
3105
        Unexpected ->
 
3106
            test_server:fail(Unexpected)
 
3107
    end.
 
3108
 
 
3109
server_msg(Server, ServerMsg) ->
 
3110
    receive
 
3111
        {Server, ServerMsg} ->
 
3112
            ok;
 
3113
        {Server, {error,closed}} ->
 
3114
            test_server:format("server got close"),
 
3115
            ok;
 
3116
        {Server, {error, esslaccept}} ->
 
3117
            test_server:format("server got econnaborted"),
 
3118
            ok;
 
3119
        Unexpected ->
 
3120
            test_server:fail(Unexpected)
 
3121
    end.
 
3122
 
2754
3123
%%--------------------------------------------------------------------
2755
3124
cert_expired(doc) -> 
2756
3125
    ["Test server with invalid signature"];
2765
3134
   
2766
3135
    KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
2767
3136
    [KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
2768
 
    Key = public_key:pem_entry_decode(KeyEntry),
 
3137
    Key = ssl_test_lib:public_key(public_key:pem_entry_decode(KeyEntry)),
2769
3138
 
2770
3139
    ServerCertFile = proplists:get_value(certfile, ServerOpts),
2771
3140
    NewServerCertFile = filename:join(PrivDir, "server/expired_cert.pem"),
2885
3254
                                                | ClientOpts]}]),
2886
3255
 
2887
3256
    ssl_test_lib:check_result(Server, {error,"unknown ca"},
2888
 
                              Client, {error, "unknown ca"}),
2889
 
    ssl_test_lib:close(Server),
2890
 
    ssl_test_lib:close(Client).
 
3257
                              Client, {error, "unknown ca"}).
2891
3258
 
2892
3259
%%--------------------------------------------------------------------
2893
3260
unknown_server_ca_accept_verify_none(doc) ->
2958
3325
    ssl_test_lib:close(Client).
2959
3326
 
2960
3327
%%--------------------------------------------------------------------
2961
 
unknown_server_ca_accept_backwardscompatibilty(doc) ->
 
3328
unknown_server_ca_accept_backwardscompatibility(doc) ->
2962
3329
    ["Test that old style verify_funs will work"];
2963
 
unknown_server_ca_accept_backwardscompatibilty(suite) ->
 
3330
unknown_server_ca_accept_backwardscompatibility(suite) ->
2964
3331
    [];
2965
 
unknown_server_ca_accept_backwardscompatibilty(Config) when is_list(Config) ->
 
3332
unknown_server_ca_accept_backwardscompatibility(Config) when is_list(Config) ->
2966
3333
    ClientOpts =  ?config(client_opts, Config),
2967
3334
    ServerOpts =  ?config(server_opts, Config),
2968
3335
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
3042
3409
    Keyfile = proplists:get_value(keyfile, Opts),
3043
3410
    Dhfile = proplists:get_value(dhfile, Opts),
3044
3411
    [{_, Cert, _}] = ssl_test_lib:pem_to_der(Certfile),
3045
 
    [{_, Key, _}]  = ssl_test_lib:pem_to_der(Keyfile),
 
3412
    [{Asn1Type, Key, _}]  = ssl_test_lib:pem_to_der(Keyfile),
3046
3413
    [{_, DHParams, _}]  = ssl_test_lib:pem_to_der(Dhfile),
3047
3414
    CaCerts =
3048
3415
        lists:map(fun(Entry) ->
3049
3416
                          {_, CaCert, _} = Entry,
3050
3417
                          CaCert
3051
3418
                  end, ssl_test_lib:pem_to_der(CaCertsfile)),
3052
 
    {Cert, {rsa, Key}, CaCerts, DHParams}.
 
3419
    {Cert, {Asn1Type, Key}, CaCerts, DHParams}.
 
3420
 
 
3421
%%--------------------------------------------------------------------
 
3422
%% different_ca_peer_sign(doc) ->
 
3423
%%     ["Check that a CA can have a different signature algorithm than the peer cert."];
 
3424
 
 
3425
%% different_ca_peer_sign(suite) ->
 
3426
%%     [];
 
3427
 
 
3428
%% different_ca_peer_sign(Config) when is_list(Config) ->
 
3429
%%     ClientOpts =  ?config(client_mix_opts, Config),
 
3430
%%     ServerOpts =  ?config(server_mix_verify_opts, Config),
 
3431
 
 
3432
%%     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
3433
%%     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
3434
%%                                      {from, self()},
 
3435
%%                         {mfa, {?MODULE, send_recv_result_active_once, []}},
 
3436
%%                         {options, [{active, once},
 
3437
%%                                    {verify, verify_peer} | ServerOpts]}]),
 
