4
%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
6
%% The contents of this file are subject to the Erlang Public License,
7
%% Version 1.1, (the "License"); you may not use this file except in
8
%% compliance with the License. You should have received a copy of the
9
%% Erlang Public License along with this software. If not, it can be
10
%% retrieved online at http://www.erlang.org/.2
12
%% Software distributed under the License is distributed on an "AS IS"
13
%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
14
%% the License for the specific language governing rights and limitations
22
-module(ssl_basic_SUITE).
24
%% Note: This directive should only be used in test suites.
27
-include_lib("common_test/include/ct.hrl").
28
-include("test_server_line.hrl").
29
-include_lib("public_key/include/public_key.hrl").
31
-include("ssl_alert.hrl").
32
-include("ssl_int.hrl").
34
-define('24H_in_sec', 86400).
35
-define(TIMEOUT, 60000).
36
-define(LONG_TIMEOUT, 600000).
40
%% Test server callback functions
41
%%--------------------------------------------------------------------
42
%% Function: init_per_suite(Config) -> Config
44
%% A list of key/value pairs, holding the test case configuration.
45
%% Description: Initialization before the whole suite
47
%% Note: This function is free to add any key/value pairs to the Config
48
%% variable, but should NOT alter/remove any existing entries.
49
%%--------------------------------------------------------------------
50
init_per_suite(Config0) ->
51
Dog = ssl_test_lib:timetrap(?LONG_TIMEOUT *2),
54
application:start(public_key),
57
%% make rsa certs using oppenssl
59
(catch make_certs:all(?config(data_dir, Config0),
60
?config(priv_dir, Config0))),
61
test_server:format("Make certs ~p~n", [Result]),
63
Config1 = ssl_test_lib:make_dsa_cert(Config0),
64
Config = ssl_test_lib:cert_options(Config1),
65
[{watchdog, Dog} | Config]
67
{skip, "Crypto did not start"}
69
%%--------------------------------------------------------------------
70
%% Function: end_per_suite(Config) -> _
72
%% A list of key/value pairs, holding the test case configuration.
73
%% Description: Cleanup after the whole suite
74
%%--------------------------------------------------------------------
75
end_per_suite(_Config) ->
77
application:stop(crypto).
79
%%--------------------------------------------------------------------
80
%% Function: init_per_testcase(TestCase, Config) -> Config
82
%% Name of the test case that is about to be run.
84
%% A list of key/value pairs, holding the test case configuration.
86
%% Description: Initialization before each test case
88
%% Note: This function is free to add any key/value pairs to the Config
89
%% variable, but should NOT alter/remove any existing entries.
90
%% Description: Initialization before each test case
91
%%--------------------------------------------------------------------
92
init_per_testcase(session_cache_process_list, Config) ->
93
init_customized_session_cache(list, Config);
95
init_per_testcase(session_cache_process_mnesia, Config) ->
97
init_customized_session_cache(mnesia, Config);
99
init_per_testcase(reuse_session_expired, Config0) ->
100
Config = lists:keydelete(watchdog, 1, Config0),
101
Dog = ssl_test_lib:timetrap(?EXPIRE * 1000 * 5),
103
application:load(ssl),
104
application:set_env(ssl, session_lifetime, ?EXPIRE),
106
[{watchdog, Dog} | Config];
108
init_per_testcase(no_authority_key_identifier, Config) ->
109
%% Clear cach so that root cert will not
115
init_per_testcase(TestCase, Config) when TestCase == ciphers_rsa_signed_certs_ssl3;
116
TestCase == ciphers_rsa_signed_certs_openssl_names_ssl3;
117
TestCase == ciphers_dsa_signed_certs_ssl3;
118
TestCase == ciphers_dsa_signed_certs_openssl_names_ssl3 ->
120
application:load(ssl),
121
application:set_env(ssl, protocol_version, sslv3),
125
init_per_testcase(protocol_versions, Config) ->
127
application:load(ssl),
128
%% For backwards compatibility sslv2 should be filtered out.
129
application:set_env(ssl, protocol_version, [sslv2, sslv3, tlsv1]),
133
init_per_testcase(empty_protocol_versions, Config) ->
135
application:load(ssl),
136
application:set_env(ssl, protocol_version, []),
140
init_per_testcase(different_ca_peer_sign, Config0) ->
141
ssl_test_lib:make_mix_cert(Config0);
143
init_per_testcase(_TestCase, Config0) ->
144
Config = lists:keydelete(watchdog, 1, Config0),
145
Dog = test_server:timetrap(?TIMEOUT),
146
[{watchdog, Dog} | Config].
148
init_customized_session_cache(Type, Config0) ->
149
Config = lists:keydelete(watchdog, 1, Config0),
150
Dog = test_server:timetrap(?TIMEOUT),
152
application:load(ssl),
153
application:set_env(ssl, session_cb, ?MODULE),
154
application:set_env(ssl, session_cb_init_args, [Type]),
156
[{watchdog, Dog} | Config].
158
%%--------------------------------------------------------------------
159
%% Function: end_per_testcase(TestCase, Config) -> _
161
%% Name of the test case that is about to be run.
162
%% Config - [tuple()]
163
%% A list of key/value pairs, holding the test case configuration.
164
%% Description: Cleanup after each test case
165
%%--------------------------------------------------------------------
166
end_per_testcase(session_cache_process_list, Config) ->
167
application:unset_env(ssl, session_cb),
168
end_per_testcase(default_action, Config);
169
end_per_testcase(session_cache_process_mnesia, Config) ->
170
application:unset_env(ssl, session_cb),
171
application:unset_env(ssl, session_cb_init_args),
175
end_per_testcase(default_action, Config);
176
end_per_testcase(reuse_session_expired, Config) ->
177
application:unset_env(ssl, session_lifetime),
178
end_per_testcase(default_action, Config);
179
end_per_testcase(TestCase, Config) when TestCase == ciphers_rsa_signed_certs_ssl3;
180
TestCase == ciphers_rsa_signed_certs_openssl_names_ssl3;
181
TestCase == ciphers_dsa_signed_certs_ssl3;
182
TestCase == ciphers_dsa_signed_certs_openssl_names_ssl3;
183
TestCase == protocol_versions;
184
TestCase == empty_protocol_versions->
185
application:unset_env(ssl, protocol_version),
186
end_per_testcase(default_action, Config);
187
end_per_testcase(_TestCase, Config) ->
188
Dog = ?config(watchdog, Config),
193
test_server:timetrap_cancel(Dog)
196
%%--------------------------------------------------------------------
197
%% Function: all(Clause) -> TestCases
198
%% Clause - atom() - suite | doc
199
%% TestCases - [Case]
201
%% Name of a test case.
202
%% Description: Returns a list of all test cases in this test suite
203
%%--------------------------------------------------------------------
204
suite() -> [{ct_hooks,[ts_install_cth]}].
207
[app, alerts, connection_info, protocol_versions,
208
empty_protocol_versions, controlling_process,
209
controller_dies, client_closes_socket, peercert,
210
connect_dist, peername, sockname, socket_options,
211
misc_ssl_options, versions, cipher_suites, upgrade,
212
upgrade_with_timeout, tcp_connect, ipv6, ekeyfile,
213
ecertfile, ecacertfile, eoptions, shutdown,
214
shutdown_write, shutdown_both, shutdown_error,
215
ciphers_rsa_signed_certs, ciphers_rsa_signed_certs_ssl3,
216
ciphers_rsa_signed_certs_openssl_names,
217
ciphers_rsa_signed_certs_openssl_names_ssl3,
218
ciphers_dsa_signed_certs, ciphers_dsa_signed_certs_ssl3,
219
ciphers_dsa_signed_certs_openssl_names,
220
ciphers_dsa_signed_certs_openssl_names_ssl3,
221
anonymous_cipher_suites,
222
default_reject_anonymous,
224
close_transport_accept, dh_params,
225
server_verify_peer_passive, server_verify_peer_active,
226
server_verify_peer_active_once,
227
server_verify_none_passive, server_verify_none_active,
228
server_verify_none_active_once,
229
server_verify_no_cacerts, server_require_peer_cert_ok,
230
server_require_peer_cert_fail,
231
server_verify_client_once_passive,
232
server_verify_client_once_active,
233
server_verify_client_once_active_once,
234
client_verify_none_passive, client_verify_none_active,
235
client_verify_none_active_once,
237
reuse_session_expired,
238
server_does_not_want_to_reuse_session,
239
client_renegotiate, server_renegotiate,
240
client_renegotiate_reused_session,
241
server_renegotiate_reused_session,
242
client_no_wrap_sequence_number,
243
server_no_wrap_sequence_number, extended_key_usage_verify_peer,
244
extended_key_usage_verify_none,
245
no_authority_key_identifier, invalid_signature_client,
246
invalid_signature_server, cert_expired,
247
client_with_cert_cipher_suites_handshake,
248
unknown_server_ca_fail, der_input,
249
unknown_server_ca_accept_verify_none,
250
unknown_server_ca_accept_verify_peer,
251
unknown_server_ca_accept_backwardscompatibilty,
252
%%different_ca_peer_sign,
253
no_reuses_session_server_restart_new_cert,
254
no_reuses_session_server_restart_new_cert_file, reuseaddr,
261
init_per_group(_GroupName, Config) ->
264
end_per_group(_GroupName, Config) ->
267
%% Test cases starts here.
268
%%--------------------------------------------------------------------
270
"Test that the ssl app file is ok";
273
app(Config) when is_list(Config) ->
274
ok = test_server:app_test(ssl).
275
%%--------------------------------------------------------------------
277
"Test ssl_alert:alert_txt/1";
280
alerts(Config) when is_list(Config) ->
281
Descriptions = [?CLOSE_NOTIFY, ?UNEXPECTED_MESSAGE, ?BAD_RECORD_MAC,
282
?DECRYPTION_FAILED, ?RECORD_OVERFLOW, ?DECOMPRESSION_FAILURE,
283
?HANDSHAKE_FAILURE, ?BAD_CERTIFICATE, ?UNSUPPORTED_CERTIFICATE,
284
?CERTIFICATE_REVOKED,?CERTIFICATE_EXPIRED, ?CERTIFICATE_UNKNOWN,
285
?ILLEGAL_PARAMETER, ?UNKNOWN_CA, ?ACCESS_DENIED, ?DECODE_ERROR,
286
?DECRYPT_ERROR, ?EXPORT_RESTRICTION, ?PROTOCOL_VERSION,
287
?INSUFFICIENT_SECURITY, ?INTERNAL_ERROR, ?USER_CANCELED,
289
Alerts = [?ALERT_REC(?WARNING, ?CLOSE_NOTIFY) |
290
[?ALERT_REC(?FATAL, Desc) || Desc <- Descriptions]],
291
lists:foreach(fun(Alert) ->
292
case ssl_alert:alert_txt(Alert) of
293
Txt when is_list(Txt) ->
296
test_server:fail({unexpected, Other})
299
%%--------------------------------------------------------------------
300
connection_info(doc) ->
301
["Test the API function ssl:connection_info/1"];
302
connection_info(suite) ->
304
connection_info(Config) when is_list(Config) ->
305
ClientOpts = ?config(client_opts, Config),
306
ServerOpts = ?config(server_opts, Config),
307
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
308
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
310
{mfa, {?MODULE, connection_info_result, []}},
311
{options, ServerOpts}]),
313
Port = ssl_test_lib:inet_port(Server),
314
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
317
{mfa, {?MODULE, connection_info_result, []}},
319
[{ciphers,[{rsa,rc4_128,sha,no_export}]} |
322
test_server:format("Testcase ~p, Client ~p Server ~p ~n",
323
[self(), Client, Server]),
326
ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
328
ServerMsg = ClientMsg = {ok, {Version, {rsa,rc4_128,sha}}},
330
ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
332
ssl_test_lib:close(Server),
333
ssl_test_lib:close(Client).
335
connection_info_result(Socket) ->
336
ssl:connection_info(Socket).
338
%%--------------------------------------------------------------------
340
protocol_versions(doc) ->
341
["Test to set a list of protocol versions in app environment."];
343
protocol_versions(suite) ->
346
protocol_versions(Config) when is_list(Config) ->
349
empty_protocol_versions(doc) ->
350
["Test to set an empty list of protocol versions in app environment."];
352
empty_protocol_versions(suite) ->
355
empty_protocol_versions(Config) when is_list(Config) ->
359
basic_test(Config) ->
360
ClientOpts = ?config(client_opts, Config),
361
ServerOpts = ?config(server_opts, Config),
363
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
365
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
367
{mfa, {?MODULE, send_recv_result_active, []}},
368
{options, ServerOpts}]),
369
Port = ssl_test_lib:inet_port(Server),
370
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
373
{mfa, {?MODULE, send_recv_result_active, []}},
374
{options, ClientOpts}]),
376
ssl_test_lib:check_result(Server, ok, Client, ok),
378
ssl_test_lib:close(Server),
379
ssl_test_lib:close(Client).
380
%%--------------------------------------------------------------------
382
controlling_process(doc) ->
383
["Test API function controlling_process/2"];
385
controlling_process(suite) ->
388
controlling_process(Config) when is_list(Config) ->
389
ClientOpts = ?config(client_opts, Config),
390
ServerOpts = ?config(server_opts, Config),
391
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
392
ClientMsg = "Hello server",
393
ServerMsg = "Hello client",
395
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
398
controlling_process_result, [self(),
400
{options, ServerOpts}]),
401
Port = ssl_test_lib:inet_port(Server),
402
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
406
controlling_process_result, [self(),
408
{options, ClientOpts}]),
410
test_server:format("Testcase ~p, Client ~p Server ~p ~n",
411
[self(), Client, Server]),
414
{ssl, _, ServerMsg} ->
416
{ssl, _, ClientMsg} ->
419
{ssl, _, ClientMsg} ->
421
{ssl, _, ServerMsg} ->
425
test_server:fail(Unexpected)
428
ssl_test_lib:close(Server),
429
ssl_test_lib:close(Client).
