4
%% Copyright Ericsson AB 2008-2010. All Rights Reserved.
4
%% Copyright Ericsson AB 2008-2011. All Rights Reserved.
6
6
%% The contents of this file are subject to the Erlang Public License,
7
7
%% Version 1.1, (the "License"); you may not use this file except in
24
24
%% Note: This directive should only be used in test suites.
25
25
-compile(export_all).
27
-include("test_server.hrl").
27
-include_lib("common_test/include/ct.hrl").
29
29
-define(TIMEOUT, 120000).
30
30
-define(LONG_TIMEOUT, 600000).
51
51
{skip, "Openssl not found"};
54
application:start(public_key),
57
(catch make_certs:all(?config(data_dir, Config0),
58
?config(priv_dir, Config0))),
59
test_server:format("Make certs ~p~n", [Result]),
60
Config1 = ssl_test_lib:make_dsa_cert(Config0),
61
Config = ssl_test_lib:cert_options(Config1),
62
[{watchdog, Dog} | Config]
55
application:start(public_key),
58
(catch make_certs:all(?config(data_dir, Config0),
59
?config(priv_dir, Config0))),
60
test_server:format("Make certs ~p~n", [Result]),
61
Config1 = ssl_test_lib:make_dsa_cert(Config0),
62
Config = ssl_test_lib:cert_options(Config1),
63
[{watchdog, Dog} | Config]
65
{skip, "Crypto did not start"}
65
69
%%--------------------------------------------------------------------
70
74
%%--------------------------------------------------------------------
71
75
end_per_suite(_Config) ->
77
application:stop(crypto).
75
79
%%--------------------------------------------------------------------
76
80
%% Function: init_per_testcase(TestCase, Config) -> Config
105
109
TestCase == erlang_server_openssl_client_no_wrap_sequence_number ->
106
110
check_sane_openssl_renegotaite(Config);
112
special_init(ssl2_erlang_server_openssl_client, Config) ->
113
check_sane_openssl_sslv2(Config);
108
115
special_init(_, Config) ->
139
146
%% Name of a test case.
140
147
%% Description: Returns a list of all test cases in this test suite
141
148
%%--------------------------------------------------------------------
143
["Test erlangs ssl against openssl"];
149
suite() -> [{ct_hooks,[ts_install_cth]}].
146
[erlang_client_openssl_server,
152
[erlang_client_openssl_server,
147
153
erlang_server_openssl_client,
148
154
tls1_erlang_client_openssl_server_dsa_cert,
149
155
tls1_erlang_server_openssl_client_dsa_cert,
154
160
erlang_client_openssl_server_no_wrap_sequence_number,
155
161
erlang_server_openssl_client_no_wrap_sequence_number,
156
162
erlang_client_openssl_server_no_server_ca_cert,
157
ssl3_erlang_client_openssl_server,
163
ssl3_erlang_client_openssl_server,
158
164
ssl3_erlang_server_openssl_client,
159
165
ssl3_erlang_client_openssl_server_client_cert,
160
166
ssl3_erlang_server_openssl_client_client_cert,
161
167
ssl3_erlang_server_erlang_client_client_cert,
162
tls1_erlang_client_openssl_server,
168
tls1_erlang_client_openssl_server,
163
169
tls1_erlang_server_openssl_client,
164
170
tls1_erlang_client_openssl_server_client_cert,
165
171
tls1_erlang_server_openssl_client_client_cert,
166
172
tls1_erlang_server_erlang_client_client_cert,
167
ciphers_rsa_signed_certs,
168
ciphers_dsa_signed_certs,
173
ciphers_rsa_signed_certs, ciphers_dsa_signed_certs,
169
174
erlang_client_bad_openssl_server,
171
ssl2_erlang_server_openssl_client
176
ssl2_erlang_server_openssl_client].
181
init_per_group(_GroupName, Config) ->
184
end_per_group(_GroupName, Config) ->
174
188
%% Test cases starts here.
175
189
%%--------------------------------------------------------------------
213
227
%% Clean close down! Server needs to be closed first !!
214
228
close_port(OpensslPort),
216
229
ssl_test_lib:close(Client),
217
230
process_flag(trap_exit, false),
246
259
port_command(OpenSslPort, Data),
248
261
ssl_test_lib:check_result(Server, ok),
263
%% Clean close down! Server needs to be closed first !!
250
264
ssl_test_lib:close(Server),
252
265
close_port(OpenSslPort),
253
266
process_flag(trap_exit, false),
297
310
%% Clean close down! Server needs to be closed first !!
298
311
close_port(OpensslPort),
300
312
ssl_test_lib:close(Client),
301
313
process_flag(trap_exit, false),
337
349
ssl_test_lib:check_result(Server, ok),
351
%% Clean close down! Server needs to be closed first !!