3438
%%     Port  = ssl_test_lib:inet_port(Server),
 
3439
 
 
3440
%%     Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
3441
%%                                      {host, Hostname},
 
3442
%%                                      {from, self()},
 
3443
%%                                      {mfa, {?MODULE,
 
3444
%%                                             send_recv_result_active_once,
 
3445
%%                                             []}},
 
3446
%%                                      {options, [{active, once},
 
3447
%%                                                 {verify, verify_peer}
 
3448
%%                                                 | ClientOpts]}]),
 
3449
 
 
3450
%%     ssl_test_lib:check_result(Server, ok, Client, ok),
 
3451
%%     ssl_test_lib:close(Server),
 
3452
%%     ssl_test_lib:close(Client).
 
3453
 
 
3454
 
 
3455
%%--------------------------------------------------------------------
 
3456
no_reuses_session_server_restart_new_cert(doc) ->
 
3457
    ["Check that a session is not reused if the server is restarted with a new cert."];
 
3458
 
 
3459
no_reuses_session_server_restart_new_cert(suite) ->
 
3460
    [];
 
3461
 
 
3462
no_reuses_session_server_restart_new_cert(Config) when is_list(Config) ->
 
3463
 
 
3464
    ClientOpts = ?config(client_opts, Config),
 
3465
    ServerOpts = ?config(server_opts, Config),
 
3466
    DsaServerOpts = ?config(server_dsa_opts, Config),
 
3467
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
3468
 
 
3469
    Server =
 
3470
        ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
3471
                                   {from, self()},
 
3472
                      {mfa, {ssl_test_lib, session_info_result, []}},
 
3473
                                   {options, ServerOpts}]),
 
3474
    Port = ssl_test_lib:inet_port(Server),
 
3475
    Client0 =
 
3476
        ssl_test_lib:start_client([{node, ClientNode},
 
3477
                      {port, Port}, {host, Hostname},
 
3478
                            {mfa, {ssl_test_lib, no_result, []}},
 
3479
                      {from, self()},  {options, ClientOpts}]),
 
3480
    SessionInfo =
 
3481
        receive
 
3482
            {Server, Info} ->
 
3483
                Info
 
3484
        end,
 
3485
 
 
3486
    %% Make sure session is registered
 
3487
    test_server:sleep(?SLEEP),
 
3488
    ssl_test_lib:close(Server),
 
3489
    ssl_test_lib:close(Client0),
 
3490
 
 
3491
    Server1 =
 
3492
        ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
 
3493
                                   {from, self()},
 
3494
                      {mfa, {ssl_test_lib, no_result, []}},
 
3495
                                   {options, DsaServerOpts}]),
 
3496
 
 
3497
    Client1 =
 
3498
        ssl_test_lib:start_client([{node, ClientNode},
 
3499
                      {port, Port}, {host, Hostname},
 
3500
                      {mfa, {ssl_test_lib, session_info_result, []}},
 
3501
                      {from, self()},  {options, ClientOpts}]),
 
3502
    receive
 
3503
        {Client1, SessionInfo} ->
 
3504
            test_server:fail(session_reused_when_server_has_new_cert);
 
3505
        {Client1, _Other} ->
 
3506
           ok
 
3507
    end,
 
3508
    ssl_test_lib:close(Server1),
 
3509
    ssl_test_lib:close(Client1).
 
3510
 
 
3511
%%--------------------------------------------------------------------
 
3512
no_reuses_session_server_restart_new_cert_file(doc) ->
 
3513
    ["Check that a session is not reused if a server is restarted with a new "
 
3514
     "cert contained in a file with the same name as the old cert."];
 
3515
 
 
3516
no_reuses_session_server_restart_new_cert_file(suite) ->
 
3517
    [];
 
3518
 
 
3519
no_reuses_session_server_restart_new_cert_file(Config) when is_list(Config) ->
 
3520
    ClientOpts = ?config(client_opts, Config),
 
3521
    ServerOpts = ?config(server_verification_opts, Config),
 
3522
    DsaServerOpts = ?config(server_dsa_opts, Config),
 
3523
    PrivDir =  ?config(priv_dir, Config),
 
3524
 
 
3525
    NewServerOpts = new_config(PrivDir, ServerOpts),
 
3526
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
3527
 
 
3528
    Server =
 
3529
        ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
3530
                                   {from, self()},
 
3531
                      {mfa, {ssl_test_lib, session_info_result, []}},
 
3532
                                   {options, NewServerOpts}]),
 
3533
    Port = ssl_test_lib:inet_port(Server),
 
3534
    Client0 =
 
3535
        ssl_test_lib:start_client([{node, ClientNode},
 
3536
                      {port, Port}, {host, Hostname},
 
3537
                            {mfa, {ssl_test_lib, no_result, []}},
 
3538
                      {from, self()},  {options, ClientOpts}]),
 
3539
    SessionInfo =
 
3540
        receive
 
3541
            {Server, Info} ->
 
3542
                Info
 
3543
        end,
 
3544
 
 
3545
    %% Make sure session is registered and we get
 
3546
    %% new file time stamp when calling new_config!
 