431
controlling_process_result(Socket, Pid, Msg) ->
432
ok = ssl:controlling_process(Socket, Pid),
433
%% Make sure other side has evaluated controlling_process
434
%% before message is sent
435
test_server:sleep(?SLEEP),
436
ssl:send(Socket, Msg),
439
%%--------------------------------------------------------------------
440
controller_dies(doc) ->
441
["Test that the socket is closed after controlling process dies"];
442
controller_dies(suite) -> [];
443
controller_dies(Config) when is_list(Config) ->
444
ClientOpts = ?config(client_opts, Config),
445
ServerOpts = ?config(server_opts, Config),
446
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
447
ClientMsg = "Hello server",
448
ServerMsg = "Hello client",
450
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
453
controller_dies_result, [self(),
455
{options, ServerOpts}]),
456
Port = ssl_test_lib:inet_port(Server),
457
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
461
controller_dies_result, [self(),
463
{options, ClientOpts}]),
465
test_server:format("Testcase ~p, Client ~p Server ~p ~n", [self(), Client, Server]),
466
test_server:sleep(?SLEEP), %% so that they are connected
468
process_flag(trap_exit, true),
470
%% Test that clients die
471
exit(Client, killed),
472
get_close(Client, ?LINE),
474
%% Test that clients die when process disappear
477
Connect = fun(Pid) ->
478
{ok, Socket} = ssl:connect(Hostname, Port,
479
[{reuseaddr,true},{ssl_imp,new}]),
480
%% Make sure server finishes and verification
481
%% and is in coonection state before
483
test_server:sleep(?SLEEP),
484
Pid ! {self(), connected, Socket},
485
receive die_nice -> normal end
487
Client2 = spawn_link(fun() -> Connect(Tester) end),
488
receive {Client2, connected, _Socket} -> Client2 ! die_nice end,
490
get_close(Client2, ?LINE),
492
%% Test that clients die when the controlling process have changed
495
Client3 = spawn_link(fun() -> Connect(Tester) end),
496
Controller = spawn_link(fun() -> receive die_nice -> normal end end),
498
{Client3, connected, Socket} ->
499
ok = ssl:controlling_process(Socket, Controller),
503
test_server:format("Wating on exit ~p~n",[Client3]),
504
receive {'EXIT', Client3, normal} -> ok end,
506
receive %% Client3 is dead but that doesn't matter, socket should not be closed.
508
test_server:format("Unexpected ~p~n",[Unexpected]),
509
test_server:fail({line, ?LINE-1})
513
Controller ! die_nice,
514
get_close(Controller, ?LINE),
516
%% Test that servers die
518
LastClient = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
522
controller_dies_result, [self(),
524
{options, [{reuseaddr,true}|ClientOpts]}]),
525
test_server:sleep(?SLEEP), %% so that they are connected
527
exit(Server, killed),
528
get_close(Server, ?LINE),
529
process_flag(trap_exit, false),
530
ssl_test_lib:close(LastClient).
532
controller_dies_result(_Socket, _Pid, _Msg) ->
533
receive Result -> Result end.
535
get_close(Pid, Where) ->
537
{'EXIT', Pid, _Reason} ->
539
{_, {ssl_closed, Socket}} ->
540
test_server:format("Socket closed ~p~n",[Socket]);
542
test_server:format("Unexpected ~p~n",[Unexpected]),
543
test_server:fail({line, ?LINE-1})
545
test_server:fail({timeout, {line, ?LINE, Where}})
548
test_server:format("Unexpected ~p~n",[Unexpected]),
549
test_server:fail({line, ?LINE-1})
551
test_server:fail({timeout, {line, ?LINE, Where}})
554
%%--------------------------------------------------------------------
555
client_closes_socket(doc) ->
556
["Test what happens when client closes socket before handshake is compleated"];
557
client_closes_socket(suite) -> [];
558
client_closes_socket(Config) when is_list(Config) ->
559
ServerOpts = ?config(server_opts, Config),
560
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
561
TcpOpts = [binary, {reuseaddr, true}],
563
Server = ssl_test_lib:start_upgrade_server_error([{node, ServerNode}, {port, 0},
565
{tcp_options, TcpOpts},
566
{ssl_options, ServerOpts}]),
567
Port = ssl_test_lib:inet_port(Server),
570
{ok, _Socket} = rpc:call(ClientNode, gen_tcp, connect,
571
[Hostname, Port, TcpOpts]),
572
%% Make sure that ssl_accept is called before
573
%% client process ends and closes socket.
574
test_server:sleep(?SLEEP)
577
_Client = spawn_link(Connect),
579
ssl_test_lib:check_result(Server, {error,closed}).
581
%%--------------------------------------------------------------------
589
peercert(Config) when is_list(Config) ->
590
ClientOpts = ?config(client_opts, Config),
591
ServerOpts = ?config(server_opts, Config),
592
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
594
Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0},
596
{mfa, {?MODULE, peercert_result, []}},
597
{options, ServerOpts}]),
598
Port = ssl_test_lib:inet_port(Server),
599
Client = ssl_test_lib:start_client([{node, ServerNode}, {port, Port},
602
{mfa, {?MODULE, peercert_result, []}},
603
{options, ClientOpts}]),
605
CertFile = proplists:get_value(certfile, ServerOpts),
606
[{'Certificate', BinCert, _}]= ssl_test_lib:pem_to_der(CertFile),
607
ErlCert = public_key:pkix_decode_cert(BinCert, otp),
609
ServerMsg = {{error, no_peercert}, {error, no_peercert}},
610
ClientMsg = {{ok, BinCert}, {ok, ErlCert}},
612
test_server:format("Testcase ~p, Client ~p Server ~p ~n",
613
[self(), Client, Server]),
615
ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
617
ssl_test_lib:close(Server),
618
ssl_test_lib:close(Client).
620
peercert_result(Socket) ->
621
Result1 = ssl:peercert(Socket),
622
Result2 = ssl:peercert(Socket, [ssl]),
625
%%--------------------------------------------------------------------
627
["Test a simple connect as is used by distribution"];
629
connect_dist(suite) ->
632
connect_dist(Config) when is_list(Config) ->
633
ClientOpts0 = ?config(client_kc_opts, Config),
634
ClientOpts = [{ssl_imp, new},{active, false}, {packet,4}|ClientOpts0],
635
ServerOpts0 = ?config(server_kc_opts, Config),
636
ServerOpts = [{ssl_imp, new},{active, false}, {packet,4}|ServerOpts0],
638
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
640
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
642
{mfa, {?MODULE, connect_dist_s, []}},
643
{options, ServerOpts}]),
644
Port = ssl_test_lib:inet_port(Server),
645
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
648
{mfa, {?MODULE, connect_dist_c, []}},
649
{options, ClientOpts}]),
651
ssl_test_lib:check_result(Server, ok, Client, ok),
653
ssl_test_lib:close(Server),
654
ssl_test_lib:close(Client).
657
Msg = term_to_binary({erlang,term}),
658
ok = ssl:send(S, Msg).
661
Test = binary_to_list(term_to_binary({erlang,term})),
662
{ok, Test} = ssl:recv(S, 0, 10000),
666
%%--------------------------------------------------------------------
668
["Test API function peername/1"];
673
peername(Config) when is_list(Config) ->
674
ClientOpts = ?config(client_opts, Config),
675
ServerOpts = ?config(server_opts, Config),
676
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
677
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
679
{mfa, {?MODULE, peername_result, []}},
680
{options, ServerOpts}]),
681
Port = ssl_test_lib:inet_port(Server),
682
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
685
{mfa, {?MODULE, peername_result, []}},
686
{options, [{port, 0} | ClientOpts]}]),
688
ClientPort = ssl_test_lib:inet_port(Client),
689
ServerIp = ssl_test_lib:node_to_hostip(ServerNode),
690
ClientIp = ssl_test_lib:node_to_hostip(ClientNode),
691
ServerMsg = {ok, {ClientIp, ClientPort}},
692
ClientMsg = {ok, {ServerIp, Port}},
694
test_server:format("Testcase ~p, Client ~p Server ~p ~n",
695
[self(), Client, Server]),
697
ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
699
ssl_test_lib:close(Server),
700
ssl_test_lib:close(Client).
702
peername_result(S) ->
705
%%--------------------------------------------------------------------
707
["Test API function sockname/1"];
712
sockname(Config) when is_list(Config) ->
713
ClientOpts = ?config(client_opts, Config),
714
ServerOpts = ?config(server_opts, Config),
715
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
716
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
718
{mfa, {?MODULE, sockname_result, []}},
719
{options, ServerOpts}]),
720
Port = ssl_test_lib:inet_port(Server),
721
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
724
{mfa, {?MODULE, sockname_result, []}},
725
{options, [{port, 0} | ClientOpts]}]),
727
ClientPort = ssl_test_lib:inet_port(Client),
728
ServerIp = ssl_test_lib:node_to_hostip(ServerNode),
729
ClientIp = ssl_test_lib:node_to_hostip(ClientNode),
730
ServerMsg = {ok, {ServerIp, Port}},
731
ClientMsg = {ok, {ClientIp, ClientPort}},
733
test_server:format("Testcase ~p, Client ~p Server ~p ~n",
734
[self(), Client, Server]),
736
ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
738
ssl_test_lib:close(Server),
739
ssl_test_lib:close(Client).
741
sockname_result(S) ->
744
%%--------------------------------------------------------------------
745
cipher_suites(doc) ->
746
["Test API function cipher_suites/0"];
748
cipher_suites(suite) ->
751
cipher_suites(Config) when is_list(Config) ->
752
MandatoryCipherSuite = {rsa,'3des_ede_cbc',sha},
753
[_|_] = Suites = ssl:cipher_suites(),
754
true = lists:member(MandatoryCipherSuite, Suites),
755
Suites = ssl:cipher_suites(erlang),
756
[_|_] =ssl:cipher_suites(openssl).
758
%%--------------------------------------------------------------------
759
socket_options(doc) ->
760
["Test API function getopts/2 and setopts/2"];
762
socket_options(suite) ->
765
socket_options(Config) when is_list(Config) ->
766
ClientOpts = ?config(client_opts, Config),
767
ServerOpts = ?config(server_opts, Config),
768
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
769
Values = [{mode, list}, {packet, 0}, {header, 0},
771
%% Shall be the reverse order of Values!
772
Options = [active, header, packet, mode],
774
NewValues = [{mode, binary}, {active, once}],
775
%% Shall be the reverse order of NewValues!
776
NewOptions = [active, mode],
778
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
780
{mfa, {?MODULE, socket_options_result,
781
[Options, Values, NewOptions, NewValues]}},
782
{options, ServerOpts}]),
783
Port = ssl_test_lib:inet_port(Server),
784
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
787
{mfa, {?MODULE, socket_options_result,
788
[Options, Values, NewOptions, NewValues]}},
789
{options, ClientOpts}]),
791
ssl_test_lib:check_result(Server, ok, Client, ok),
793
ssl_test_lib:close(Server),
795
{ok, Listen} = ssl:listen(0, ServerOpts),
796
{ok,[{mode,list}]} = ssl:getopts(Listen, [mode]),
797
ok = ssl:setopts(Listen, [{mode, binary}]),
798
{ok,[{mode, binary}]} = ssl:getopts(Listen, [mode]),
799
{ok,[{recbuf, _}]} = ssl:getopts(Listen, [recbuf]),
802
socket_options_result(Socket, Options, DefaultValues, NewOptions, NewValues) ->
803
%% Test get/set emulated opts
804
{ok, DefaultValues} = ssl:getopts(Socket, Options),
805
ssl:setopts(Socket, NewValues),
806
{ok, NewValues} = ssl:getopts(Socket, NewOptions),
807
%% Test get/set inet opts
808
{ok,[{nodelay,false}]} = ssl:getopts(Socket, [nodelay]),
809
ssl:setopts(Socket, [{nodelay, true}]),
810
{ok,[{nodelay, true}]} = ssl:getopts(Socket, [nodelay]),
813
%%--------------------------------------------------------------------
814
misc_ssl_options(doc) ->
815
["Test what happens when we give valid options"];
817
misc_ssl_options(suite) ->
820
misc_ssl_options(Config) when is_list(Config) ->
821
ClientOpts = ?config(client_opts, Config),
822
ServerOpts = ?config(server_opts, Config),
823
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
825
%% Chek that ssl options not tested elsewhere are filtered away e.i. not passed to inet.
826
TestOpts = [{depth, 1},
829
{reuse_session, fun(_,_,_,_) -> true end},
831
{cb_info, {gen_tcp, tcp, tcp_closed, tcp_error}}],
834
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
836
{mfa, {?MODULE, send_recv_result_active, []}},
837
{options, TestOpts ++ ServerOpts}]),
838
Port = ssl_test_lib:inet_port(Server),
840
ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
843
{mfa, {?MODULE, send_recv_result_active, []}},
844
{options, TestOpts ++ ClientOpts}]),
846
test_server:format("Testcase ~p, Client ~p Server ~p ~n",
847
[self(), Client, Server]),
849
ssl_test_lib:check_result(Server, ok, Client, ok),
850
ssl_test_lib:close(Server),
851
ssl_test_lib:close(Client).
853
%%--------------------------------------------------------------------
855
["Test API function versions/0"];
860
versions(Config) when is_list(Config) ->
861
[_|_] = Versions = ssl:versions(),
862
test_server:format("~p~n", [Versions]).
864
%%--------------------------------------------------------------------
871
send_recv(Config) when is_list(Config) ->
872
ClientOpts = ?config(client_opts, Config),
873
ServerOpts = ?config(server_opts, Config),
874
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
876
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
878
{mfa, {?MODULE, send_recv_result, []}},
879
{options, [{active, false} | ServerOpts]}]),
880
Port = ssl_test_lib:inet_port(Server),
882
ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
885
{mfa, {?MODULE, send_recv_result, []}},
886
{options, [{active, false} | ClientOpts]}]),
888
test_server:format("Testcase ~p, Client ~p Server ~p ~n",
889
[self(), Client, Server]),
891
ssl_test_lib:check_result(Server, ok, Client, ok),
893
ssl_test_lib:close(Server),
894
ssl_test_lib:close(Client).
896
%%--------------------------------------------------------------------
903
send_close(Config) when is_list(Config) ->
904
ClientOpts = ?config(client_opts, Config),
905
ServerOpts = ?config(server_opts, Config),
906
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
908
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
910
{mfa, {?MODULE, send_recv_result, []}},
911
{options, [{active, false} | ServerOpts]}]),
912
Port = ssl_test_lib:inet_port(Server),
913
{ok, TcpS} = rpc:call(ClientNode, gen_tcp, connect,
914
[Hostname,Port,[binary, {active, false}, {reuseaddr, true}]]),
915
{ok, SslS} = rpc:call(ClientNode, ssl, connect,
916
[TcpS,[{active, false}|ClientOpts]]),
918
test_server:format("Testcase ~p, Client ~p Server ~p ~n",
919
[self(), self(), Server]),
920
ok = ssl:send(SslS, "Hello world"),
921
{ok,<<"Hello world">>} = ssl:recv(SslS, 11),
923
{error, _} = ssl:send(SslS, "Hello world").
