diff options
author | Ingela Anderton Andin <ingela@erlang.org> | 2020-05-11 07:39:16 +0200 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2020-05-28 08:35:22 +0200 |
commit | b2ae7577fa9e274a65b0bd900ebaff27e8e86032 (patch) | |
tree | 433a69a35e45b2e3e26e7a72610dac4a6607cdfd /lib/ssl/test | |
parent | 3a0857030005631c0577973f9118abeea63cede8 (diff) | |
download | erlang-b2ae7577fa9e274a65b0bd900ebaff27e8e86032.tar.gz |
ssl: Refactor tests
Start refactoring tests with the goal that tests shall use the same
framework code so that we do not have to duplicate handling of for
instance IP-version.
Avoid asserting openssl s_server and openssl s_client as it is
too error prone to parse its output and it is Erlang we are
testing not OpenSSL. Maybe we can find some better assertions later.
Also fix init_per_group in many test suites so that it better uses
the framework.
Diffstat (limited to 'lib/ssl/test')
27 files changed, 961 insertions, 1310 deletions
diff --git a/lib/ssl/test/dtls_api_SUITE.erl b/lib/ssl/test/dtls_api_SUITE.erl index dfcee916af..04676a6ba4 100644 --- a/lib/ssl/test/dtls_api_SUITE.erl +++ b/lib/ssl/test/dtls_api_SUITE.erl @@ -60,26 +60,10 @@ end_per_suite(_Config) -> init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - false -> - {skip, "Missing crypto support"} - end; - _ -> - ssl:start(), - Config - end. + ssl_test_lib:init_per_group(GroupName, Config). end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). init_per_testcase(_TestCase, Config) -> ssl_test_lib:ct_log_supported_protocol_versions(Config), diff --git a/lib/ssl/test/openssl_alpn_SUITE.erl b/lib/ssl/test/openssl_alpn_SUITE.erl index 409c90b0a8..5058ffcd90 100644 --- a/lib/ssl/test/openssl_alpn_SUITE.erl +++ b/lib/ssl/test/openssl_alpn_SUITE.erl @@ -43,7 +43,8 @@ all() -> {group, 'tlsv1.1'}, {group, 'tlsv1'}, {group, 'dtlsv1.2'}, - {group, 'dtlsv1'}]; + {group, 'dtlsv1'} + ]; false -> [ {group, 'tlsv1.3'}, @@ -78,7 +79,8 @@ alpn_tests() -> erlang_client_alpn_openssl_server, erlang_client_openssl_server_alpn, erlang_server_alpn_openssl_client, - erlang_server_openssl_client_alpn]. + erlang_server_openssl_client_alpn + ]. alpn_npn_coexist() -> [ @@ -127,21 +129,22 @@ init_per_testcase(TestCase, Config) -> ct:timetrap({seconds, 30}), special_init(TestCase, Config). -special_init(erlang_client_alpn_openssl_server_alpn_renegotiate, Config) -> - {ok, Version} = application:get_env(ssl, protocol_version), +special_init(TestCase, Config) when TestCase == erlang_client_alpn_openssl_server_alpn_renegotiate; + TestCase == erlang_server_alpn_openssl_client_alpn_renegotiate -> + [Version | _] = ssl_test_lib:default_tls_version(Config), case ssl_test_lib:check_sane_openssl_renegotiate(Config, Version) of {skip, _} = Skip -> Skip; Config -> ssl_test_lib:openssl_allows_server_renegotiate(Config) end; -special_init(erlang_server_alpn_openssl_client_alpn_renegotiate, Config) -> - {ok, Version} = application:get_env(ssl, protocol_version), - case ssl_test_lib:check_sane_openssl_renegotiate(Config, Version) of +special_init(TestCase, Config) when TestCase == erlang_client_alpn_npn_openssl_server_alpn_npn; + TestCase == erlang_server_alpn_npn_openssl_client_alpn_npn -> + case ssl_test_lib:check_openssl_npn_support(Config) of {skip, _} = Skip -> Skip; - Config -> - ssl_test_lib:openssl_allows_client_renegotiate(Config) + Config -> + Config end; special_init(_, Config) -> Config. @@ -154,109 +157,280 @@ end_per_testcase(_, Config) -> %%-------------------------------------------------------------------- erlang_client_alpn_openssl_server_alpn(Config) when is_list(Config) -> - Data = "From openssl to erlang", - start_erlang_client_and_openssl_server_for_alpn_negotiation(Config, Data, fun(Client, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Client, Data) - end). + ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + AlpnProtocol = <<"spdy/2">>, + + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [{alpn,"http/1.1,spdy/2"}, return_port], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), + + {Client, CSocket} = ssl_test_lib:start_client(erlang, [{port, Port}, + return_socket], + [{client_opts, + [{alpn_advertised_protocols, + [AlpnProtocol]} | ClientOpts]} + | Config]), + + case ssl:negotiated_protocol(CSocket) of + {ok, AlpnProtocol} -> + ok; + Result -> + ct:fail({error, {{expected, AlpnProtocol}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Client, OpenSSLPort), + ssl:close(CSocket). %%-------------------------------------------------------------------- erlang_server_alpn_openssl_client_alpn(Config) when is_list(Config) -> - Data = "From openssl to erlang", - start_erlang_server_and_openssl_client_for_alpn_negotiation(Config, Data, fun(Client, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Client, Data) - end). + ClientOpts = proplists:get_value(client_rsa_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), + Protocol = <<"spdy/2">>, + Server = ssl_test_lib:start_server(erlang, [{from, self()}], + [{server_opts, [{alpn_preferred_protocols, + [<<"spdy/2">>]} |ServerOpts]} | Config]), + Port = ssl_test_lib:inet_port(Server), + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port},{alpn, "spdy/2"}, {options, ClientOpts}, return_port], Config), + + Server ! get_socket, + SSocket = + receive + {Server, {socket, Socket}} -> + Socket + end, + case ssl:negotiated_protocol(SSocket) of + {ok, Protocol} -> + ok; + Result -> + ct:fail({error, {{expected, Protocol}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Server, OpenSSLPort), + ssl:close(SSocket). %%-------------------------------------------------------------------------- erlang_client_alpn_openssl_server(Config) when is_list(Config) -> - Data = "From openssl to erlang", - ssl_test_lib:start_erlang_client_and_openssl_server_with_opts(Config, - [{alpn_advertised_protocols, [<<"spdy/2">>]}], - [], - Data, fun(Client, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Client, Data) - end). + ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + Protocol = <<"spdy/2">>, + + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [return_port], [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), + + {Client, CSocket} = ssl_test_lib:start_client(erlang, [{port, Port}, + return_socket], + [{client_opts, [{alpn_advertised_protocols, + [Protocol]} | ClientOpts]} | Config]), + + + case ssl:negotiated_protocol(CSocket) of + {error, protocol_not_negotiated} -> + ok; + Result -> + ct:fail({error, {{expected, undefined}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Client, OpenSSLPort). %%-------------------------------------------------------------------------- erlang_client_openssl_server_alpn(Config) when is_list(Config) -> - Data = "From openssl to erlang", - ssl_test_lib:start_erlang_client_and_openssl_server_with_opts(Config, - [], - ["-alpn", "spdy/2"], - Data, fun(Client, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Client, Data) - end). + ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [{alpn,"spdy/2"}, return_port], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), + + {Client, CSocket} = ssl_test_lib:start_client(erlang, [{port, Port}, + return_socket], + [{client_opts, ClientOpts} | Config]), + + case ssl:negotiated_protocol(CSocket) of + {error, protocol_not_negotiated} -> + ok; + Result -> + ct:fail({error, {{expected, undefined}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Client, OpenSSLPort). %%-------------------------------------------------------------------------- - erlang_server_alpn_openssl_client(Config) when is_list(Config) -> - Data = "From openssl to erlang", - ssl_test_lib:start_erlang_server_and_openssl_client_with_opts(Config, - [{alpn_preferred_protocols, [<<"spdy/2">>]}], - [], - Data, fun(Server, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Server, Data) - end). - + ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), + Server = ssl_test_lib:start_server(erlang, [{from, self()}], + [{server_opts, [{alpn_preferred_protocols, + [<<"spdy/2">>]} | ServerOpts]} | Config]), + Port = ssl_test_lib:inet_port(Server), + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, {options, ClientOpts}, return_port], Config), + + Server ! get_socket, + SSocket = + receive + {Server, {socket, Socket}} -> + Socket + end, + case ssl:negotiated_protocol(SSocket) of + {error, protocol_not_negotiated} -> + ok; + Result -> + ct:fail({error, {{expected, undefined}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Server, OpenSSLPort), + ssl:close(SSocket). %%-------------------------------------------------------------------------- erlang_server_openssl_client_alpn(Config) when is_list(Config) -> - Data = "From openssl to erlang", - ssl_test_lib:start_erlang_server_and_openssl_client_with_opts(Config, - [], - ["-alpn", "spdy/2"], - Data, fun(Server, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Server, Data) - end). + ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), + Server = ssl_test_lib:start_server(erlang, [{from, self()}], + [{server_opts, [ServerOpts]} | Config]), + Port = ssl_test_lib:inet_port(Server), + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, {alpn, "spdy/2"}, {options, ClientOpts}, return_port], Config), + + Server ! get_socket, + SSocket = + receive + {Server, {socket, Socket}} -> + Socket + end, + case ssl:negotiated_protocol(SSocket) of + {error, protocol_not_negotiated} -> + ok; + Result -> + ct:fail({error, {{expected, undefined}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Server, OpenSSLPort), + ssl:close(SSocket). %%-------------------------------------------------------------------- erlang_client_alpn_openssl_server_alpn_renegotiate(Config) when is_list(Config) -> - Data = "From openssl to erlang", - start_erlang_client_and_openssl_server_for_alpn_negotiation(Config, Data, fun(Client, OpensslPort) -> - true = port_command(OpensslPort, ?OPENSSL_RENEGOTIATE), - ct:sleep(?SLEEP), - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Client, Data) - end). - + + ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + AlpnProtocol = <<"spdy/2">>, + + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [{alpn,"http/1.1,spdy/2"}, return_port], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), + + {Client, CSocket} = ssl_test_lib:start_client(erlang, [{port, Port}, + return_socket], + [{client_opts, + [{alpn_advertised_protocols, + [AlpnProtocol]} | ClientOpts]} | Config]), + + case ssl:negotiated_protocol(CSocket) of + {ok, AlpnProtocol} -> + ok; + Result -> + ct:fail({error, {{expected, AlpnProtocol}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Client, OpenSSLPort), + ssl_test_lib:send(Server, ?OPENSSL_RENEGOTIATE), + ct:sleep(1000), + %%% Should still be the same as initially negotiated + case ssl:negotiated_protocol(CSocket) of + {ok, AlpnProtocol} -> + ok; + Other -> + ct:fail({error, {{expected, AlpnProtocol}, {got, Other}}}) + end, + ssl_test_lib:sanity_check(Client, OpenSSLPort), + ssl:close(CSocket). %%-------------------------------------------------------------------- erlang_server_alpn_openssl_client_alpn_renegotiate(Config) when is_list(Config) -> - Data = "From openssl to erlang", - start_erlang_server_and_openssl_client_for_alpn_negotiation(Config, Data, fun(Server, OpensslPort) -> - true = port_command(OpensslPort, ?OPENSSL_RENEGOTIATE), - ct:sleep(?SLEEP), - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Server, Data) - end). + ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), + AlpnProtocol = <<"spdy/2">>, + Server = ssl_test_lib:start_server(erlang, [{from, self()}], + [{server_opts, [{alpn_preferred_protocols, + [AlpnProtocol]} | ServerOpts]} | Config]), + Port = ssl_test_lib:inet_port(Server), + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, {alpn, "spdy/2"}, + {options, ClientOpts}, return_port], Config), + + Server ! get_socket, + SSocket = + receive + {Server, {socket, Socket}} -> + Socket + end, + case ssl:negotiated_protocol(SSocket) of + {ok, AlpnProtocol} -> + ok; + Result -> + ct:fail({error, {{expected, AlpnProtocol}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Server, OpenSSLPort), + ssl:renegotiate(SSocket), + case ssl:negotiated_protocol(SSocket) of + {ok, AlpnProtocol} -> + ok; + Other -> + ct:fail({error, {{expected, AlpnProtocol}, {got, Other}}}) + end, + ssl_test_lib:sanity_check(Server, OpenSSLPort), + ssl:close(SSocket). %%-------------------------------------------------------------------- erlang_client_alpn_npn_openssl_server_alpn_npn(Config) when is_list(Config) -> - Data = "From openssl to erlang", - start_erlang_client_and_openssl_server_for_alpn_npn_negotiation(Config, Data, fun(Client, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Client, Data) - end). + ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + AlpnProtocol = <<"spdy/2">>, + + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [{alpn,"http/1.1,spdy/2"}, + {np, "spdy/3"}, return_port], [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), + + {Client, CSocket} = ssl_test_lib:start_client(erlang, [{port, Port}, + return_socket], + [{client_opts, + [{alpn_advertised_protocols, [AlpnProtocol]}, + {next_protocols_advertised, + [<<"spdy/3">>, <<"http/1.1">>]}]} | ClientOpts] ++ Config), + case ssl:negotiated_protocol(CSocket) of + {ok, AlpnProtocol} -> + ok; + Result -> + ct:fail({error, {{expected, AlpnProtocol}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Client, OpenSSLPort). %%-------------------------------------------------------------------- erlang_server_alpn_npn_openssl_client_alpn_npn(Config) when is_list(Config) -> - Data = "From openssl to erlang", - start_erlang_server_and_openssl_client_for_alpn_npn_negotiation(Config, Data, fun(Server, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Server, Data) - end). - + ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), + AlpnProtocol = <<"spdy/2">>, + Server = ssl_test_lib:start_server(erlang, + [{from, self()}], + [{server_opts, [{alpn_preferred_protocols, + [<<"spdy/2">>]}, + {next_protocols_advertised, + [<<"spdy/3">>, <<"http/1.1">>]} + | ServerOpts]} | Config]), + Port = ssl_test_lib:inet_port(Server), + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, {alpn, "http/1.1,spdy/2"}, + {np,"spdy/3"}, {options, ClientOpts}, return_port], Config), + + Server ! get_socket, + SSocket = + receive + {Server, {socket, Socket}} -> + Socket + end, + case ssl:negotiated_protocol(SSocket) of + {ok, AlpnProtocol} -> + ok; + Result -> + ct:fail({error, {{expected, AlpnProtocol}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Server, OpenSSLPort), + ssl:close(SSocket). %%-------------------------------------------------------------------- %% Internal functions ----------------------------------------------- @@ -270,138 +444,12 @@ check_openssl_alpn_support(Config) -> Config end. -start_erlang_client_and_openssl_server_for_alpn_negotiation(Config, Data, Callback) -> - process_flag(trap_exit, true), - ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), - ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), - ClientOpts = [{alpn_advertised_protocols, [<<"spdy/2">>]} | ClientOpts0], - - {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), - - Data = "From openssl to erlang", - - Port = ssl_test_lib:inet_port(node()), - CaCertFile = proplists:get_value(cacertfile, ServerOpts), - CertFile = proplists:get_value(certfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = ["s_server", "-msg", "-alpn", "http/1.1,spdy/2", "-accept", - integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-CAfile", CaCertFile, - "-cert", CertFile, "-key", KeyFile], - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), - - Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, - {host, Hostname}, - {from, self()}, - {mfa, {ssl_test_lib, - erlang_ssl_receive_and_assert_negotiated_protocol, [<<"spdy/2">>, Data]}}, - {options, ClientOpts}]), - - Callback(Client, OpensslPort), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), - - ssl_test_lib:close(Client), - process_flag(trap_exit, false). - -start_erlang_server_and_openssl_client_for_alpn_negotiation(Config, Data, Callback) -> - process_flag(trap_exit, true), - ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config), - ServerOpts = [{alpn_preferred_protocols, [<<"spdy/2">>]} | ServerOpts0], - - {_, ServerNode, _} = ssl_test_lib:run_where(Config), - - - Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, - {from, self()}, - {mfa, {ssl_test_lib, erlang_ssl_receive_and_assert_negotiated_protocol, [<<"spdy/2">>, Data]}}, - {options, ServerOpts}]), - Port = ssl_test_lib:inet_port(Server), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = ["s_client", "-alpn", "http/1.0,spdy/2", "-msg", "-port", - integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-host", "localhost"], - - OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), - - Callback(Server, OpenSslPort), - - ssl_test_lib:close(Server), - - ssl_test_lib:close_port(OpenSslPort), - process_flag(trap_exit, false). - -start_erlang_client_and_openssl_server_for_alpn_npn_negotiation(Config, Data, Callback) -> - process_flag(trap_exit, true), - ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), - ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_opts, Config), - ClientOpts = [{alpn_advertised_protocols, [<<"spdy/2">>]}, - {client_preferred_next_protocols, {client, [<<"spdy/3">>, <<"http/1.1">>]}} | ClientOpts0], - - {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), - - Data = "From openssl to erlang", - - Port = ssl_test_lib:inet_port(node()), - CertFile = proplists:get_value(certfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = ["s_server", "-msg", "-alpn", "http/1.1,spdy/2", "-nextprotoneg", - "spdy/3", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-cert", CertFile, "-key", KeyFile], - - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), - - Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, - {host, Hostname}, - {from, self()}, - {mfa, {ssl_test_lib, - erlang_ssl_receive_and_assert_negotiated_protocol, [<<"spdy/2">>, Data]}}, - {options, ClientOpts}]), - - Callback(Client, OpensslPort), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), - - ssl_test_lib:close(Client), - process_flag(trap_exit, false). - -start_erlang_server_and_openssl_client_for_alpn_npn_negotiation(Config, Data, Callback) -> - process_flag(trap_exit, true), - ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), - ServerOpts = [{alpn_preferred_protocols, [<<"spdy/2">>]}, - {next_protocols_advertised, [<<"spdy/3">>, <<"http/1.1">>]} | ServerOpts0], - - {_, ServerNode, _} = ssl_test_lib:run_where(Config), - - - Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, - {from, self()}, - {mfa, {ssl_test_lib, erlang_ssl_receive_and_assert_negotiated_protocol, [<<"spdy/2">>, Data]}}, - {options, ServerOpts}]), - Port = ssl_test_lib:inet_port(Server), - Version = ssl_test_lib:protocol_version(Config), - Exe = "openssl", - Args = ["s_client", "-alpn", "http/1.1,spdy/2", "-nextprotoneg", "spdy/3", - "-msg", "-port", integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-host", "localhost"], - OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), - - Callback(Server, OpenSslPort), - - ssl_test_lib:close(Server), - ssl_test_lib:close_port(OpenSslPort), - process_flag(trap_exit, false). +check_openssl_npn_support(Config) -> + HelpText = os:cmd("openssl s_client --help"), + case string:str(HelpText, "nextprotoneg") of + 0 -> + {skip, "no OpenSSL npn support"}; + _ -> + Config + end. diff --git a/lib/ssl/test/openssl_cipher_suite_SUITE.erl b/lib/ssl/test/openssl_cipher_suite_SUITE.erl index 5246cc028e..e81bbe7d78 100644 --- a/lib/ssl/test/openssl_cipher_suite_SUITE.erl +++ b/lib/ssl/test/openssl_cipher_suite_SUITE.erl @@ -217,14 +217,14 @@ end_per_suite(_Config) -> ssl_test_lib:kill_openssl(). %%-------------------------------------------------------------------- -init_per_group(GroupName, Config0) -> - case