3547
    test_server:sleep(?SLEEP* 2),
 
3548
    ssl_test_lib:close(Server),
 
3549
    ssl_test_lib:close(Client0),
 
3550
 
 
3551
    NewServerOpts = new_config(PrivDir, DsaServerOpts),
 
3552
 
 
3553
    Server1 =
 
3554
        ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
 
3555
                                   {from, self()},
 
3556
                      {mfa, {ssl_test_lib, no_result, []}},
 
3557
                                   {options, NewServerOpts}]),
 
3558
    Client1 =
 
3559
        ssl_test_lib:start_client([{node, ClientNode},
 
3560
                      {port, Port}, {host, Hostname},
 
3561
                      {mfa, {ssl_test_lib, session_info_result, []}},
 
3562
                                   {from, self()},  {options, ClientOpts}]),
 
3563
    receive
 
3564
        {Client1, SessionInfo} ->
 
3565
            test_server:fail(session_reused_when_server_has_new_cert);
 
3566
        {Client1, _Other} ->
 
3567
           ok
 
3568
    end,
 
3569
    ssl_test_lib:close(Server1),
 
3570
    ssl_test_lib:close(Client1).
 
3571
 
 
3572
%%--------------------------------------------------------------------
 
3573
reuseaddr(doc) ->
 
3574
    [""];
 
3575
 
 
3576
reuseaddr(suite) ->
 
3577
    [];
 
3578
 
 
3579
reuseaddr(Config) when is_list(Config) ->
 
3580
    ClientOpts = ?config(client_opts, Config),
 
3581
    ServerOpts = ?config(server_opts, Config),
 
3582
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
3583
    Server =
 
3584
        ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
3585
                                   {from, self()},
 
3586
                                   {mfa, {ssl_test_lib, no_result, []}},
 
3587
                                   {options,  [{active, false} | ServerOpts]}]),
 
3588
    Port = ssl_test_lib:inet_port(Server),
 
3589
    Client =
 
3590
        ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
3591
                                   {host, Hostname},
 
3592
                                   {from, self()},
 
3593
                                   {mfa, {ssl_test_lib, no_result, []}},
 
3594
                                   {options, [{active, false} | ClientOpts]}]),
 
3595
    test_server:sleep(?SLEEP),
 
3596
    ssl_test_lib:close(Server),
 
3597
    ssl_test_lib:close(Client),
 
3598
 
 
3599
    Server1 =
 
3600
        ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
 
3601
                                   {from, self()},
 
3602
                                   {mfa, {?MODULE, send_recv_result, []}},
 
3603
                                   {options,  [{active, false} | ServerOpts]}]),
 
3604
    Client1 =
 
3605
        ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
3606
                                   {host, Hostname},
 
3607
                                   {from, self()},
 
3608
                                   {mfa, {?MODULE, send_recv_result, []}},
 
3609
                                   {options, [{active, false} | ClientOpts]}]),
 
3610
 
 
3611
    ssl_test_lib:check_result(Server1, ok, Client1, ok),
 
3612
    ssl_test_lib:close(Server1),
 
3613
    ssl_test_lib:close(Client1).
 
3614
 
 
3615
%%--------------------------------------------------------------------
 
3616
 
 
3617
hibernate(doc) -> 
 
3618
    ["Check that an SSL connection that is started with option "
 
3619
     "{hibernate_after, 1000} indeed hibernates after 1000ms of "
 
3620
     "inactivity"];
 
3621
 
 
3622
hibernate(suite) ->
 
3623
    [];
 
3624
 
 
3625
hibernate(Config) ->
 
3626
    ClientOpts = ?config(client_opts, Config),
 
3627
    ServerOpts = ?config(server_opts, Config),
 
3628
 
 
3629
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
3630
 
 
3631
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
3632
                                        {from, self()},
 
3633
                                        {mfa, {?MODULE, send_recv_result_active, []}},
 
3634
                                        {options, ServerOpts}]),
 
3635
    Port = ssl_test_lib:inet_port(Server),
 
3636
    {Client, #sslsocket{pid=Pid}} = ssl_test_lib:start_client([return_socket,
 
3637
                    {node, ClientNode}, {port, Port},
 
3638
                                        {host, Hostname},
 
3639
                                        {from, self()},
 
3640
                                        {mfa, {?MODULE, send_recv_result_active, []}},
 
3641
                                        {options, [{hibernate_after, 1000}|ClientOpts]}]),
 
3642
    {current_function, _} =
 
3643
        process_info(Pid, current_function),
 
3644
 
 
3645
    timer:sleep(1100),
 
3646
 
 
3647
    {current_function, {erlang, hibernate, 3}} =
 
3648
        process_info(Pid, current_function),
 
3649
 
 
3650
    ssl_test_lib:close(Server),
 
3651
    ssl_test_lib:close(Client).
 