925
%%--------------------------------------------------------------------
926
close_transport_accept(doc) ->
927
["Tests closing ssl socket when waiting on ssl:transport_accept/1"];
929
close_transport_accept(suite) ->
932
close_transport_accept(Config) when is_list(Config) ->
933
ServerOpts = ?config(server_opts, Config),
934
{_ClientNode, ServerNode, _Hostname} = ssl_test_lib:run_where(Config),
937
Opts = [{active, false} | ServerOpts],
938
{ok, ListenSocket} = rpc:call(ServerNode, ssl, listen, [Port, Opts]),
940
test_server:sleep(?SLEEP),
941
rpc:call(ServerNode, ssl, close, [ListenSocket])
943
case rpc:call(ServerNode, ssl, transport_accept, [ListenSocket]) of
950
%%--------------------------------------------------------------------
952
["Test to specify DH-params file in server."];
957
dh_params(Config) when is_list(Config) ->
958
ClientOpts = ?config(client_opts, Config),
959
ServerOpts = ?config(server_opts, Config),
960
DataDir = ?config(data_dir, Config),
961
DHParamFile = filename:join(DataDir, "dHParam.pem"),
963
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
965
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
967
{mfa, {?MODULE, send_recv_result_active, []}},
968
{options, [{dhfile, DHParamFile} | ServerOpts]}]),
969
Port = ssl_test_lib:inet_port(Server),
970
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
973
{mfa, {?MODULE, send_recv_result_active, []}},
975
[{ciphers,[{dhe_rsa,aes_256_cbc,sha,ignore}]} |
978
ssl_test_lib:check_result(Server, ok, Client, ok),
980
ssl_test_lib:close(Server),
981
ssl_test_lib:close(Client).
983
%%--------------------------------------------------------------------
985
["Test that you can upgrade an tcp connection to an ssl connection"];
990
upgrade(Config) when is_list(Config) ->
991
ClientOpts = ?config(client_opts, Config),
992
ServerOpts = ?config(server_opts, Config),
993
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
994
TcpOpts = [binary, {reuseaddr, true}],
996
Server = ssl_test_lib:start_upgrade_server([{node, ServerNode}, {port, 0},
999
upgrade_result, []}},
1001
[{active, false} | TcpOpts]},
1002
{ssl_options, ServerOpts}]),
1003
Port = ssl_test_lib:inet_port(Server),
1004
Client = ssl_test_lib:start_upgrade_client([{node, ClientNode},
1008
{mfa, {?MODULE, upgrade_result, []}},
1009
{tcp_options, TcpOpts},
1010
{ssl_options, ClientOpts}]),
1012
test_server:format("Testcase ~p, Client ~p Server ~p ~n",
1013
[self(), Client, Server]),
1015
ssl_test_lib:check_result(Server, ok, Client, ok),
1017
ssl_test_lib:close(Server),
1018
ssl_test_lib:close(Client).
1020
upgrade_result(Socket) ->
1021
ssl:setopts(Socket, [{active, true}]),
1022
ok = ssl:send(Socket, "Hello world"),
1023
%% Make sure binary is inherited from tcp socket and that we do
1024
%% not get the list default!
1026
{ssl, _, <<"Hello world">>} ->
1030
%%--------------------------------------------------------------------
1031
upgrade_with_timeout(doc) ->
1032
["Test ssl_accept/3"];
1034
upgrade_with_timeout(suite) ->
1037
upgrade_with_timeout(Config) when is_list(Config) ->
1038
ClientOpts = ?config(client_opts, Config),
1039
ServerOpts = ?config(server_opts, Config),
1040
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1041
TcpOpts = [binary, {reuseaddr, true}],
1043
Server = ssl_test_lib:start_upgrade_server([{node, ServerNode}, {port, 0},
1047
upgrade_result, []}},
1049
[{active, false} | TcpOpts]},
1050
{ssl_options, ServerOpts}]),
1051
Port = ssl_test_lib:inet_port(Server),
1052
Client = ssl_test_lib:start_upgrade_client([{node, ClientNode},
1056
{mfa, {?MODULE, upgrade_result, []}},
1057
{tcp_options, TcpOpts},
1058
{ssl_options, ClientOpts}]),
1060
test_server:format("Testcase ~p, Client ~p Server ~p ~n",
1061
[self(), Client, Server]),
1063
ssl_test_lib:check_result(Server, ok, Client, ok),
1065
ssl_test_lib:close(Server),
1066
ssl_test_lib:close(Client).
1068
%%--------------------------------------------------------------------
1070
["Test what happens when a tcp tries to connect, i,e. a bad (ssl) packet is sent first"];
1072
tcp_connect(suite) ->
1075
tcp_connect(Config) when is_list(Config) ->
1076
ServerOpts = ?config(server_opts, Config),
1077
{_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1078
TcpOpts = [binary, {reuseaddr, true}],
1080
Server = ssl_test_lib:start_upgrade_server([{node, ServerNode}, {port, 0},
1083
{mfa, {?MODULE, dummy, []}},
1084
{tcp_options, TcpOpts},
1085
{ssl_options, ServerOpts}]),
1086
Port = ssl_test_lib:inet_port(Server),
1088
{ok, Socket} = gen_tcp:connect(Hostname, Port, [binary, {packet, 0}]),
1089
test_server:format("Testcase ~p connected to Server ~p ~n", [self(), Server]),
1090
gen_tcp:send(Socket, "<SOME GARBLED NON SSL MESSAGE>"),
1093
{tcp_closed, Socket} ->
1095
{Server, {error, Error}} ->
1096
test_server:format("Error ~p", [Error])
1102
%% Should not happen as the ssl connection will not be established
1103
%% due to fatal handshake failiure
1106
%%--------------------------------------------------------------------
1108
[{require, ipv6_hosts}].
1113
ipv6(Config) when is_list(Config) ->
1114
{ok, Hostname0} = inet:gethostname(),
1116
case lists:member(list_to_atom(Hostname0), ct:get_config(ipv6_hosts)) of
1118
ClientOpts = ?config(client_opts, Config),
1119
ServerOpts = ?config(server_opts, Config),
1120
{ClientNode, ServerNode, Hostname} =
1121
ssl_test_lib:run_where(Config, ipv6),
1122
Server = ssl_test_lib:start_server([{node, ServerNode},
1123
{port, 0}, {from, self()},
1124
{mfa, {?MODULE, send_recv_result, []}},
1126
[inet6, {active, false} | ServerOpts]}]),
1127
Port = ssl_test_lib:inet_port(Server),
1128
Client = ssl_test_lib:start_client([{node, ClientNode},
1129
{port, Port}, {host, Hostname},
1131
{mfa, {?MODULE, send_recv_result, []}},
1133
[inet6, {active, false} | ClientOpts]}]),
1135
test_server:format("Testcase ~p, Client ~p Server ~p ~n",
1136
[self(), Client, Server]),
1138
ssl_test_lib:check_result(Server, ok, Client, ok),
1140
ssl_test_lib:close(Server),
1141
ssl_test_lib:close(Client);
1143
{skip, "Host does not support IPv6"}
1146
%%--------------------------------------------------------------------
1149
["Test what happens with an invalid key file"];
1154
ekeyfile(Config) when is_list(Config) ->
1155
ClientOpts = ?config(client_opts, Config),
1156
BadOpts = ?config(server_bad_key, Config),
1157
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1160
ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
1162
{options, BadOpts}]),
1164
Port = ssl_test_lib:inet_port(Server),
1167
ssl_test_lib:start_client_error([{node, ClientNode},
1168
{port, Port}, {host, Hostname},
1169
{from, self()}, {options, ClientOpts}]),
1171
ssl_test_lib:check_result(Server, {error, ekeyfile}, Client,
1174
%%--------------------------------------------------------------------
1177
["Test what happens with an invalid cert file"];
1182
ecertfile(Config) when is_list(Config) ->
1183
ClientOpts = ?config(client_opts, Config),
1184
ServerBadOpts = ?config(server_bad_cert, Config),
1185
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1188
ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
1190
{options, ServerBadOpts}]),
1192
Port = ssl_test_lib:inet_port(Server),
1195
ssl_test_lib:start_client_error([{node, ClientNode},
1196
{port, Port}, {host, Hostname},
1198
{options, ClientOpts}]),
1200
ssl_test_lib:check_result(Server, {error, ecertfile}, Client,
1204
%%--------------------------------------------------------------------
1206
["Test what happens with an invalid cacert file"];
1208
ecacertfile(suite) ->
1211
ecacertfile(Config) when is_list(Config) ->
1212
ClientOpts = [{reuseaddr, true}|?config(client_opts, Config)],
1213
ServerBadOpts = [{reuseaddr, true}|?config(server_bad_ca, Config)],
1214
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1217
ssl_test_lib:start_server_error([{node, ServerNode},
1218
{port, 0}, {from, self()},
1219
{options, ServerBadOpts}]),
1221
Port0 = ssl_test_lib:inet_port(Server0),
1225
ssl_test_lib:start_client_error([{node, ClientNode},
1226
{port, Port0}, {host, Hostname},
1228
{options, ClientOpts}]),
1230
ssl_test_lib:check_result(Server0, {error, ecacertfile},
1231
Client0, {error, closed}),
1233
File0 = proplists:get_value(cacertfile, ServerBadOpts),
1234
File = File0 ++ "do_not_exit.pem",
1235
ServerBadOpts1 = [{cacertfile, File}|proplists:delete(cacertfile, ServerBadOpts)],
1238
ssl_test_lib:start_server_error([{node, ServerNode},
1239
{port, 0}, {from, self()},
1240
{options, ServerBadOpts1}]),
1242
Port1 = ssl_test_lib:inet_port(Server1),
1245
ssl_test_lib:start_client_error([{node, ClientNode},
1246
{port, Port1}, {host, Hostname},
1248
{options, ClientOpts}]),
1250
ssl_test_lib:check_result(Server1, {error, ecacertfile},
1251
Client1, {error, closed}),
1256
%%--------------------------------------------------------------------
1258
["Test what happens when we give invalid options"];
1263
eoptions(Config) when is_list(Config) ->
1264
ClientOpts = ?config(client_opts, Config),
1265
ServerOpts = ?config(server_opts, Config),
1266
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1268
Check = fun(Client, Server, {versions, [sslv2, sslv3]} = Option) ->
1269
ssl_test_lib:check_result(Server,
1270
{error, {eoptions, {sslv2, Option}}},
1272
{error, {eoptions, {sslv2, Option}}});
1273
(Client, Server, Option) ->
1274
ssl_test_lib:check_result(Server,
1275
{error, {eoptions, Option}},
1277
{error, {eoptions, Option}})
1280
TestOpts = [{versions, [sslv2, sslv3]},
1283
{verify_fun, function},
1284
{fail_if_no_peer_cert, 0},
1285
{verify_client_once, 1},
1287
{certfile, 'cert.pem'},
1288
{keyfile,'key.pem' },
1292
{ciphers, [{foo, bar, sha, ignore}]},
1293
{reuse_session, foo},
1294
{reuse_sessions, 0},
1295
{renegotiate_at, "10"},
1306
ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
1308
{options, [TestOpt | ServerOpts]}]),
1309
%% Will never reach a point where port is used.
1311
ssl_test_lib:start_client_error([{node, ClientNode}, {port, 0},
1312
{host, Hostname}, {from, self()},
1313
{options, [TestOpt | ClientOpts]}]),
1314
Check(Client, Server, TestOpt),
1316
end || TestOpt <- TestOpts],
1319
%%--------------------------------------------------------------------
1326
shutdown(Config) when is_list(Config) ->
1327
ClientOpts = ?config(client_opts, Config),
1328
ServerOpts = ?config(server_opts, Config),
1329
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1330
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1332
{mfa, {?MODULE, shutdown_result, [server]}},
1333
{options, [{exit_on_close, false},
1334
{active, false} | ServerOpts]}]),
1335
Port = ssl_test_lib:inet_port(Server),
1336
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
1340
{?MODULE, shutdown_result, [client]}},
1342
[{exit_on_close, false},
1343
{active, false} | ClientOpts]}]),
1345
ssl_test_lib:check_result(Server, ok, Client, ok),
1347
ssl_test_lib:close(Server),
1348
ssl_test_lib:close(Client).
1350
shutdown_result(Socket, server) ->
1351
ssl:send(Socket, "Hej"),
1352
ssl:shutdown(Socket, write),
1353
{ok, "Hej hopp"} = ssl:recv(Socket, 8),
1356
shutdown_result(Socket, client) ->
1357
{ok, "Hej"} = ssl:recv(Socket, 3),
1358
ssl:send(Socket, "Hej hopp"),
1359
ssl:shutdown(Socket, write),
1362
%%--------------------------------------------------------------------
1363
shutdown_write(doc) ->
1366
shutdown_write(suite) ->
1369
shutdown_write(Config) when is_list(Config) ->
1370
ClientOpts = ?config(client_opts, Config),
1371
ServerOpts = ?config(server_opts, Config),
1372
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1373
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1375
{mfa, {?MODULE, shutdown_write_result, [server]}},
1376
{options, [{active, false} | ServerOpts]}]),
1377
Port = ssl_test_lib:inet_port(Server),
1378
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
1381
{mfa, {?MODULE, shutdown_write_result, [client]}},
1382
{options, [{active, false} | ClientOpts]}]),
1384
ssl_test_lib:check_result(Server, ok, Client, {error, closed}).
1386
shutdown_write_result(Socket, server) ->
1387
test_server:sleep(?SLEEP),
1388
ssl:shutdown(Socket, write);
1389
shutdown_write_result(Socket, client) ->
1390
ssl:recv(Socket, 0).
1392
%%--------------------------------------------------------------------
1393
shutdown_both(doc) ->
1396
shutdown_both(suite) ->
1399
shutdown_both(Config) when is_list(Config) ->
1400
ClientOpts = ?config(client_opts, Config),
1401
ServerOpts = ?config(server_opts, Config),
1402
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1403
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1405
{mfa, {?MODULE, shutdown_both_result, [server]}},
1406
{options, [{active, false} | ServerOpts]}]),
1407
Port = ssl_test_lib:inet_port(Server),
1408
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
1411
{mfa, {?MODULE, shutdown_both_result, [client]}},
1412
{options, [{active, false} | ClientOpts]}]),
1414
ssl_test_lib:check_result(Server, ok, Client, {error, closed}).