339
352
ssl_test_lib:close(Server),
341
353
close_port(OpenSslPort),
342
354
process_flag(trap_exit, false),
386
398
%% Clean close down! Server needs to be closed first !!
387
399
close_port(OpensslPort),
389
400
ssl_test_lib:close(Client),
390
401
process_flag(trap_exit, false),
426
437
ssl_test_lib:check_result(Server, ok),
439
%% Clean close down! Server needs to be closed first !!
428
440
ssl_test_lib:close(Server),
430
441
close_port(OpenSslPort),
431
442
process_flag(trap_exit, false),
466
477
ssl_test_lib:check_result(Server, ok),
479
%% Clean close down! Server needs to be closed first !!
468
480
ssl_test_lib:close(Server),
470
481
close_port(OpenSslPort),
471
482
process_flag(trap_exit, false),
516
527
%% Clean close down! Server needs to be closed first !!
517
528
close_port(OpensslPort),
519
529
ssl_test_lib:close(Client),
520
530
process_flag(trap_exit, false),
565
575
%% Clean close down! Server needs to be closed first !!
566
576
close_port(OpensslPort),
568
577
ssl_test_lib:close(Client),
569
578
process_flag(trap_exit, false),
606
615
ssl_test_lib:check_result(Server, ok),
617
%% Clean close down! Server needs to be closed first !!
608
618
ssl_test_lib:close(Server),
610
619
close_port(OpenSslPort),
611
620
process_flag(trap_exit, false),
654
663
%% Clean close down! Server needs to be closed first !!
655
664
close_port(OpensslPort),
657
665
ssl_test_lib:close(Client),
658
666
process_flag(trap_exit, false),
664
672
ssl3_erlang_client_openssl_server(suite) ->
666
674
ssl3_erlang_client_openssl_server(Config) when is_list(Config) ->
675
process_flag(trap_exit, true),
667
676
ServerOpts = ?config(server_opts, Config),
668
677
ClientOpts = ?config(client_opts, Config),
691
700
[{versions, [sslv3]} | ClientOpts]}]),
692
701
ssl_test_lib:check_result(Client, ok),
703
%% Clean close down! Server needs to be closed first !!
704
close_port(OpensslPort),
694
705
ssl_test_lib:close(Client),
696
close_port(OpensslPort),
697
test_server:sleep(?SLEEP),
706
process_flag(trap_exit, false),
700
709
%%--------------------------------------------------------------------
704
713
ssl3_erlang_server_openssl_client(suite) ->
706
715
ssl3_erlang_server_openssl_client(Config) when is_list(Config) ->
716
process_flag(trap_exit, true),
707
717
ServerOpts = ?config(server_opts, Config),
709
719
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
724
734
OpenSslPort = open_port({spawn, Cmd}, [stderr_to_stdout]),
726
736
ssl_test_lib:check_result(Server, ok),
728
close_port(OpenSslPort), %% openssl server first
737
%% Clean close down! Server needs to be closed first !!
729
738
ssl_test_lib:close(Server),
730
test_server:sleep(?SLEEP),
739
close_port(OpenSslPort),
740
process_flag(trap_exit, false),
733
743
%%--------------------------------------------------------------------
770
780
ssl_test_lib:check_result(Client, ok),
782
%% Clean close down! Server needs to be closed first !!
773
783
close_port(OpensslPort),
774
784
ssl_test_lib:close(Client),
775
785
process_flag(trap_exit, false),
815
825
ssl_test_lib:check_result(Server, ok),
817
close_port(OpenSslPort), %% openssl server first
827
%% Clean close down! Server needs to be closed first !!
828
close_port(OpenSslPort),
818
829
ssl_test_lib:close(Server),
820
830
process_flag(trap_exit, false),
839
849
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
842
erlang_ssl_receive, [Data]}},
853
%% Due to 1/n-1 splitting countermeasure Rizzo/Duong-Beast
844
856
[{verify , verify_peer}
845
857
| ServerOpts]}]),
848
860
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
849
861
{host, Hostname},
863
%% Due to 1/n-1 splitting countermeasure Rizzo/Duong-Beast
851
864
{mfa, {ssl, send, [Data]}},
853
866
[{versions, [sslv3]} | ClientOpts]}]),
897
911
[{versions, [tlsv1]} | ClientOpts]}]),
899
913
ssl_test_lib:check_result(Client, ok),
915
%% Clean close down! Server needs to be closed first !!
916
close_port(OpensslPort),
901
917
ssl_test_lib:close(Client),
903
close_port(OpensslPort),
904
918
process_flag(trap_exit, false),
934
948
ssl_test_lib:check_result(Server, ok),
950
%% Clean close down! Server needs to be closed first !!