3652
 
 
3653
%%--------------------------------------------------------------------
 
3654
 
 
3655
connect_twice(doc) ->
 
3656
    [""];
 
3657
connect_twice(suite) ->
 
3658
    [];
 
3659
connect_twice(Config) when is_list(Config) ->
 
3660
    ClientOpts = ?config(client_opts, Config),
 
3661
    ServerOpts = ?config(server_opts, Config),
 
3662
 
 
3663
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
3664
 
 
3665
    Server =
 
3666
        ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
3667
                                   {from, self()},
 
3668
                                   {mfa, {?MODULE, send_recv_result, []}},
 
3669
                                   {options,  [{keepalive, true},{active, false}
 
3670
                                               | ServerOpts]}]),
 
3671
    Port = ssl_test_lib:inet_port(Server),
 
3672
    Client =
 
3673
        ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
3674
                                   {host, Hostname},
 
3675
                                   {from, self()},
 
3676
                                   {mfa, {?MODULE, send_recv_result, []}},
 
3677
                                   {options, [{keepalive, true},{active, false}
 
3678
                                              | ClientOpts]}]),
 
3679
    Server ! listen,
 
3680
 
 
3681
    {Client1, #sslsocket{}} =
 
3682
        ssl_test_lib:start_client([return_socket,
 
3683
                                   {node, ClientNode}, {port, Port},
 
3684
                                   {host, Hostname},
 
3685
                                   {from, self()},
 
3686
                                   {mfa, {?MODULE, send_recv_result, []}},
 
3687
                                   {options, [{keepalive, true},{active, false}
 
3688
                                              | ClientOpts]}]),
 
3689
 
 
3690
    test_server:format("Testcase ~p, Client ~p  Server ~p ~n",
 
3691
                         [self(), Client, Server]),
 
3692
 
 
3693
    ssl_test_lib:check_result(Server, ok, Client, ok),
 
3694
    ssl_test_lib:check_result(Server, ok, Client1, ok),
 
3695
 
 
3696
    ssl_test_lib:close(Server),
 
3697
    ssl_test_lib:close(Client),
 
3698
    ssl_test_lib:close(Client1).
 
3699
 
 
3700
%%--------------------------------------------------------------------
 
3701
renegotiate_dos_mitigate_active(doc) ->
 
3702
    ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
 
3703
    "immediately after each other"];
 
3704
 
 
3705
renegotiate_dos_mitigate_active(suite) ->
 
3706
    [];
 
3707
 
 
3708
renegotiate_dos_mitigate_active(Config) when is_list(Config) ->
 
3709
    ServerOpts = ?config(server_opts, Config),
 
3710
    ClientOpts = ?config(client_opts, Config),
 
3711
 
 
3712
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
3713
 
 
3714
    Server =
 
3715
        ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
3716
                                   {from, self()},
 
3717
                                   {mfa, {?MODULE, send_recv_result_active, []}},
 
3718
                                   {options, [ServerOpts]}]),
 
3719
    Port = ssl_test_lib:inet_port(Server),
 
3720
 
 
3721
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
3722
                                        {host, Hostname},
 
3723
                                        {from, self()},
 
3724
                                        {mfa, {?MODULE,
 
3725
                                               renegotiate_immediately, []}},
 
3726
                                        {options, ClientOpts}]),
 
3727
 
 
3728
    ssl_test_lib:check_result(Client, ok, Server, ok),
 
3729
    ssl_test_lib:close(Server),
 
3730
    ssl_test_lib:close(Client).
 