1416
shutdown_both_result(Socket, server) ->
1417
test_server:sleep(?SLEEP),
1418
ssl:shutdown(Socket, read_write);
1419
shutdown_both_result(Socket, client) ->
1420
ssl:recv(Socket, 0).
1422
%%--------------------------------------------------------------------
1423
shutdown_error(doc) ->
1426
shutdown_error(suite) ->
1429
shutdown_error(Config) when is_list(Config) ->
1430
ServerOpts = ?config(server_opts, Config),
1431
Port = ssl_test_lib:inet_port(node()),
1432
{ok, Listen} = ssl:listen(Port, ServerOpts),
1433
{error, enotconn} = ssl:shutdown(Listen, read_write),
1434
ok = ssl:close(Listen),
1435
{error, closed} = ssl:shutdown(Listen, read_write).
1437
%%-------------------------------------------------------------------
1438
ciphers_rsa_signed_certs(doc) ->
1439
["Test all rsa ssl cipher suites in highest support ssl/tls version"];
1441
ciphers_rsa_signed_certs(suite) ->
1444
ciphers_rsa_signed_certs(Config) when is_list(Config) ->
1446
ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
1448
Ciphers = ssl_test_lib:rsa_suites(),
1449
test_server:format("tls1 erlang cipher suites ~p~n", [Ciphers]),
1450
run_suites(Ciphers, Version, Config, rsa).
1452
ciphers_rsa_signed_certs_ssl3(doc) ->
1453
["Test all rsa ssl cipher suites in ssl3"];
1455
ciphers_rsa_signed_certs_ssl3(suite) ->
1458
ciphers_rsa_signed_certs_ssl3(Config) when is_list(Config) ->
1460
ssl_record:protocol_version({3,0}),
1462
Ciphers = ssl_test_lib:rsa_suites(),
1463
test_server:format("ssl3 erlang cipher suites ~p~n", [Ciphers]),
1464
run_suites(Ciphers, Version, Config, rsa).
1466
ciphers_rsa_signed_certs_openssl_names(doc) ->
1467
["Test all rsa ssl cipher suites in highest support ssl/tls version"];
1469
ciphers_rsa_signed_certs_openssl_names(suite) ->
1472
ciphers_rsa_signed_certs_openssl_names(Config) when is_list(Config) ->
1474
ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
1475
Ciphers = ssl_test_lib:openssl_rsa_suites(),
1476
test_server:format("tls1 openssl cipher suites ~p~n", [Ciphers]),
1477
run_suites(Ciphers, Version, Config, rsa).
1480
ciphers_rsa_signed_certs_openssl_names_ssl3(doc) ->
1481
["Test all dsa ssl cipher suites in ssl3"];
1483
ciphers_rsa_signed_certs_openssl_names_ssl3(suite) ->
1486
ciphers_rsa_signed_certs_openssl_names_ssl3(Config) when is_list(Config) ->
1487
Version = ssl_record:protocol_version({3,0}),
1488
Ciphers = ssl_test_lib:openssl_rsa_suites(),
1489
run_suites(Ciphers, Version, Config, rsa).
1492
ciphers_dsa_signed_certs(doc) ->
1493
["Test all dsa ssl cipher suites in highest support ssl/tls version"];
1495
ciphers_dsa_signed_certs(suite) ->
1498
ciphers_dsa_signed_certs(Config) when is_list(Config) ->
1500
ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
1502
Ciphers = ssl_test_lib:dsa_suites(),
1503
test_server:format("tls1 erlang cipher suites ~p~n", [Ciphers]),
1504
run_suites(Ciphers, Version, Config, dsa).
1506
ciphers_dsa_signed_certs_ssl3(doc) ->
1507
["Test all dsa ssl cipher suites in ssl3"];
1509
ciphers_dsa_signed_certs_ssl3(suite) ->
1512
ciphers_dsa_signed_certs_ssl3(Config) when is_list(Config) ->
1514
ssl_record:protocol_version({3,0}),
1516
Ciphers = ssl_test_lib:dsa_suites(),
1517
test_server:format("ssl3 erlang cipher suites ~p~n", [Ciphers]),
1518
run_suites(Ciphers, Version, Config, dsa).
1521
ciphers_dsa_signed_certs_openssl_names(doc) ->
1522
["Test all dsa ssl cipher suites in highest support ssl/tls version"];
1524
ciphers_dsa_signed_certs_openssl_names(suite) ->
1527
ciphers_dsa_signed_certs_openssl_names(Config) when is_list(Config) ->
1529
ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
1531
Ciphers = ssl_test_lib:openssl_dsa_suites(),
1532
test_server:format("tls1 openssl cipher suites ~p~n", [Ciphers]),
1533
run_suites(Ciphers, Version, Config, dsa).
1536
ciphers_dsa_signed_certs_openssl_names_ssl3(doc) ->
1537
["Test all dsa ssl cipher suites in ssl3"];
1539
ciphers_dsa_signed_certs_openssl_names_ssl3(suite) ->
1542
ciphers_dsa_signed_certs_openssl_names_ssl3(Config) when is_list(Config) ->
1543
Version = ssl_record:protocol_version({3,0}),
1544
Ciphers = ssl_test_lib:openssl_dsa_suites(),
1545
run_suites(Ciphers, Version, Config, dsa).
1547
anonymous_cipher_suites(doc)->
1548
["Test the anonymous ciphersuites"];
1549
anonymous_cipher_suites(suite) ->
1551
anonymous_cipher_suites(Config) when is_list(Config) ->
1552
Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
1553
Ciphers = ssl_test_lib:anonymous_suites(),
1554
run_suites(Ciphers, Version, Config, anonymous).
1556
run_suites(Ciphers, Version, Config, Type) ->
1557
{ClientOpts, ServerOpts} =
1560
{?config(client_opts, Config),
1561
?config(server_opts, Config)};
1563
{?config(client_opts, Config),
1564
?config(server_dsa_opts, Config)};
1566
%% No certs in opts!
1567
{?config(client_opts, Config),
1568
?config(server_anon, Config)}
1571
Result = lists:map(fun(Cipher) ->
1572
cipher(Cipher, Version, Config, ClientOpts, ServerOpts) end,
1574
case lists:flatten(Result) of
1578
test_server:format("Cipher suite errors: ~p~n", [Error]),
1579
test_server:fail(cipher_suite_failed_see_test_case_log)
1582
erlang_cipher_suite(Suite) when is_list(Suite)->
1583
ssl_cipher:suite_definition(ssl_cipher:openssl_suite(Suite));
1584
erlang_cipher_suite(Suite) ->
1587
cipher(CipherSuite, Version, Config, ClientOpts, ServerOpts) ->
1588
%% process_flag(trap_exit, true),
1589
test_server:format("Testing CipherSuite ~p~n", [CipherSuite]),
1590
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1592
ErlangCipherSuite = erlang_cipher_suite(CipherSuite),
1594
ConnectionInfo = {ok, {Version, ErlangCipherSuite}},
1596
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1598
{mfa, {ssl_test_lib, cipher_result, [ConnectionInfo]}},
1599
{options, ServerOpts}]),
1600
Port = ssl_test_lib:inet_port(Server),
1601
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
1604
{mfa, {ssl_test_lib, cipher_result, [ConnectionInfo]}},
1606
[{ciphers,[CipherSuite]} |
1609
Result = ssl_test_lib:wait_for_result(Server, ok, Client, ok),
1611
ssl_test_lib:close(Server),
1612
ssl_test_lib:close(Client),
1618
[{ErlangCipherSuite, Error}]
1621
%%--------------------------------------------------------------------
1622
default_reject_anonymous(doc)->
1623
["Test that by default anonymous cipher suites are rejected "];
1624
default_reject_anonymous(suite) ->
1626
default_reject_anonymous(Config) when is_list(Config) ->
1627
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1628
ClientOpts = ?config(client_opts, Config),
1629
ServerOpts = ?config(server_opts, Config),
1631
[Cipher | _] = ssl_test_lib:anonymous_suites(),
1633
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
1635
{options, ServerOpts}]),
1636
Port = ssl_test_lib:inet_port(Server),
1637
Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
1641
[{ciphers,[Cipher]} |
1644
ssl_test_lib:check_result(Server, {error, "insufficient security"},
1645
Client, {error, "insufficient security"}).
1647
%%--------------------------------------------------------------------
1648
reuse_session(doc) ->
1649
["Test reuse of sessions (short handshake)"];
1651
reuse_session(suite) ->
1654
reuse_session(Config) when is_list(Config) ->
1655
ClientOpts = ?config(client_opts, Config),
1656
ServerOpts = ?config(server_opts, Config),
1657
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1660
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1662
{mfa, {?MODULE, session_info_result, []}},
1663
{options, ServerOpts}]),
1664
Port = ssl_test_lib:inet_port(Server),
1666
ssl_test_lib:start_client([{node, ClientNode},
1667
{port, Port}, {host, Hostname},
1668
{mfa, {ssl_test_lib, no_result, []}},
1669
{from, self()}, {options, ClientOpts}]),
1676
Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
1678
%% Make sure session is registered
1679
test_server:sleep(?SLEEP),
1682
ssl_test_lib:start_client([{node, ClientNode},
1683
{port, Port}, {host, Hostname},
1684
{mfa, {?MODULE, session_info_result, []}},
1685
{from, self()}, {options, ClientOpts}]),
1687
{Client1, SessionInfo} ->
1690
test_server:format("Expected: ~p, Unexpected: ~p~n",
1691
[SessionInfo, Other]),
1692
test_server:fail(session_not_reused)
1695
Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
1698
ssl_test_lib:start_client([{node, ClientNode},
1699
{port, Port}, {host, Hostname},
1700
{mfa, {?MODULE, session_info_result, []}},
1701
{from, self()}, {options, [{reuse_sessions, false}
1704
{Client2, SessionInfo} ->
1706
session_reused_when_session_reuse_disabled_by_client);
1711
ssl_test_lib:close(Server),
1714
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1716
{mfa, {?MODULE, session_info_result, []}},
1717
{options, [{reuse_sessions, false} | ServerOpts]}]),
1719
Port1 = ssl_test_lib:inet_port(Server1),
1721
ssl_test_lib:start_client([{node, ClientNode},
1722
{port, Port1}, {host, Hostname},
1723
{mfa, {ssl_test_lib, no_result, []}},
1724
{from, self()}, {options, ClientOpts}]),
1732
Server1 ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
1734
%% Make sure session is registered
1735
test_server:sleep(?SLEEP),
1738
ssl_test_lib:start_client([{node, ClientNode},
1739
{port, Port1}, {host, Hostname},
1740
{mfa, {?MODULE, session_info_result, []}},
1741
{from, self()}, {options, ClientOpts}]),
1744
{Client4, SessionInfo1} ->
1746
session_reused_when_session_reuse_disabled_by_server);
1747
{Client4, _Other} ->
1748
test_server:format("OTHER: ~p ~n", [_Other]),
1752
ssl_test_lib:close(Server1),
1753
ssl_test_lib:close(Client0),
1754
ssl_test_lib:close(Client1),
1755
ssl_test_lib:close(Client2),
1756
ssl_test_lib:close(Client3),
1757
ssl_test_lib:close(Client4).
1759
session_info_result(Socket) ->
1760
ssl:session_info(Socket).
1762
%%--------------------------------------------------------------------
1763
reuse_session_expired(doc) ->
1764
["Test sessions is not reused when it has expired"];
1766
reuse_session_expired(suite) ->
1769
reuse_session_expired(Config) when is_list(Config) ->
1770
ClientOpts = ?config(client_opts, Config),
1771
ServerOpts = ?config(server_opts, Config),
1772
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1775
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1777
{mfa, {?MODULE, session_info_result, []}},
1778
{options, ServerOpts}]),
1779
Port = ssl_test_lib:inet_port(Server),
1781
ssl_test_lib:start_client([{node, ClientNode},
1782
{port, Port}, {host, Hostname},
1783
{mfa, {ssl_test_lib, no_result, []}},
1784
{from, self()}, {options, ClientOpts}]),
1791
Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
1793
%% Make sure session is registered
1794
test_server:sleep(?SLEEP),
1797
ssl_test_lib:start_client([{node, ClientNode},
1798
{port, Port}, {host, Hostname},
1799
{mfa, {?MODULE, session_info_result, []}},
1800
{from, self()}, {options, ClientOpts}]),
1802
{Client1, SessionInfo} ->
1805
test_server:format("Expected: ~p, Unexpected: ~p~n",
1806
[SessionInfo, Other]),
1807
test_server:fail(session_not_reused)
1812
%% Make sure session is unregistered due to expiration
1813
test_server:sleep((?EXPIRE+1) * 1000),
1816
ssl_test_lib:start_client([{node, ClientNode},
1817
{port, Port}, {host, Hostname},
1818
{mfa, {?MODULE, session_info_result, []}},
1819
{from, self()}, {options, ClientOpts}]),
1821
{Client2, SessionInfo} ->
1822
test_server:fail(session_reused_when_session_expired);
1826
process_flag(trap_exit, false),
1827
ssl_test_lib:close(Server),
1828
ssl_test_lib:close(Client0),
1829
ssl_test_lib:close(Client1),
1830
ssl_test_lib:close(Client2).
1832
%%--------------------------------------------------------------------
1833
server_does_not_want_to_reuse_session(doc) ->
1834
["Test reuse of sessions (short handshake)"];
1836
server_does_not_want_to_reuse_session(suite) ->
1839
server_does_not_want_to_reuse_session(Config) when is_list(Config) ->
1840
ClientOpts = ?config(client_opts, Config),
1841
ServerOpts = ?config(server_opts, Config),
1842
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1845
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1847
{mfa, {?MODULE, session_info_result, []}},
1848
{options, [{reuse_session, fun(_,_,_,_) ->
1852
Port = ssl_test_lib:inet_port(Server),
1854
ssl_test_lib:start_client([{node, ClientNode},
1855
{port, Port}, {host, Hostname},
1856
{mfa, {ssl_test_lib, no_result, []}},
1857
{from, self()}, {options, ClientOpts}]),
1864
Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
1866
%% Make sure session is registered
1867
test_server:sleep(?SLEEP),
1868
ssl_test_lib:close(Client0),
1871
ssl_test_lib:start_client([{node, ClientNode},
1872
{port, Port}, {host, Hostname},
1873
{mfa, {?MODULE, session_info_result, []}},
1874
{from, self()}, {options, ClientOpts}]),
1876
{Client1, SessionInfo} ->
1877
test_server:fail(session_reused_when_server_does_not_want_to);
1878
{Client1, _Other} ->
1882
ssl_test_lib:close(Server),
1883
ssl_test_lib:close(Client1).