951
ssl_test_lib:close(Server),
937
952
close_port(OpenSslPort),
938
ssl_test_lib:close(Server),
939
953
process_flag(trap_exit, false),
980
994
ssl_test_lib:check_result(Client, ok),
996
%% Clean close down! Server needs to be closed first !!
983
997
close_port(OpensslPort),
984
998
ssl_test_lib:close(Client),
985
999
process_flag(trap_exit, false),
1025
1039
ssl_test_lib:check_result(Server, ok),
1027
%% Clean close down!
1041
%% Clean close down! Server needs to be closed first !!
1042
ssl_test_lib:close(Server),
1028
1043
close_port(OpenSslPort),
1029
ssl_test_lib:close(Server),
1030
1044
process_flag(trap_exit, false),
1061
1075
[{versions, [tlsv1]} | ClientOpts]}]),
1063
1077
ssl_test_lib:check_result(Server, ok, Client, ok),
1065
1078
ssl_test_lib:close(Server),
1066
%% Clean close down!
1067
1079
process_flag(trap_exit, false),
1069
1081
%%--------------------------------------------------------------------
1126
1138
CertFile = proplists:get_value(certfile, ServerOpts),
1127
1139
KeyFile = proplists:get_value(keyfile, ServerOpts),
1129
Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++
1141
Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++ version_flag(Version) ++
1130
1142
" -cert " ++ CertFile ++ " -key " ++ KeyFile ++ "",
1132
1144
test_server:format("openssl cmd: ~p~n", [Cmd]),
1162
1174
Result = ssl_test_lib:wait_for_result(Client, ok),
1176
%% Clean close down! Server needs to be closed first !!
1164
1177
close_port(OpenSslPort),
1165
%% Clean close down!
1166
1178
ssl_test_lib:close(Client),
1168
{'EXIT', Client, normal} ->
1172
1180
Return = case Result of
1193
1207
Port = ssl_test_lib:inet_port(node()),
1194
1208
CertFile = proplists:get_value(certfile, ServerOpts),
1195
1209
KeyFile = proplists:get_value(keyfile, ServerOpts),
1197
1211
Cmd = "openssl s_server -accept " ++ integer_to_list(Port) ++
1198
" -cert " ++ CertFile ++ " -key " ++ KeyFile ++ "",
1212
" -cert " ++ CertFile ++ " -key " ++ KeyFile ++ "",
1200
1214
test_server:format("openssl cmd: ~p~n", [Cmd]),
1202
1216
OpensslPort = open_port({spawn, Cmd}, [stderr_to_stdout]),
1204
1218
wait_for_openssl_server(),
1206
1220
Client0 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
1209
{mfa, {?MODULE, server_sent_garbage, []}},
1211
[{versions, [tlsv1]} | ClientOpts]}]),
1223
{mfa, {?MODULE, server_sent_garbage, []}},
1225
[{versions, [tlsv1]} | ClientOpts]}]),
1213
1227
%% Send garbage
1214
1228
port_command(OpensslPort, ?OPENSSL_GARBAGE),
1216
1230
test_server:sleep(?SLEEP),
1218
1232
Client0 ! server_sent_garbage,
1222
1236
ssl_test_lib:close(Client0),
1224
1238
%% Make sure openssl does not hang and leave zombie process
1225
Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
1228
{mfa, {ssl_test_lib, no_result_msg, []}},
1230
[{versions, [tlsv1]} | ClientOpts]}]),
1239
Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
1242
{mfa, {ssl_test_lib, no_result_msg, []}},
1244
[{versions, [tlsv1]} | ClientOpts]}]),
1246
%% Clean close down! Server needs to be closed first !!
1247
close_port(OpensslPort),
1232
1248
ssl_test_lib:close(Client1),
1234
%% Clean close down!
1235
close_port(OpensslPort),
1236
1249
process_flag(trap_exit, false),
1291
1304
{mfa, {ssl_test_lib, no_result, []}},
1292
1305
{from, self()}, {options, ClientOpts}]),
1307
%% Clean close down! Server needs to be closed first !!
1294
1308
close_port(OpensslPort),
1295
1309
ssl_test_lib:close(Client2),
1296
1310
process_flag(trap_exit, false).
1324
1338
ssl_test_lib:check_result(Server, {error,"protocol version"}),
1340
%% Clean close down! Server needs to be closed first !!
1326
1341
ssl_test_lib:close(Server),
1328
1342
close_port(OpenSslPort),
1329
1343
process_flag(trap_exit, false),
1340
1354
%% open_ssl server sometimes hangs waiting in blocking read
1341
1355
ssl:send(Socket, "Got it"),
1357
{ssl, Socket, Byte} when length(Byte) == 1 ->
1358
erlang_ssl_receive(Socket, tl(Data));
1343
1359
{Port, {data,Debug}} when is_port(Port) ->
1344
1360
io:format("openssl ~s~n",[Debug]),
1345
1361
erlang_ssl_receive(Socket,Data);