3731
 
 
3732
%%--------------------------------------------------------------------
 
3733
renegotiate_dos_mitigate_passive(doc) ->
 
3734
    ["Mitigate DOS computational attack by not allowing client to renegotiate many times in a row",
 
3735
    "immediately after each other"];
 
3736
 
 
3737
renegotiate_dos_mitigate_passive(suite) ->
 
3738
    [];
 
3739
 
 
3740
renegotiate_dos_mitigate_passive(Config) when is_list(Config) ->
 
3741
    ServerOpts = ?config(server_opts, Config),
 
3742
    ClientOpts = ?config(client_opts, Config),
 
3743
 
 
3744
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
3745
 
 
3746
    Server =
 
3747
        ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
3748
                                   {from, self()},
 
3749
                                   {mfa, {?MODULE, send_recv_result, []}},
 
3750
                                   {options, [{active, false} | ServerOpts]}]),
 
3751
    Port = ssl_test_lib:inet_port(Server),
 
3752
 
 
3753
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
 
3754
                                        {host, Hostname},
 
3755
                                        {from, self()}, 
 
3756
                                        {mfa, {?MODULE, 
 
3757
                                               renegotiate_immediately, []}},
 
3758
                                        {options, ClientOpts}]),
 
3759
    
 
3760
    ssl_test_lib:check_result(Client, ok, Server, ok), 
 
3761
    ssl_test_lib:close(Server),
 
3762
    ssl_test_lib:close(Client).
 
3763
 
 
3764
%%--------------------------------------------------------------------
 
3765
tcp_error_propagation_in_active_mode(doc) ->
 
3766
    ["Test that process recives {ssl_error, Socket, closed} when tcp error ocurres"];
 
3767
tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
 
3768
    ClientOpts = ?config(client_opts, Config),
 
3769
    ServerOpts = ?config(server_opts, Config),
 
3770
 
 
3771
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
3772
 
 
3773
    Server  = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
 
3774
                                          {from, self()},
 
3775
                                          {mfa, {ssl_test_lib, no_result, []}},
 
3776
                                          {options, ServerOpts}]),
 
3777
    Port = ssl_test_lib:inet_port(Server),
 
3778
    {Client, #sslsocket{pid=Pid} = SslSocket} = ssl_test_lib:start_client([return_socket,
 
3779
                                                               {node, ClientNode}, {port, Port},
 
3780
                                                               {host, Hostname},
 
3781
                                                               {from, self()},
 
3782
                                                               {mfa, {?MODULE, receive_msg, []}},
 
3783
                                                               {options, ClientOpts}]),
 
3784
 
 
3785
    {status, _, _, StatusInfo} = sys:get_status(Pid),
 
3786
    [_, _,_, _, Prop] = StatusInfo,
 
3787
    State = ssl_test_lib:state(Prop),
 
3788
    Socket = element(10, State),
 
3789
 
 
3790
    %% Fake tcp error
 
3791
    Pid ! {tcp_error, Socket, etimedout},
 
3792
 
 
3793
    ssl_test_lib:check_result(Client, {ssl_closed, SslSocket}).
 
3794
%%--------------------------------------------------------------------
 
3795
 
 
3796
rizzo(doc) -> ["Test that there is a 1/n-1-split for non RC4 in 'TLS < 1.1' as it is
 
3797
    vunrable to Rizzo/Dungon attack"];
 
3798
 
 
3799
rizzo(Config) when is_list(Config) ->
 
3800
    Ciphers  = [X || X ={_,Y,_} <- ssl:cipher_suites(), Y  =/= rc4_128],
 
3801
    run_send_recv_rizzo(Ciphers, Config, sslv3,
 
3802
                         {?MODULE, send_recv_result_active_rizzo, []}),
 
3803
    run_send_recv_rizzo(Ciphers, Config, tlsv1,
 
3804
                         {?MODULE, send_recv_result_active_rizzo, []}).
 
3805
 
 
3806
no_rizzo_rc4(doc) -> 
 
3807
    ["Test that there is no 1/n-1-split for RC4 as it is not vunrable to Rizzo/Dungon attack"];
 
3808
 
 
3809
no_rizzo_rc4(Config) when is_list(Config) ->
 
3810
    Ciphers = [X || X ={_,Y,_} <- ssl:cipher_suites(),Y == rc4_128],
 
3811
    run_send_recv_rizzo(Ciphers, Config, sslv3,
 
3812
                        {?MODULE, send_recv_result_active_no_rizzo, []}),
 
3813
    run_send_recv_rizzo(Ciphers, Config, tlsv1,
 
3814
                        {?MODULE, send_recv_result_active_no_rizzo, []}).
 
3815
 
 
3816
run_send_recv_rizzo(Ciphers, Config, Version, Mfa) ->
 
3817
    Result =  lists:map(fun(Cipher) -> 
 
3818
                                rizzo_test(Cipher, Config, Version, Mfa) end,
 
3819
                        Ciphers),
 
3820
    case lists:flatten(Result) of
 
3821
        [] ->
 
3822
            ok;
 
3823
        Error ->
 
3824
            test_server:format("Cipher suite errors: ~p~n", [Error]),
 
3825
            test_server:fail(cipher_suite_failed_see_test_case_log) 
 
3826
    end.
 