1885
%%--------------------------------------------------------------------
1887
server_verify_peer_passive(doc) ->
1888
["Test server option verify_peer"];
1890
server_verify_peer_passive(suite) ->
1893
server_verify_peer_passive(Config) when is_list(Config) ->
1894
ClientOpts = ?config(client_verification_opts, Config),
1895
ServerOpts = ?config(server_verification_opts, Config),
1896
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1897
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1899
{mfa, {?MODULE, send_recv_result, []}},
1900
{options, [{active, false}, {verify, verify_peer}
1902
Port = ssl_test_lib:inet_port(Server),
1903
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
1906
{mfa, {?MODULE, send_recv_result, []}},
1907
{options, [{active, false} | ClientOpts]}]),
1909
ssl_test_lib:check_result(Server, ok, Client, ok),
1910
ssl_test_lib:close(Server),
1911
ssl_test_lib:close(Client).
1913
%%--------------------------------------------------------------------
1915
server_verify_peer_active(doc) ->
1916
["Test server option verify_peer"];
1918
server_verify_peer_active(suite) ->
1921
server_verify_peer_active(Config) when is_list(Config) ->
1922
ClientOpts = ?config(client_verification_opts, Config),
1923
ServerOpts = ?config(server_verification_opts, Config),
1924
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1925
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1927
{mfa, {?MODULE, send_recv_result_active, []}},
1928
{options, [{active, true}, {verify, verify_peer}
1930
Port = ssl_test_lib:inet_port(Server),
1931
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
1934
{mfa, {?MODULE, send_recv_result_active, []}},
1935
{options, [{active, true} | ClientOpts]}]),
1937
ssl_test_lib:check_result(Server, ok, Client, ok),
1938
ssl_test_lib:close(Server),
1939
ssl_test_lib:close(Client).
1941
%%--------------------------------------------------------------------
1942
server_verify_peer_active_once(doc) ->
1943
["Test server option verify_peer"];
1945
server_verify_peer_active_once(suite) ->
1948
server_verify_peer_active_once(Config) when is_list(Config) ->
1949
ClientOpts = ?config(client_verification_opts, Config),
1950
ServerOpts = ?config(server_verification_opts, Config),
1951
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1952
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1954
{mfa, {?MODULE, send_recv_result_active_once, []}},
1955
{options, [{active, once}, {verify, verify_peer}
1957
Port = ssl_test_lib:inet_port(Server),
1958
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
1961
{mfa, {?MODULE, send_recv_result_active_once, []}},
1962
{options, [{active, once} | ClientOpts]}]),
1964
ssl_test_lib:check_result(Server, ok, Client, ok),
1965
ssl_test_lib:close(Server),
1966
ssl_test_lib:close(Client).
1968
%%--------------------------------------------------------------------
1970
server_verify_none_passive(doc) ->
1971
["Test server option verify_none"];
1973
server_verify_none_passive(suite) ->
1976
server_verify_none_passive(Config) when is_list(Config) ->
1977
ClientOpts = ?config(client_opts, Config),
1978
ServerOpts = ?config(server_opts, Config),
1979
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
1980
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
1982
{mfa, {?MODULE, send_recv_result, []}},
1983
{options, [{active, false}, {verify, verify_none}
1985
Port = ssl_test_lib:inet_port(Server),
1986
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
1989
{mfa, {?MODULE, send_recv_result, []}},
1990
{options, [{active, false} | ClientOpts]}]),
1992
ssl_test_lib:check_result(Server, ok, Client, ok),
1993
ssl_test_lib:close(Server),
1994
ssl_test_lib:close(Client).
1996
%%--------------------------------------------------------------------
1998
server_verify_none_active(doc) ->
1999
["Test server option verify_none"];
2001
server_verify_none_active(suite) ->
2004
server_verify_none_active(Config) when is_list(Config) ->
2005
ClientOpts = ?config(client_opts, Config),
2006
ServerOpts = ?config(server_opts, Config),
2007
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2008
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2010
{mfa, {?MODULE, send_recv_result_active, []}},
2011
{options, [{active, true}, {verify, verify_none} |
2013
Port = ssl_test_lib:inet_port(Server),
2014
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2017
{mfa, {?MODULE, send_recv_result_active, []}},
2018
{options, [{active, true} | ClientOpts]}]),
2020
ssl_test_lib:check_result(Server, ok, Client, ok),
2021
ssl_test_lib:close(Server),
2022
ssl_test_lib:close(Client).
2024
%%--------------------------------------------------------------------
2025
server_verify_none_active_once(doc) ->
2026
["Test server option verify_none"];
2028
server_verify_none_active_once(suite) ->
2031
server_verify_none_active_once(Config) when is_list(Config) ->
2032
ClientOpts = ?config(client_opts, Config),
2033
ServerOpts = ?config(server_opts, Config),
2034
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2035
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2037
{mfa, {?MODULE, send_recv_result_active_once, []}},
2038
{options, [{active, once}, {verify, verify_none}
2040
Port = ssl_test_lib:inet_port(Server),
2041
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2044
{mfa, {?MODULE, send_recv_result_active_once, []}},
2045
{options, [{active, once} | ClientOpts]}]),
2047
ssl_test_lib:check_result(Server, ok, Client, ok),
2048
ssl_test_lib:close(Server),
2049
ssl_test_lib:close(Client).
2051
%%--------------------------------------------------------------------
2053
server_verify_client_once_passive(doc) ->
2054
["Test server option verify_client_once"];
2056
server_verify_client_once_passive(suite) ->
2059
server_verify_client_once_passive(Config) when is_list(Config) ->
2060
ClientOpts = ?config(client_opts, Config),
2061
ServerOpts = ?config(server_verification_opts, Config),
2062
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2063
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2065
{mfa, {?MODULE, send_recv_result, []}},
2066
{options, [{active, false}, {verify, verify_peer},
2067
{verify_client_once, true}
2069
Port = ssl_test_lib:inet_port(Server),
2070
Client0 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2073
{mfa, {?MODULE, send_recv_result, []}},
2074
{options, [{active, false} | ClientOpts]}]),
2076
ssl_test_lib:check_result(Server, ok, Client0, ok),
2077
ssl_test_lib:close(Client0),
2078
Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
2079
Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2082
{mfa, {?MODULE, result_ok, []}},
2083
{options, [{active, false} | ClientOpts]}]),
2085
ssl_test_lib:check_result(Client1, ok),
2086
ssl_test_lib:close(Server),
2087
ssl_test_lib:close(Client1).
2089
%%--------------------------------------------------------------------
2091
server_verify_client_once_active(doc) ->
2092
["Test server option verify_client_once"];
2094
server_verify_client_once_active(suite) ->
2097
server_verify_client_once_active(Config) when is_list(Config) ->
2098
ClientOpts = ?config(client_opts, Config),
2099
ServerOpts = ?config(server_verification_opts, Config),
2100
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2101
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2103
{mfa, {?MODULE, send_recv_result_active, []}},
2104
{options, [{active, once}, {verify, verify_peer},
2105
{verify_client_once, true}
2107
Port = ssl_test_lib:inet_port(Server),
2108
Client0 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2111
{mfa, {?MODULE, send_recv_result_active, []}},
2112
{options, [{active, true} | ClientOpts]}]),
2114
ssl_test_lib:check_result(Server, ok, Client0, ok),
2115
ssl_test_lib:close(Client0),
2116
Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
2117
Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2120
{mfa, {?MODULE, result_ok, []}},
2121
{options, [{active, true} | ClientOpts]}]),
2123
ssl_test_lib:check_result(Client1, ok),
2124
ssl_test_lib:close(Server),
2125
ssl_test_lib:close(Client1).
2127
%%--------------------------------------------------------------------
2129
server_verify_client_once_active_once(doc) ->
2130
["Test server option verify_client_once"];
2132
server_verify_client_once_active_once(suite) ->
2135
server_verify_client_once_active_once(Config) when is_list(Config) ->
2136
ClientOpts = ?config(client_opts, Config),
2137
ServerOpts = ?config(server_verification_opts, Config),
2138
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2139
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2141
{mfa, {?MODULE, send_recv_result_active_once, []}},
2142
{options, [{active, once}, {verify, verify_peer},
2143
{verify_client_once, true}
2145
Port = ssl_test_lib:inet_port(Server),
2146
Client0 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2149
{mfa, {?MODULE, send_recv_result_active_once, []}},
2150
{options, [{active, once} | ClientOpts]}]),
2152
ssl_test_lib:check_result(Server, ok, Client0, ok),
2153
ssl_test_lib:close(Client0),
2154
Server ! {listen, {mfa, {ssl_test_lib, no_result, []}}},
2155
Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2158
{mfa, {?MODULE, result_ok, []}},
2159
{options, [{active, once} | ClientOpts]}]),
2161
ssl_test_lib:check_result(Client1, ok),
2162
ssl_test_lib:close(Server),
2163
ssl_test_lib:close(Client1).
2165
%%--------------------------------------------------------------------
2167
server_verify_no_cacerts(doc) ->
2168
["Test server must have cacerts if it wants to verify client"];
2170
server_verify_no_cacerts(suite) ->
2172
server_verify_no_cacerts(Config) when is_list(Config) ->
2173
ServerOpts = ?config(server_opts, Config),
2174
{_, ServerNode, _} = ssl_test_lib:run_where(Config),
2175
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
2177
{options, [{verify, verify_peer}
2180
ssl_test_lib:check_result(Server, {error, {eoptions, {cacertfile, ""}}}).
2182
%%--------------------------------------------------------------------
2184
server_require_peer_cert_ok(doc) ->
2185
["Test server option fail_if_no_peer_cert when peer sends cert"];
2187
server_require_peer_cert_ok(suite) ->
2190
server_require_peer_cert_ok(Config) when is_list(Config) ->
2191
ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
2192
| ?config(server_verification_opts, Config)],
2193
ClientOpts = ?config(client_verification_opts, Config),
2194
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2196
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2198
{mfa, {?MODULE, send_recv_result, []}},
2199
{options, [{active, false} | ServerOpts]}]),
2200
Port = ssl_test_lib:inet_port(Server),
2201
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2204
{mfa, {?MODULE, send_recv_result, []}},
2205
{options, [{active, false} | ClientOpts]}]),
2207
ssl_test_lib:check_result(Server, ok, Client, ok),
2208
ssl_test_lib:close(Server),
2209
ssl_test_lib:close(Client).
2211
%%--------------------------------------------------------------------
2213
server_require_peer_cert_fail(doc) ->
2214
["Test server option fail_if_no_peer_cert when peer doesn't send cert"];
2216
server_require_peer_cert_fail(suite) ->
2219
server_require_peer_cert_fail(Config) when is_list(Config) ->
2220
ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true}
2221
| ?config(server_verification_opts, Config)],
2222
BadClientOpts = ?config(client_opts, Config),
2223
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2225
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
2227
{options, [{active, false} | ServerOpts]}]),
2229
Port = ssl_test_lib:inet_port(Server),
2231
Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
2234
{options, [{active, false} | BadClientOpts]}]),
2236
ssl_test_lib:check_result(Server, {error, esslaccept},
2237
Client, {error, esslconnect}).
2239
%%--------------------------------------------------------------------
2241
client_verify_none_passive(doc) ->
2242
["Test client option verify_none"];
2244
client_verify_none_passive(suite) ->
2247
client_verify_none_passive(Config) when is_list(Config) ->
2248
ClientOpts = ?config(client_opts, Config),
2249
ServerOpts = ?config(server_opts, Config),
2250
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2251
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2253
{mfa, {?MODULE, send_recv_result, []}},
2254
{options, [{active, false}
2256
Port = ssl_test_lib:inet_port(Server),
2258
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2261
{mfa, {?MODULE, send_recv_result, []}},
2262
{options, [{active, false},
2263
{verify, verify_none}
2266
ssl_test_lib:check_result(Server, ok, Client, ok),
2267
ssl_test_lib:close(Server),
2268
ssl_test_lib:close(Client).
2270
%%--------------------------------------------------------------------
2272
client_verify_none_active(doc) ->
2273
["Test client option verify_none"];
2275
client_verify_none_active(suite) ->
2278
client_verify_none_active(Config) when is_list(Config) ->
2279
ClientOpts = ?config(client_opts, Config),
2280
ServerOpts = ?config(server_opts, Config),
2281
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2282
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2285
send_recv_result_active, []}},
2286
{options, [{active, true}
2288
Port = ssl_test_lib:inet_port(Server),
2289
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2293
send_recv_result_active, []}},
2294
{options, [{active, true},
2295
{verify, verify_none}
2298
ssl_test_lib:check_result(Server, ok, Client, ok),
2299
ssl_test_lib:close(Server),
2300
ssl_test_lib:close(Client).
2302
%%--------------------------------------------------------------------
2303
client_verify_none_active_once(doc) ->
2304
["Test client option verify_none"];
2306
client_verify_none_active_once(suite) ->
2309
client_verify_none_active_once(Config) when is_list(Config) ->
2310
ClientOpts = ?config(client_opts, Config),
2311
ServerOpts = ?config(server_opts, Config),
2313
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2314
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2316
{mfa, {?MODULE, send_recv_result_active_once, []}},
2317
{options, [{active, once} | ServerOpts]}]),
2318
Port = ssl_test_lib:inet_port(Server),
2320
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2324
send_recv_result_active_once,
2326
{options, [{active, once},
2327
{verify, verify_none}
2330
ssl_test_lib:check_result(Server, ok, Client, ok),
2331
ssl_test_lib:close(Server),
2332
ssl_test_lib:close(Client).
2334
%%--------------------------------------------------------------------
2335
client_renegotiate(doc) ->
2336
["Test ssl:renegotiate/1 on client."];
2338
client_renegotiate(suite) ->
2341
client_renegotiate(Config) when is_list(Config) ->
2342
ServerOpts = ?config(server_opts, Config),
2343
ClientOpts = ?config(client_opts, Config),
2345
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2347
Data = "From erlang to erlang",
2350
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2352
{mfa, {?MODULE, erlang_ssl_receive, [Data]}},
2353
{options, ServerOpts}]),
2354
Port = ssl_test_lib:inet_port(Server),
2356
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2360
renegotiate, [Data]}},
2361
{options, [{reuse_sessions, false} | ClientOpts]}]),
2363
ssl_test_lib:check_result(Client, ok, Server, ok),
2364
ssl_test_lib:close(Server),
2365
ssl_test_lib:close(Client).
2367
%%--------------------------------------------------------------------
2368
server_renegotiate(doc) ->
2369
["Test ssl:renegotiate/1 on server."];
2371
server_renegotiate(suite) ->
2374
server_renegotiate(Config) when is_list(Config) ->
2375
ServerOpts = ?config(server_opts, Config),
2376
ClientOpts = ?config(client_opts, Config),
2378
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2380
Data = "From erlang to erlang",
2382
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2385
renegotiate, [Data]}},
2386
{options, ServerOpts}]),
2387
Port = ssl_test_lib:inet_port(Server),
2389
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2392
{mfa, {?MODULE, erlang_ssl_receive, [Data]}},
2393
{options, [{reuse_sessions, false} | ClientOpts]}]),
2395
ssl_test_lib:check_result(Server, ok, Client, ok),
2396
ssl_test_lib:close(Server),
2397
ssl_test_lib:close(Client).
2399
%%--------------------------------------------------------------------
2400
client_renegotiate_reused_session(doc) ->
2401
["Test ssl:renegotiate/1 on client when the ssl session will be reused."];
2403
client_renegotiate_reused_session(suite) ->
2406
client_renegotiate_reused_session(Config) when is_list(Config) ->
2407
ServerOpts = ?config(server_opts, Config),
2408
ClientOpts = ?config(client_opts, Config),
2410
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2412
Data = "From erlang to erlang",
2415
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2417
{mfa, {?MODULE, erlang_ssl_receive, [Data]}},
2418
{options, ServerOpts}]),
2419
Port = ssl_test_lib:inet_port(Server),
2421
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2425
renegotiate_reuse_session, [Data]}},
2426
{options, [{reuse_sessions, true} | ClientOpts]}]),
2428
ssl_test_lib:check_result(Client, ok, Server, ok),
2429
ssl_test_lib:close(Server),
2430
ssl_test_lib:close(Client).
2431
%%--------------------------------------------------------------------
2432
server_renegotiate_reused_session(doc) ->
2433
["Test ssl:renegotiate/1 on server when the ssl session will be reused."];
2435
server_renegotiate_reused_session(suite) ->
2438
server_renegotiate_reused_session(Config) when is_list(Config) ->
2439
ServerOpts = ?config(server_opts, Config),
2440
ClientOpts = ?config(client_opts, Config),
2442
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2444
Data = "From erlang to erlang",
2446
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2449
renegotiate_reuse_session, [Data]}},
2450
{options, ServerOpts}]),
2451
Port = ssl_test_lib:inet_port(Server),
2453
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2456
{mfa, {?MODULE, erlang_ssl_receive, [Data]}},
2457
{options, [{reuse_sessions, true} | ClientOpts]}]),
2459
ssl_test_lib:check_result(Server, ok, Client, ok),
2460
ssl_test_lib:close(Server),
2461
ssl_test_lib:close(Client).
2462
%%--------------------------------------------------------------------
2463
client_no_wrap_sequence_number(doc) ->
2464
["Test that erlang client will renegotiate session when",
2465
"max sequence number celing is about to be reached. Although"
2466
"in the testcase we use the test option renegotiate_at"
2467
" to lower treashold substantially."];
2469
client_no_wrap_sequence_number(suite) ->
2472
client_no_wrap_sequence_number(Config) when is_list(Config) ->
2473
ServerOpts = ?config(server_opts, Config),
2474
ClientOpts = ?config(client_opts, Config),
2476
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2478
ErlData = "From erlang to erlang",
2482
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2484
{mfa, {ssl_test_lib, no_result, []}},
2485
{options, ServerOpts}]),
2486
Port = ssl_test_lib:inet_port(Server),
2488
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2491
{mfa, {ssl_test_lib,
2492
trigger_renegotiate, [[ErlData, N+2]]}},
2493
{options, [{reuse_sessions, false},
2494
{renegotiate_at, N} | ClientOpts]}]),
2496
ssl_test_lib:check_result(Client, ok),
2497
ssl_test_lib:close(Server),
2498
ssl_test_lib:close(Client).
2499
%%--------------------------------------------------------------------
2500
server_no_wrap_sequence_number(doc) ->
2501
["Test that erlang server will renegotiate session when",
2502
"max sequence number celing is about to be reached. Although"
2503
"in the testcase we use the test option renegotiate_at"
2504
" to lower treashold substantially."];
2506
server_no_wrap_sequence_number(suite) ->
2509
server_no_wrap_sequence_number(Config) when is_list(Config) ->
2510
ServerOpts = ?config(server_opts, Config),
2511
ClientOpts = ?config(client_opts, Config),
2513
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2515
Data = "From erlang to erlang",
2518
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2520
{mfa, {ssl_test_lib,
2521
trigger_renegotiate, [[Data, N+2]]}},
2522
{options, [{renegotiate_at, N} | ServerOpts]}]),
2523
Port = ssl_test_lib:inet_port(Server),
2525
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2528
{mfa, {ssl_test_lib, no_result, []}},
2529
{options, [{reuse_sessions, false} | ClientOpts]}]),
2531
ssl_test_lib:check_result(Server, ok),
2532
ssl_test_lib:close(Server),
2533
ssl_test_lib:close(Client).
2534
%%--------------------------------------------------------------------
2535
extended_key_usage_verify_peer(doc) ->
2536
["Test cert that has a critical extended_key_usage extension in verify_peer mode"];
2538
extended_key_usage_verify_peer(suite) ->
2541
extended_key_usage_verify_peer(Config) when is_list(Config) ->
2542
ClientOpts = ?config(client_verification_opts, Config),
2543
ServerOpts = ?config(server_verification_opts, Config),
2544
PrivDir = ?config(priv_dir, Config),
2546
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
2547
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
2548
Key = public_key:pem_entry_decode(KeyEntry),
2550
ServerCertFile = proplists:get_value(certfile, ServerOpts),
2551
NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
2552
[{'Certificate', ServerDerCert, _}] = ssl_test_lib:pem_to_der(ServerCertFile),
2553
ServerOTPCert = public_key:pkix_decode_cert(ServerDerCert, otp),
2554
ServerExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-serverAuth']},
2555
ServerOTPTbsCert = ServerOTPCert#'OTPCertificate'.tbsCertificate,
2556
ServerExtensions = ServerOTPTbsCert#'OTPTBSCertificate'.extensions,
2557
NewServerOTPTbsCert = ServerOTPTbsCert#'OTPTBSCertificate'{extensions =
2558
[ServerExtKeyUsageExt |
2560
NewServerDerCert = public_key:pkix_sign(NewServerOTPTbsCert, Key),
2561
ssl_test_lib:der_to_pem(NewServerCertFile, [{'Certificate', NewServerDerCert, not_encrypted}]),
2562
NewServerOpts = [{certfile, NewServerCertFile} | proplists:delete(certfile, ServerOpts)],
2564
ClientCertFile = proplists:get_value(certfile, ClientOpts),
2565
NewClientCertFile = filename:join(PrivDir, "client/new_cert.pem"),
2566
[{'Certificate', ClientDerCert, _}] = ssl_test_lib:pem_to_der(ClientCertFile),
2567
ClientOTPCert = public_key:pkix_decode_cert(ClientDerCert, otp),
2568
ClientExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-clientAuth']},
2569
ClientOTPTbsCert = ClientOTPCert#'OTPCertificate'.tbsCertificate,
2570
ClientExtensions = ClientOTPTbsCert#'OTPTBSCertificate'.extensions,
2571
NewClientOTPTbsCert = ClientOTPTbsCert#'OTPTBSCertificate'{extensions =
2572
[ClientExtKeyUsageExt |
2574
NewClientDerCert = public_key:pkix_sign(NewClientOTPTbsCert, Key),
2575
ssl_test_lib:der_to_pem(NewClientCertFile, [{'Certificate', NewClientDerCert, not_encrypted}]),
2576
NewClientOpts = [{certfile, NewClientCertFile} | proplists:delete(certfile, ClientOpts)],
2578
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2580
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2582
{mfa, {?MODULE, send_recv_result_active, []}},
2583
{options, [{verify, verify_peer} | NewServerOpts]}]),
2584
Port = ssl_test_lib:inet_port(Server),
2585
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2588
{mfa, {?MODULE, send_recv_result_active, []}},
2589
{options, [{verify, verify_peer} | NewClientOpts]}]),
2591
ssl_test_lib:check_result(Server, ok, Client, ok),
2593
ssl_test_lib:close(Server),
2594
ssl_test_lib:close(Client).
2596
%%--------------------------------------------------------------------
2597
extended_key_usage_verify_none(doc) ->
2598
["Test cert that has a critical extended_key_usage extension in verify_none mode"];
2600
extended_key_usage_verify_none(suite) ->
2603
extended_key_usage_verify_none(Config) when is_list(Config) ->
2604
ClientOpts = ?config(client_verification_opts, Config),
2605
ServerOpts = ?config(server_verification_opts, Config),
2606
PrivDir = ?config(priv_dir, Config),
2608
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
2609
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
2610
Key = public_key:pem_entry_decode(KeyEntry),
2612
ServerCertFile = proplists:get_value(certfile, ServerOpts),
2613
NewServerCertFile = filename:join(PrivDir, "server/new_cert.pem"),
2614
[{'Certificate', ServerDerCert, _}] = ssl_test_lib:pem_to_der(ServerCertFile),
2615
ServerOTPCert = public_key:pkix_decode_cert(ServerDerCert, otp),
2616
ServerExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-serverAuth']},
2617
ServerOTPTbsCert = ServerOTPCert#'OTPCertificate'.tbsCertificate,
2618
ServerExtensions = ServerOTPTbsCert#'OTPTBSCertificate'.extensions,
2619
NewServerOTPTbsCert = ServerOTPTbsCert#'OTPTBSCertificate'{extensions =
2620
[ServerExtKeyUsageExt |
2622
NewServerDerCert = public_key:pkix_sign(NewServerOTPTbsCert, Key),
2623
ssl_test_lib:der_to_pem(NewServerCertFile, [{'Certificate', NewServerDerCert, not_encrypted}]),
2624
NewServerOpts = [{certfile, NewServerCertFile} | proplists:delete(certfile, ServerOpts)],
2626
ClientCertFile = proplists:get_value(certfile, ClientOpts),
2627
NewClientCertFile = filename:join(PrivDir, "client/new_cert.pem"),
2628
[{'Certificate', ClientDerCert, _}] = ssl_test_lib:pem_to_der(ClientCertFile),
2629
ClientOTPCert = public_key:pkix_decode_cert(ClientDerCert, otp),
2630
ClientExtKeyUsageExt = {'Extension', ?'id-ce-extKeyUsage', true, [?'id-kp-clientAuth']},
2631
ClientOTPTbsCert = ClientOTPCert#'OTPCertificate'.tbsCertificate,
2632
ClientExtensions = ClientOTPTbsCert#'OTPTBSCertificate'.extensions,
2633
NewClientOTPTbsCert = ClientOTPTbsCert#'OTPTBSCertificate'{extensions =
2634
[ClientExtKeyUsageExt |
2636
NewClientDerCert = public_key:pkix_sign(NewClientOTPTbsCert, Key),
2637
ssl_test_lib:der_to_pem(NewClientCertFile, [{'Certificate', NewClientDerCert, not_encrypted}]),
2638
NewClientOpts = [{certfile, NewClientCertFile} | proplists:delete(certfile, ClientOpts)],
2640
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2642
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2644
{mfa, {?MODULE, send_recv_result_active, []}},
2645
{options, [{verify, verify_none} | NewServerOpts]}]),
2646
Port = ssl_test_lib:inet_port(Server),
2647
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2650
{mfa, {?MODULE, send_recv_result_active, []}},
2651
{options, [{verify, verify_none} | NewClientOpts]}]),
2653
ssl_test_lib:check_result(Server, ok, Client, ok),
2655
ssl_test_lib:close(Server),
2656
ssl_test_lib:close(Client).
2658
%%--------------------------------------------------------------------
2659
no_authority_key_identifier(doc) ->
2660
["Test cert that does not have authorityKeyIdentifier extension"
2661
" but are present in trusted certs db."];
2663
no_authority_key_identifier(suite) ->
2665
no_authority_key_identifier(Config) when is_list(Config) ->
2666
ClientOpts = ?config(client_verification_opts, Config),
2667
ServerOpts = ?config(server_opts, Config),
2668
PrivDir = ?config(priv_dir, Config),
2670
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
2671
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
2672
Key = public_key:pem_entry_decode(KeyEntry),
2674
CertFile = proplists:get_value(certfile, ServerOpts),
2675
NewCertFile = filename:join(PrivDir, "server/new_cert.pem"),
2676
[{'Certificate', DerCert, _}] = ssl_test_lib:pem_to_der(CertFile),
2677
OTPCert = public_key:pkix_decode_cert(DerCert, otp),
2678
OTPTbsCert = OTPCert#'OTPCertificate'.tbsCertificate,
2679
Extensions = OTPTbsCert#'OTPTBSCertificate'.extensions,
2680
NewExtensions = delete_authority_key_extension(Extensions, []),
2681
NewOTPTbsCert = OTPTbsCert#'OTPTBSCertificate'{extensions = NewExtensions},
2683
test_server:format("Extensions ~p~n, NewExtensions: ~p~n", [Extensions, NewExtensions]),
2685
NewDerCert = public_key:pkix_sign(NewOTPTbsCert, Key),
2686
ssl_test_lib:der_to_pem(NewCertFile, [{'Certificate', NewDerCert, not_encrypted}]),
2687
NewServerOpts = [{certfile, NewCertFile} | proplists:delete(certfile, ServerOpts)],
2689
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2691
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2693
{mfa, {?MODULE, send_recv_result_active, []}},
2694
{options, NewServerOpts}]),
2695
Port = ssl_test_lib:inet_port(Server),
2696
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2699
{mfa, {?MODULE, send_recv_result_active, []}},
2700
{options, [{verify, verify_peer} | ClientOpts]}]),
2702
ssl_test_lib:check_result(Server, ok, Client, ok),
2704
ssl_test_lib:close(Server),
2705
ssl_test_lib:close(Client).