3827
 
 
3828
rizzo_test(Cipher, Config, Version, Mfa) ->
 
3829
   {ClientOpts, ServerOpts} = client_server_opts(Cipher, Config),
 
3830
    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
3831
    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
 
3832
                                        {from, self()}, 
 
3833
                           {mfa, Mfa},
 
3834
                           {options, [{active, true}, {ciphers, [Cipher]},
 
3835
                                       {versions, [Version]}
 
3836
                                      | ServerOpts]}]),
 
3837
    Port  = ssl_test_lib:inet_port(Server),
 
3838
    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
 
3839
                                        {host, Hostname},
 
3840
                           {from, self()}, 
 
3841
                           {mfa, Mfa},
 
3842
                           {options, [{active, true} | ClientOpts]}]),
 
3843
    
 
3844
    Result = ssl_test_lib:check_result(Server, ok, Client, ok),
 
3845
    ssl_test_lib:close(Server),
 
3846
    ssl_test_lib:close(Client),
 
3847
    case Result of
 
3848
        ok ->
 
3849
            [];
 
3850
        Error ->
 
3851
            [{Cipher, Error}]
 
3852
    end.
 
3853
 
 
3854
client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == rsa orelse KeyAlgo == dhe_rsa ->
 
3855
    {?config(client_opts, Config),
 
3856
     ?config(server_opts, Config)};   
 
3857
client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == dss orelse KeyAlgo == dhe_dss ->
 
3858
    {?config(client_dsa_opts, Config),
 
3859
     ?config(server_dsa_opts, Config)}.
3053
3860
 
3054
3861
%%--------------------------------------------------------------------
3055
3862
%%% Internal functions
3056
3863
%%--------------------------------------------------------------------
3057
 
erlang_ssl_receive(Socket, Data) ->
3058
 
    receive
3059
 
        {ssl, Socket, Data} ->
3060
 
            io:format("Received ~p~n",[Data]),
3061
 
            ok;
3062
 
        Other ->
3063
 
            test_server:fail({unexpected_message, Other})
3064
 
    after ?SLEEP * 3 ->
3065
 
            test_server:fail({did_not_get, Data})
3066
 
    end.
3067
 
 
3068
3864
send_recv_result(Socket) ->
3069
3865
    ssl:send(Socket, "Hello world"),
3070
3866
    {ok,"Hello world"} = ssl:recv(Socket, 11),
3073
3869
send_recv_result_active(Socket) ->
3074
3870
    ssl:send(Socket, "Hello world"),
3075
3871
    receive 
 
3872
        {ssl, Socket, "H"} ->
 
3873
            receive 
 
3874
                {ssl, Socket, "ello world"} ->
 
3875
                    ok
 
3876
            end;
 
3877
        {ssl, Socket, "Hello world"} ->
 
3878
            ok
 
3879
    end.
 
3880
 
 
3881
send_recv_result_active_rizzo(Socket) ->
 
3882
    ssl:send(Socket, "Hello world"),
 
3883
    receive 
 
3884
        {ssl, Socket, "H"} ->
 
3885
            receive 
 
3886
                {ssl, Socket, "ello world"} ->
 
3887
                    ok
 
3888
            end
 
3889
    end.
 
3890
 
 
3891
send_recv_result_active_no_rizzo(Socket) ->
 
3892
    ssl:send(Socket, "Hello world"),
 
3893
    receive 
3076
3894
        {ssl, Socket, "Hello world"} ->
3077
3895
            ok
3078
3896
    end.
3080
3898
send_recv_result_active_once(Socket) ->
3081
3899
    ssl:send(Socket, "Hello world"),
3082
3900
    receive 
 
3901
        {ssl, Socket, "H"} ->
 
3902
            ssl:setopts(Socket, [{active, once}]),
 
3903
            receive 
 
3904
                {ssl, Socket, "ello world"} ->
 
3905
                    ok
 
3906
            end;
3083
3907
        {ssl, Socket, "Hello world"} ->
3084
3908
            ok
3085
3909
    end.
3087
3911
result_ok(_Socket) ->
3088
3912
    ok.
3089
3913
 
3090
 
 
3091
3914
renegotiate(Socket, Data) ->
3092
3915
    test_server:format("Renegotiating ~n", []),
3093
3916
    Result = ssl:renegotiate(Socket),
3104
3927
    %% Make sure session is registerd
3105
3928
    test_server:sleep(?SLEEP),
3106
3929
    renegotiate(Socket, Data).
 