2707
delete_authority_key_extension([], Acc) ->
2709
delete_authority_key_extension([#'Extension'{extnID = ?'id-ce-authorityKeyIdentifier'} | Rest],
2711
delete_authority_key_extension(Rest, Acc);
2712
delete_authority_key_extension([Head | Rest], Acc) ->
2713
delete_authority_key_extension(Rest, [Head | Acc]).
2715
%%--------------------------------------------------------------------
2717
invalid_signature_server(doc) ->
2718
["Test server with invalid signature"];
2720
invalid_signature_server(suite) ->
2723
invalid_signature_server(Config) when is_list(Config) ->
2724
ClientOpts = ?config(client_verification_opts, Config),
2725
ServerOpts = ?config(server_verification_opts, Config),
2726
PrivDir = ?config(priv_dir, Config),
2728
KeyFile = filename:join(PrivDir, "server/key.pem"),
2729
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
2730
Key = public_key:pem_entry_decode(KeyEntry),
2732
ServerCertFile = proplists:get_value(certfile, ServerOpts),
2733
NewServerCertFile = filename:join(PrivDir, "server/invalid_cert.pem"),
2734
[{'Certificate', ServerDerCert, _}] = ssl_test_lib:pem_to_der(ServerCertFile),
2735
ServerOTPCert = public_key:pkix_decode_cert(ServerDerCert, otp),
2736
ServerOTPTbsCert = ServerOTPCert#'OTPCertificate'.tbsCertificate,
2737
NewServerDerCert = public_key:pkix_sign(ServerOTPTbsCert, Key),
2738
ssl_test_lib:der_to_pem(NewServerCertFile, [{'Certificate', NewServerDerCert, not_encrypted}]),
2739
NewServerOpts = [{certfile, NewServerCertFile} | proplists:delete(certfile, ServerOpts)],
2741
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2743
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
2745
{options, NewServerOpts}]),
2746
Port = ssl_test_lib:inet_port(Server),
2747
Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
2750
{options, [{verify, verify_peer} | ClientOpts]}]),
2752
ssl_test_lib:check_result(Server, {error, "bad certificate"},
2753
Client, {error,"bad certificate"}).
2755
%%--------------------------------------------------------------------
2757
invalid_signature_client(doc) ->
2758
["Test server with invalid signature"];
2760
invalid_signature_client(suite) ->
2763
invalid_signature_client(Config) when is_list(Config) ->
2764
ClientOpts = ?config(client_verification_opts, Config),
2765
ServerOpts = ?config(server_verification_opts, Config),
2766
PrivDir = ?config(priv_dir, Config),
2768
KeyFile = filename:join(PrivDir, "client/key.pem"),
2769
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
2770
Key = public_key:pem_entry_decode(KeyEntry),
2772
ClientCertFile = proplists:get_value(certfile, ClientOpts),
2773
NewClientCertFile = filename:join(PrivDir, "client/invalid_cert.pem"),
2774
[{'Certificate', ClientDerCert, _}] = ssl_test_lib:pem_to_der(ClientCertFile),
2775
ClientOTPCert = public_key:pkix_decode_cert(ClientDerCert, otp),
2776
ClientOTPTbsCert = ClientOTPCert#'OTPCertificate'.tbsCertificate,
2777
NewClientDerCert = public_key:pkix_sign(ClientOTPTbsCert, Key),
2778
ssl_test_lib:der_to_pem(NewClientCertFile, [{'Certificate', NewClientDerCert, not_encrypted}]),
2779
NewClientOpts = [{certfile, NewClientCertFile} | proplists:delete(certfile, ClientOpts)],
2781
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2783
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
2785
{options, [{verify, verify_peer} | ServerOpts]}]),
2786
Port = ssl_test_lib:inet_port(Server),
2787
Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
2790
{options, NewClientOpts}]),
2792
tcp_delivery_workaround(Server, {error, "bad certificate"},
2793
Client, {error,"bad certificate"}).
2795
tcp_delivery_workaround(Server, ServerMsg, Client, ClientMsg) ->
2797
{Server, ServerMsg} ->
2799
{Client, ClientMsg} ->
2801
{Client, {error,closed}} ->
2802
test_server:format("client got close");
2804
test_server:fail(Unexpected)
2806
{Client, ClientMsg} ->
2808
{Server, ServerMsg} ->
2811
test_server:fail(Unexpected)
2813
{Client, {error,closed}} ->
2815
{Server, ServerMsg} ->
2818
test_server:fail(Unexpected)
2820
{Server, {error,closed}} ->
2822
{Client, ClientMsg} ->
2824
{Client, {error,closed}} ->
2825
test_server:format("client got close"),
2828
test_server:fail(Unexpected)
2831
test_server:fail(Unexpected)
2833
%%--------------------------------------------------------------------
2834
cert_expired(doc) ->
2835
["Test server with invalid signature"];
2837
cert_expired(suite) ->
2840
cert_expired(Config) when is_list(Config) ->
2841
ClientOpts = ?config(client_verification_opts, Config),
2842
ServerOpts = ?config(server_verification_opts, Config),
2843
PrivDir = ?config(priv_dir, Config),
2845
KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"),
2846
[KeyEntry] = ssl_test_lib:pem_to_der(KeyFile),
2847
Key = public_key:pem_entry_decode(KeyEntry),
2849
ServerCertFile = proplists:get_value(certfile, ServerOpts),
2850
NewServerCertFile = filename:join(PrivDir, "server/expired_cert.pem"),
2851
[{'Certificate', DerCert, _}] = ssl_test_lib:pem_to_der(ServerCertFile),
2852
OTPCert = public_key:pkix_decode_cert(DerCert, otp),
2853
OTPTbsCert = OTPCert#'OTPCertificate'.tbsCertificate,
2855
{Year, Month, Day} = date(),
2856
{Hours, Min, Sec} = time(),
2857
NotBeforeStr = lists:flatten(io_lib:format("~p~s~s~s~s~sZ",[Year-2,
2858
two_digits_str(Month),
2859
two_digits_str(Day),
2860
two_digits_str(Hours),
2861
two_digits_str(Min),
2862
two_digits_str(Sec)])),
2863
NotAfterStr = lists:flatten(io_lib:format("~p~s~s~s~s~sZ",[Year-1,
2864
two_digits_str(Month),
2865
two_digits_str(Day),
2866
two_digits_str(Hours),
2867
two_digits_str(Min),
2868
two_digits_str(Sec)])),
2869
NewValidity = {'Validity', {generalTime, NotBeforeStr}, {generalTime, NotAfterStr}},
2871
test_server:format("Validity: ~p ~n NewValidity: ~p ~n",
2872
[OTPTbsCert#'OTPTBSCertificate'.validity, NewValidity]),
2874
NewOTPTbsCert = OTPTbsCert#'OTPTBSCertificate'{validity = NewValidity},
2875
NewServerDerCert = public_key:pkix_sign(NewOTPTbsCert, Key),
2876
ssl_test_lib:der_to_pem(NewServerCertFile, [{'Certificate', NewServerDerCert, not_encrypted}]),
2877
NewServerOpts = [{certfile, NewServerCertFile} | proplists:delete(certfile, ServerOpts)],
2879
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2881
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
2883
{options, NewServerOpts}]),
2884
Port = ssl_test_lib:inet_port(Server),
2885
Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
2888
{options, [{verify, verify_peer} | ClientOpts]}]),
2890
ssl_test_lib:check_result(Server, {error, "certificate expired"},
2891
Client, {error, "certificate expired"}).
2893
two_digits_str(N) when N < 10 ->
2894
lists:flatten(io_lib:format("0~p", [N]));
2895
two_digits_str(N) ->
2896
lists:flatten(io_lib:format("~p", [N])).
2898
%%--------------------------------------------------------------------
2900
client_with_cert_cipher_suites_handshake(doc) ->
2901
["Test that client with a certificate without keyEncipherment usage "
2902
" extension can connect to a server with restricted cipher suites "];
2904
client_with_cert_cipher_suites_handshake(suite) ->
2907
client_with_cert_cipher_suites_handshake(Config) when is_list(Config) ->
2908
ClientOpts = ?config(client_verification_opts_digital_signature_only, Config),
2909
ServerOpts = ?config(server_verification_opts, Config),
2910
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2911
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2914
send_recv_result_active, []}},
2915
{options, [{active, true},
2916
{ciphers, ssl_test_lib:rsa_non_signed_suites()}
2918
Port = ssl_test_lib:inet_port(Server),
2919
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2923
send_recv_result_active, []}},
2924
{options, [{active, true}
2927
ssl_test_lib:check_result(Server, ok, Client, ok),
2928
ssl_test_lib:close(Server),
2929
ssl_test_lib:close(Client).
2930
%%--------------------------------------------------------------------
2931
unknown_server_ca_fail(doc) ->
2932
["Test that the client fails if the ca is unknown in verify_peer mode"];
2933
unknown_server_ca_fail(suite) ->
2935
unknown_server_ca_fail(Config) when is_list(Config) ->
2936
ClientOpts = ?config(client_opts, Config),
2937
ServerOpts = ?config(server_opts, Config),
2938
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2939
Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
2941
{mfa, {ssl_test_lib,
2943
{options, ServerOpts}]),
2944
Port = ssl_test_lib:inet_port(Server),
2946
FunAndState = {fun(_,{bad_cert, unknown_ca} = Reason, _) ->
2948
(_,{extension, _}, UserState) ->
2949
{unknown, UserState};
2950
(_, valid, UserState) ->
2951
{valid, [test_to_update_user_state | UserState]};
2952
(_, valid_peer, UserState) ->
2956
Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port},
2959
{mfa, {ssl_test_lib,
2962
[{verify, verify_peer},
2963
{verify_fun, FunAndState}
2966
ssl_test_lib:check_result(Server, {error,"unknown ca"},
2967
Client, {error, "unknown ca"}).
2969
%%--------------------------------------------------------------------
2970
unknown_server_ca_accept_verify_none(doc) ->
2971
["Test that the client succeds if the ca is unknown in verify_none mode"];
2972
unknown_server_ca_accept_verify_none(suite) ->
2974
unknown_server_ca_accept_verify_none(Config) when is_list(Config) ->
2975
ClientOpts = ?config(client_opts, Config),
2976
ServerOpts = ?config(server_opts, Config),
2977
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
2978
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
2981
send_recv_result_active, []}},
2982
{options, ServerOpts}]),
2983
Port = ssl_test_lib:inet_port(Server),
2984
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
2988
send_recv_result_active, []}},
2990
[{verify, verify_none}| ClientOpts]}]),
2992
ssl_test_lib:check_result(Server, ok, Client, ok),
2993
ssl_test_lib:close(Server),
2994
ssl_test_lib:close(Client).
2995
%%--------------------------------------------------------------------
2996
unknown_server_ca_accept_verify_peer(doc) ->
2997
["Test that the client succeds if the ca is unknown in verify_peer mode"
2998
" with a verify_fun that accepts the unknown ca error"];
2999
unknown_server_ca_accept_verify_peer(suite) ->
3001
unknown_server_ca_accept_verify_peer(Config) when is_list(Config) ->
3002
ClientOpts = ?config(client_opts, Config),
3003
ServerOpts = ?config(server_opts, Config),
3004
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
3005
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
3008
send_recv_result_active, []}},
3009
{options, ServerOpts}]),
3010
Port = ssl_test_lib:inet_port(Server),
3012
FunAndState = {fun(_,{bad_cert, unknown_ca}, UserState) ->
3014
(_,{bad_cert, _} = Reason, _) ->
3016
(_,{extension, _}, UserState) ->
3017
{unknown, UserState};
3018
(_, valid, UserState) ->
3020
(_, valid_peer, UserState) ->
3024
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
3028
send_recv_result_active, []}},
3030
[{verify, verify_peer},
3031
{verify_fun, FunAndState}| ClientOpts]}]),
3033
ssl_test_lib:check_result(Server, ok, Client, ok),
3034
ssl_test_lib:close(Server),
3035
ssl_test_lib:close(Client).
3037
%%--------------------------------------------------------------------
3038
unknown_server_ca_accept_backwardscompatibilty(doc) ->
3039
["Test that old style verify_funs will work"];
3040
unknown_server_ca_accept_backwardscompatibilty(suite) ->
3042
unknown_server_ca_accept_backwardscompatibilty(Config) when is_list(Config) ->
3043
ClientOpts = ?config(client_opts, Config),
3044
ServerOpts = ?config(server_opts, Config),
3045
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
3046
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
3049
send_recv_result_active, []}},
3050
{options, ServerOpts}]),
3051
Port = ssl_test_lib:inet_port(Server),
3053
AcceptBadCa = fun({bad_cert,unknown_ca}, Acc) -> Acc;
3054
(Other, Acc) -> [Other | Acc]
3058
case lists:foldl(AcceptBadCa, [], ErrorList) of
3064
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
3068
send_recv_result_active, []}},
3070
[{verify, verify_peer},
3071
{verify_fun, VerifyFun}| ClientOpts]}]),
3073
ssl_test_lib:check_result(Server, ok, Client, ok),
3074
ssl_test_lib:close(Server),
3075
ssl_test_lib:close(Client).
3077
%%--------------------------------------------------------------------
3079
["Test to input certs and key as der"];
3084
der_input(Config) when is_list(Config) ->
3085
DataDir = ?config(data_dir, Config),
3086
DHParamFile = filename:join(DataDir, "dHParam.pem"),
3088
SeverVerifyOpts = ?config(server_verification_opts, Config),
3089
{ServerCert, ServerKey, ServerCaCerts, DHParams} = der_input_opts([{dhfile, DHParamFile} |
3091
ClientVerifyOpts = ?config(client_verification_opts, Config),
3092
{ClientCert, ClientKey, ClientCaCerts, DHParams} = der_input_opts([{dhfile, DHParamFile} |
3094
ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true},
3096
{cert, ServerCert}, {key, ServerKey}, {cacerts, ServerCaCerts}],
3097
ClientOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true},
3099
{cert, ClientCert}, {key, ClientKey}, {cacerts, ClientCaCerts}],
3100
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
3101
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
3103
{mfa, {?MODULE, send_recv_result, []}},
3104
{options, [{active, false} | ServerOpts]}]),
3105
Port = ssl_test_lib:inet_port(Server),
3106
Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
3109
{mfa, {?MODULE, send_recv_result, []}},
3110
{options, [{active, false} | ClientOpts]}]),
3112
ssl_test_lib:check_result(Server, ok, Client, ok),
3113
ssl_test_lib:close(Server),
3114
ssl_test_lib:close(Client).
3116
der_input_opts(Opts) ->
3117
Certfile = proplists:get_value(certfile, Opts),
3118
CaCertsfile = proplists:get_value(cacertfile, Opts),
3119
Keyfile = proplists:get_value(keyfile, Opts),
3120
Dhfile = proplists:get_value(dhfile, Opts),
3121
[{_, Cert, _}] = ssl_test_lib:pem_to_der(Certfile),
3122
[{_, Key, _}] = ssl_test_lib:pem_to_der(Keyfile),
3123
[{_, DHParams, _}] = ssl_test_lib:pem_to_der(Dhfile),
3125
lists:map(fun(Entry) ->
3126
{_, CaCert, _} = Entry,
3128
end, ssl_test_lib:pem_to_der(CaCertsfile)),
3129
{Cert, {rsa, Key}, CaCerts, DHParams}.
3131
%%--------------------------------------------------------------------
3132
%% different_ca_peer_sign(doc) ->
3133
%% ["Check that a CA can have a different signature algorithm than the peer cert."];
3135
%% different_ca_peer_sign(suite) ->
3138
%% different_ca_peer_sign(Config) when is_list(Config) ->
3139
%% ClientOpts = ?config(client_mix_opts, Config),
3140
%% ServerOpts = ?config(server_mix_verify_opts, Config),
3142
%% {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
3143
%% Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
3145
%% {mfa, {?MODULE, send_recv_result_active_once, []}},
3146
%% {options, [{active, once},
3147
%% {verify, verify_peer} | ServerOpts]}]),
3148
%% Port = ssl_test_lib:inet_port(Server),
3150
%% Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
3151
%% {host, Hostname},
3154
%% send_recv_result_active_once,
3156
%% {options, [{active, once},
3157
%% {verify, verify_peer}
3158
%% | ClientOpts]}]),
3160
%% ssl_test_lib:check_result(Server, ok, Client, ok),
3161
%% ssl_test_lib:close(Server),
3162
%% ssl_test_lib:close(Client).
3165
%%--------------------------------------------------------------------
3166
no_reuses_session_server_restart_new_cert(doc) ->
3167
["Check that a session is not reused if the server is restarted with a new cert."];
3169
no_reuses_session_server_restart_new_cert(suite) ->
3172
no_reuses_session_server_restart_new_cert(Config) when is_list(Config) ->
3174
ClientOpts = ?config(client_opts, Config),
3175
ServerOpts = ?config(server_opts, Config),
3176
DsaServerOpts = ?config(server_dsa_opts, Config),
3177
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
3180
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
3182
{mfa, {?MODULE, session_info_result, []}},
3183
{options, ServerOpts}]),
3184
Port = ssl_test_lib:inet_port(Server),
3186
ssl_test_lib:start_client([{node, ClientNode},
3187
{port, Port}, {host, Hostname},
3188
{mfa, {ssl_test_lib, no_result, []}},
3189
{from, self()}, {options, ClientOpts}]),
3196
%% Make sure session is registered
3197
test_server:sleep(?SLEEP),
3198
ssl_test_lib:close(Server),
3199
ssl_test_lib:close(Client0),
3202
ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
3204
{mfa, {ssl_test_lib, no_result, []}},
3205
{options, DsaServerOpts}]),
3208
ssl_test_lib:start_client([{node, ClientNode},
3209
{port, Port}, {host, Hostname},
3210
{mfa, {?MODULE, session_info_result, []}},
3211
{from, self()}, {options, ClientOpts}]),
3213
{Client1, SessionInfo} ->
3214
test_server:fail(session_reused_when_server_has_new_cert);
3215
{Client1, _Other} ->
3218
ssl_test_lib:close(Server1),
3219
ssl_test_lib:close(Client1).
3221
%%--------------------------------------------------------------------
3222
no_reuses_session_server_restart_new_cert_file(doc) ->
3223
["Check that a session is not reused if a server is restarted with a new "
3224
"cert contained in a file with the same name as the old cert."];
3226
no_reuses_session_server_restart_new_cert_file(suite) ->
3229
no_reuses_session_server_restart_new_cert_file(Config) when is_list(Config) ->
3230
ClientOpts = ?config(client_opts, Config),
3231
ServerOpts = ?config(server_verification_opts, Config),
3232
DsaServerOpts = ?config(server_dsa_opts, Config),
3233
PrivDir = ?config(priv_dir, Config),
3235
NewServerOpts = new_config(PrivDir, ServerOpts),
3236
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
3239
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
3241
{mfa, {?MODULE, session_info_result, []}},
3242
{options, NewServerOpts}]),
3243
Port = ssl_test_lib:inet_port(Server),
3245
ssl_test_lib:start_client([{node, ClientNode},
3246
{port, Port}, {host, Hostname},
3247
{mfa, {ssl_test_lib, no_result, []}},
3248
{from, self()}, {options, ClientOpts}]),
3255
%% Make sure session is registered and we get
3256
%% new file time stamp when calling new_config!
3257
test_server:sleep(?SLEEP* 2),
3258
ssl_test_lib:close(Server),
3259
ssl_test_lib:close(Client0),
3261
NewServerOpts = new_config(PrivDir, DsaServerOpts),
3264
ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
3266
{mfa, {ssl_test_lib, no_result, []}},
3267
{options, NewServerOpts}]),
3269
ssl_test_lib:start_client([{node, ClientNode},
3270
{port, Port}, {host, Hostname},
3271
{mfa, {?MODULE, session_info_result, []}},
3272
{from, self()}, {options, ClientOpts}]),
3274
{Client1, SessionInfo} ->
3275
test_server:fail(session_reused_when_server_has_new_cert);
3276
{Client1, _Other} ->
3279
ssl_test_lib:close(Server1),
3280
ssl_test_lib:close(Client1).
3282
%%--------------------------------------------------------------------
3289
reuseaddr(Config) when is_list(Config) ->
3290
ClientOpts = ?config(client_opts, Config),
3291
ServerOpts = ?config(server_opts, Config),
3292
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
3294
ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
3296
{mfa, {ssl_test_lib, no_result, []}},
3297
{options, [{active, false} | ServerOpts]}]),
3298
Port = ssl_test_lib:inet_port(Server),
3300
ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
3303
{mfa, {ssl_test_lib, no_result, []}},
3304
{options, [{active, false} | ClientOpts]}]),
3305
test_server:sleep(?SLEEP),
3306
ssl_test_lib:close(Server),
3309
ssl_test_lib:start_server([{node, ServerNode}, {port, Port},
3311
{mfa, {?MODULE, send_recv_result, []}},
3312
{options, [{active, false} | ServerOpts]}]),
3314
ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
3317
{mfa, {?MODULE, send_recv_result, []}},
3318
{options, [{active, false} | ClientOpts]}]),
3320
ssl_test_lib:check_result(Server1, ok, Client1, ok),
3321
ssl_test_lib:close(Server1),
3322
ssl_test_lib:close(Client1).
3324
%%--------------------------------------------------------------------
3327
["Check that an SSL connection that is started with option "
3328
"{hibernate_after, 1000} indeed hibernates after 1000ms of "
3334
hibernate(Config) ->
3335
ClientOpts = ?config(client_opts, Config),
3336
ServerOpts = ?config(server_opts, Config),
3338
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
3340
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
3342
{mfa, {?MODULE, send_recv_result_active, []}},
3343
{options, ServerOpts}]),
3344
Port = ssl_test_lib:inet_port(Server),
3345
{Client, #sslsocket{pid=Pid}} = ssl_test_lib:start_client([return_socket,
3346
{node, ClientNode}, {port, Port},
3349
{mfa, {?MODULE, send_recv_result_active, []}},
3350
{options, [{hibernate_after, 1000}|ClientOpts]}]),
3352
{ current_function, { _M, _F, _A } } =
3353
process_info(Pid, current_function),
3357
{ current_function, { erlang, hibernate, 3} } =
3358
process_info(Pid, current_function),
3360
ssl_test_lib:close(Server),
3361
ssl_test_lib:close(Client).
3363
%%--------------------------------------------------------------------
3364
%%% Internal functions
3365
%%--------------------------------------------------------------------
3366
send_recv_result(Socket) ->
3367
ssl:send(Socket, "Hello world"),
3368
{ok,"Hello world"} = ssl:recv(Socket, 11),
3371
send_recv_result_active(Socket) ->
3372
ssl:send(Socket, "Hello world"),
3374
{ssl, Socket, "Hello world"} ->
3378
send_recv_result_active_once(Socket) ->
3379
ssl:send(Socket, "Hello world"),
3381
{ssl, Socket, "Hello world"} ->
3385
result_ok(_Socket) ->
3388
renegotiate(Socket, Data) ->
3389
test_server:format("Renegotiating ~n", []),
3390
Result = ssl:renegotiate(Socket),
3391
test_server:format("Result ~p~n", [Result]),
3392
ssl:send(Socket, Data),
3400
renegotiate_reuse_session(Socket, Data) ->
3401
%% Make sure session is registerd
3402
test_server:sleep(?SLEEP),
3403
renegotiate(Socket, Data).
3405
new_config(PrivDir, ServerOpts0) ->
3406
CaCertFile = proplists:get_value(cacertfile, ServerOpts0),
3407
CertFile = proplists:get_value(certfile, ServerOpts0),
3408
KeyFile = proplists:get_value(keyfile, ServerOpts0),
3409
NewCaCertFile = filename:join(PrivDir, "new_ca.pem"),
3410
NewCertFile = filename:join(PrivDir, "new_cert.pem"),
3411
NewKeyFile = filename:join(PrivDir, "new_key.pem"),
3412
file:copy(CaCertFile, NewCaCertFile),
3413
file:copy(CertFile, NewCertFile),
3414
file:copy(KeyFile, NewKeyFile),
3415
ServerOpts1 = proplists:delete(cacertfile, ServerOpts0),
3416
ServerOpts2 = proplists:delete(certfile, ServerOpts1),
3417
ServerOpts = proplists:delete(keyfile, ServerOpts2),
3419
{ok, PEM} = file:read_file(NewCaCertFile),
3420
test_server:format("CA file content: ~p~n", [public_key:pem_decode(PEM)]),
3422
[{cacertfile, NewCaCertFile}, {certfile, NewCertFile},
3423
{keyfile, NewKeyFile} | ServerOpts].
3425
session_cache_process_list(doc) ->
3426
["Test reuse of sessions (short handshake)"];
3428
session_cache_process_list(suite) ->
3430
session_cache_process_list(Config) when is_list(Config) ->
3431
session_cache_process(list,Config).
3433
session_cache_process_mnesia(doc) ->
3434
["Test reuse of sessions (short handshake)"];
3436
session_cache_process_mnesia(suite) ->
3438
session_cache_process_mnesia(Config) when is_list(Config) ->
3439
session_cache_process(mnesia,Config).
3441
session_cache_process(Type,Config) when is_list(Config) ->
3442
reuse_session(Config).
3445
ets:new(ssl_test, [named_table, public, set]),
3446
ets:insert(ssl_test, {type, Type}),
3449
spawn(fun() -> session_loop([]) end);
3452
{atomic,ok} = mnesia:create_table(sess_cache, []),
3457
[{type, Type}] = ets:lookup(ssl_test, type),
3461
case session_cb() of
3466
mnesia:delete_table(sess_cache)
3469
lookup(Cache, Key) ->
3470
case session_cb() of
3472
Cache ! {self(), lookup, Key},
3473
receive {Cache, Res} -> Res end;
3475
case mnesia:transaction(fun() ->
3476
mnesia:read(sess_cache,
3479
{atomic, [{sess_cache, Key, Value}]} ->
3486
update(Cache, Key, Value) ->
3487
case session_cb() of
3489
Cache ! {update, Key, Value};
3492
mnesia:transaction(fun() ->
3493
mnesia:write(sess_cache,
3494
{sess_cache, Key, Value}, write)
3498
delete(Cache, Key) ->
3499
case session_cb() of
3501
Cache ! {delete, Key};
3504
mnesia:transaction(fun() ->
3505
mnesia:delete(sess_cache, Key)
3509
foldl(Fun, Acc, Cache) ->
3510
case session_cb() of
3512
Cache ! {self(),foldl,Fun,Acc},
3513
receive {Cache, Res} -> Res end;
3516
mnesia:foldl(Fun, Acc, sess_cache)
3518
{atomic, Res} = mnesia:transaction(Foldl),
3522
select_session(Cache, PartialKey) ->
3523
case session_cb() of
3525
Cache ! {self(),select_session, PartialKey},
3532
mnesia:select(Cache,
3533
[{{sess_cache,{PartialKey,'$1'}, '$2'},
3536
{atomic, Res} = mnesia:transaction(Sel),
3540
session_loop(Sess) ->
3544
{Pid, lookup, Key} ->
3545
case lists:keysearch(Key,1,Sess) of
3546
{value, {Key,Value}} ->
3547
Pid ! {self(), Value};
3549
Pid ! {self(), undefined}
3552
{update, Key, Value} ->
3553
NewSess = [{Key,Value}| lists:keydelete(Key,1,Sess)],
3554
session_loop(NewSess);
3556
session_loop(lists:keydelete(Key,1,Sess));
3557
{Pid,foldl,Fun,Acc} ->
3558
Res = lists:foldl(Fun, Acc,Sess),
3559
Pid ! {self(), Res},
3561
{Pid,select_session,PKey} ->
3562
Sel = fun({{PKey0, Id},Session}, Acc) when PKey == PKey0 ->
3563
[[Id, Session]|Acc];
3567
Sessions = lists:foldl(Sel, [], Sess),
3568
Pid ! {self(), Sessions},
3573
erlang_ssl_receive(Socket, Data) ->
3575
{ssl, Socket, Data} ->
3576
io:format("Received ~p~n",[Data]),
3579
test_server:fail({unexpected_message, Other})
3581
test_server:fail({did_not_get, Data})