3930
 
 
3931
renegotiate_immediately(Socket) ->
 
3932
    receive 
 
3933
        {ssl, Socket, "Hello world"} ->
 
3934
            ok;
 
3935
        %% Handle 1/n-1 splitting countermeasure Rizzo/Duong-Beast
 
3936
        {ssl, Socket, "H"} ->
 
3937
            receive 
 
3938
                {ssl, Socket, "ello world"} ->
 
3939
                    ok
 
3940
            end
 
3941
    end,
 
3942
    ok = ssl:renegotiate(Socket),  
 
3943
    {error, renegotiation_rejected} = ssl:renegotiate(Socket),
 
3944
    test_server:sleep(?RENEGOTIATION_DISABLE_TIME +1),
 
3945
    ok = ssl:renegotiate(Socket),
 
3946
    test_server:format("Renegotiated again"),
 
3947
    ssl:send(Socket, "Hello world"),
 
3948
    ok.
 
3949
    
 
3950
new_config(PrivDir, ServerOpts0) ->
 
3951
    CaCertFile = proplists:get_value(cacertfile, ServerOpts0),
 
3952
    CertFile = proplists:get_value(certfile, ServerOpts0),
 
3953
    KeyFile = proplists:get_value(keyfile, ServerOpts0),
 
3954
    NewCaCertFile = filename:join(PrivDir, "new_ca.pem"),
 
3955
    NewCertFile = filename:join(PrivDir, "new_cert.pem"),
 
3956
    NewKeyFile = filename:join(PrivDir, "new_key.pem"),
 
3957
    file:copy(CaCertFile, NewCaCertFile),
 
3958
    file:copy(CertFile, NewCertFile),
 
3959
    file:copy(KeyFile, NewKeyFile),
 
3960
    ServerOpts1 = proplists:delete(cacertfile, ServerOpts0),
 
3961
    ServerOpts2 = proplists:delete(certfile, ServerOpts1),
 
3962
    ServerOpts = proplists:delete(keyfile, ServerOpts2),
 
3963
 
 
3964
    {ok, PEM} = file:read_file(NewCaCertFile),
 
3965
    test_server:format("CA file content: ~p~n", [public_key:pem_decode(PEM)]),
 
3966
 
 
3967
    [{cacertfile, NewCaCertFile}, {certfile, NewCertFile},
 
3968
     {keyfile, NewKeyFile} | ServerOpts].
 
3969
 
 
3970
session_cache_process_list(doc) -> 
 
3971
    ["Test reuse of sessions (short handshake)"];
 
3972
 
 
3973
session_cache_process_list(suite) -> 
 
3974
    [];
 
3975
session_cache_process_list(Config) when is_list(Config) -> 
 
3976
    session_cache_process(list,Config).
 
3977
 
 
3978
session_cache_process_mnesia(doc) -> 
 
3979
    ["Test reuse of sessions (short handshake)"];
 
3980
 
 
3981
session_cache_process_mnesia(suite) -> 
 
3982
    [];
 
3983
session_cache_process_mnesia(Config) when is_list(Config) -> 
 
3984
    session_cache_process(mnesia,Config).
 
3985
 
 
3986
session_cache_process(_Type,Config) when is_list(Config) ->
 
3987
    reuse_session(Config).
 
3988
 
 
3989
init([Type]) ->
 
3990
    ets:new(ssl_test, [named_table, public, set]),
 
3991
    ets:insert(ssl_test, {type, Type}),
 
3992
    case Type of
 
3993
        list ->
 
3994
            spawn(fun() -> session_loop([]) end);
 
3995
        mnesia ->
 
3996
            mnesia:start(),
 
3997
            {atomic,ok} = mnesia:create_table(sess_cache, []),
 
3998
            sess_cache
 
3999
    end.
 
4000
 
 
4001
session_cb() ->
 
4002
    [{type, Type}] = ets:lookup(ssl_test, type),
 
4003
    Type.
 
4004
 
 
4005
terminate(Cache) ->
 
4006
    case session_cb() of
 
4007
        list ->
 
4008
            Cache ! terminate;
 
4009
        mnesia ->
 
4010
            catch {atomic,ok} = 
 
4011
                mnesia:delete_table(sess_cache)
 
4012
    end.
 
4013
 
 
4014
lookup(Cache, Key) ->        
 
4015
    case session_cb() of
 
4016
        list ->
 
4017
            Cache ! {self(), lookup, Key},
 
4018
            receive {Cache, Res} -> Res end;
 
4019
        mnesia ->
 
4020
            case mnesia:transaction(fun() -> 
 
4021
                                            mnesia:read(sess_cache, 
 
4022
                                                        Key, read) 
 
4023
                                    end) of
 
4024
                {atomic, [{sess_cache, Key, Value}]} -> 
 
4025
                    Value;
 
4026
                _ -> 
 
4027
                    undefined
 
4028
            end
 
4029
        end.
 
4030
 
 
4031
update(Cache, Key, Value) ->
 
4032
    case session_cb() of
 
4033
        list ->
 
4034
            Cache ! {update, Key, Value};
 
4035
        mnesia ->
 
4036
            {atomic, ok} = 
 
4037
                mnesia:transaction(fun() -> 
 
4038
                                           mnesia:write(sess_cache, 
 
4039
                                                        {sess_cache, Key, Value}, write) 
 
4040
                                   end)
 
4041
    end.
 
4042
 
 
4043
delete(Cache, Key) -> 
 
4044
    case session_cb() of
 
4045
        list ->
 
4046
            Cache ! {delete, Key};
 
4047
        mnesia ->
 
4048
            {atomic, ok} = 
 
4049
                mnesia:transaction(fun() -> 
 
4050
                                           mnesia:delete(sess_cache, Key) 
 
4051
                                   end)
 
4052
    end.
 
4053
 
 
4054
foldl(Fun, Acc, Cache) -> 
 
4055
    case session_cb() of
 
4056
        list ->
 
4057
            Cache ! {self(),foldl,Fun,Acc},
 
4058
            receive {Cache, Res} -> Res end;
 
4059
        mnesia ->
 
4060
            Foldl = fun() ->
 
4061
                            mnesia:foldl(Fun, Acc, sess_cache)
 
4062
                    end,
 
4063
            {atomic, Res} = mnesia:transaction(Foldl),
 
4064
            Res
 
4065
    end.
 
4066
    
 
4067
select_session(Cache, PartialKey) ->
 
4068
    case session_cb() of
 
4069
        list ->
 
4070
            Cache ! {self(),select_session, PartialKey},
 
4071
            receive 
 
4072
                {Cache, Res} -> 
 
4073
                    Res 
 
4074
            end;
 
4075
        mnesia ->
 
4076
            Sel = fun() ->
 
4077
                          mnesia:select(Cache,
 
4078
                                        [{{sess_cache,{PartialKey,'$1'}, '$2'},
 
4079
                                          [],['$$']}])
 
4080
                  end,
 
4081
            {atomic, Res} = mnesia:transaction(Sel),
 
4082
            Res
 
4083
    end.
 
4084
 
 
4085
session_loop(Sess) ->
 
4086
    receive 
 
4087
        terminate ->
 
4088
            ok;
 
4089
        {Pid, lookup, Key} ->
 
4090
            case lists:keysearch(Key,1,Sess) of
 
4091
                {value, {Key,Value}} ->
 
4092
                    Pid ! {self(), Value};
 
4093
                _ -> 
 
4094
                    Pid ! {self(), undefined}
 
4095
            end,
 
4096
            session_loop(Sess);
 
4097
        {update, Key, Value} ->
 
4098
            NewSess = [{Key,Value}| lists:keydelete(Key,1,Sess)],
 
4099
            session_loop(NewSess);
 
4100
        {delete, Key} ->
 
4101
            session_loop(lists:keydelete(Key,1,Sess));
 
4102
        {Pid,foldl,Fun,Acc} ->
 
4103
            Res = lists:foldl(Fun, Acc,Sess),
 
4104
            Pid ! {self(), Res},
 
4105
            session_loop(Sess);
 
4106
        {Pid,select_session,PKey} ->
 
4107
            Sel = fun({{PKey0, Id},Session}, Acc) when PKey == PKey0 -> 
 
4108
                          [[Id, Session]|Acc];
 
4109
                     (_,Acc) -> 
 
4110
                          Acc
 
4111
                  end, 
 
4112
            Sessions = lists:foldl(Sel, [], Sess),
 
4113
            Pid ! {self(), Sessions},
 
4114
            session_loop(Sess)
 
4115
    end.
 
4116
            
 
4117
 
 
4118
erlang_ssl_receive(Socket, Data) ->
 
4119
    receive
 
4120
        {ssl, Socket, Data} ->
 
4121
            io:format("Received ~p~n",[Data]),
 
4122
            ok;
 
4123
        {ssl, Socket, Byte} when length(Byte) == 1 ->  %% Handle 1/n-1 splitting countermeasure Rizzo/Duong-Beast
 
4124
            io:format("Received ~p~n",[Byte]),
 
4125
            erlang_ssl_receive(Socket, tl(Data));
 
4126
        Other ->
 
4127
            test_server:fail({unexpected_message, Other})
 
4128
    after ?SLEEP * 3 ->
 
4129
            test_server:fail({did_not_get, Data})
 
4130
    end.
 
4131
 
 
4132
receive_msg(_) ->
 
4133
    receive
 
4134
        Msg ->
 
4135
           Msg
 
4136
    end.