ssl_test_lib:init_per_group_openssl(GroupName, Config0) of - {skip, _} = Skip -> - Skip; - Config -> +init_per_group(GroupName, Config) -> + case ssl_test_lib:is_protocol_version(GroupName) of + true -> + ssl_test_lib:init_per_group_openssl(GroupName, Config); + false -> do_init_per_group(GroupName, Config) end. - + do_init_per_group(openssl_client, Config0) -> Config = proplists:delete(server_type, proplists:delete(client_type, Config0)), [{client_type, openssl}, {server_type, erlang} | Config]; @@ -266,7 +266,7 @@ do_init_per_group(srp_dss = GroupName, Config) -> {skip, "Missing DSS_SRP crypto support"} end; do_init_per_group(GroupName, Config) when GroupName == srp_anon; - GroupName == srp_rsa -> + GroupName == srp_rsa -> PKAlg = proplists:get_value(public_keys, crypto:supports()), case lists:member(srp, PKAlg) of true -> @@ -282,14 +282,31 @@ do_init_per_group(dhe_psk = GroupName, Config) -> false -> {skip, "Missing SRP crypto support"} end; -do_init_per_group(GroupName, Config0) -> - case ssl_test_lib:is_tls_version(GroupName) of +do_init_per_group(dhe_rsa = GroupName, Config) -> + PKAlg = proplists:get_value(public_keys, crypto:supports()), + case lists:member(dh, PKAlg) andalso lists:member(rsa, PKAlg) of + true -> + init_certs(GroupName, Config); + false -> + {skip, "Missing SRP crypto support"} + end; +do_init_per_group(rsa = GroupName, Config) -> + PKAlg = proplists:get_value(public_keys, crypto:supports()), + case lists:member(rsa, PKAlg) of + true -> + init_certs(GroupName, Config); + false -> + {skip, "Missing SRP crypto support"} + end; +do_init_per_group(dh_anon = GroupName, Config) -> + PKAlg = proplists:get_value(public_keys, crypto:supports()), + case lists:member(dh, PKAlg) of true -> - ssl_test_lib:init_tls_version(GroupName, end_per_group(GroupName, Config0)); + init_certs(GroupName, Config); false -> - init_certs(GroupName, Config0) + {skip, "Missing SRP crypto support"} end. - + end_per_group(GroupName, Config) -> ssl_test_lib:end_per_group(GroupName, Config). diff --git a/lib/ssl/test/openssl_key_update_SUITE.erl b/lib/ssl/test/openssl_key_update_SUITE.erl index 4963f0bb30..55e302dd69 100644 --- a/lib/ssl/test/openssl_key_update_SUITE.erl +++ b/lib/ssl/test/openssl_key_update_SUITE.erl @@ -96,15 +96,16 @@ openssl_client_explicit_key_update(Config) -> Port = ssl_test_lib:inet_port(Server), Client = ssl_test_lib:start_client(openssl, [{port, Port}], Config), - ssl_test_lib:send_recv_result_active(Client, Server, Data), - + ssl_test_lib:send(Client, Data), + Data = ssl_test_lib:check_active_receive(Server, Data), %% TODO s_client can hang after sending special commands e.g "k", "K" %% ssl_test_lib:update_keys(Client, write), %% ssl_test_lib:update_keys(Client, read_write), ssl_test_lib:update_keys(Server, write), ssl_test_lib:update_keys(Server, read_write), - ssl_test_lib:send_recv_result_active(Client, Server, Data), + ssl_test_lib:send(Client, Data), + Data = ssl_test_lib:check_active_receive(Server, Data), ssl_test_lib:close(Client), ssl_test_lib:close(Server). @@ -121,14 +122,16 @@ openssl_server_explicit_key_update(Config) -> Client = ssl_test_lib:start_client(erlang, [{port, Port}, {log_level, debug}, {versions, ['tlsv1.2','tlsv1.3']}],Config), - ssl_test_lib:send_recv_result_active(Server, Client, Data), - + ssl_test_lib:send(Server, Data), + Data = ssl_test_lib:check_active_receive(Client, Data), + ssl_test_lib:update_keys(Client, write), ssl_test_lib:update_keys(Client, read_write), ssl_test_lib:update_keys(Server, write), ssl_test_lib:update_keys(Server, read_write), - ssl_test_lib:send_recv_result_active(Client, Server, Data), + ssl_test_lib:send(Server, Data), + Data = ssl_test_lib:check_active_receive(Client, Data), ssl_test_lib:close(Client), ssl_test_lib:close(Server). diff --git a/lib/ssl/test/openssl_npn_SUITE.erl b/lib/ssl/test/openssl_npn_SUITE.erl index a37a4bf1f6..0a292b7d8b 100644 --- a/lib/ssl/test/openssl_npn_SUITE.erl +++ b/lib/ssl/test/openssl_npn_SUITE.erl @@ -94,7 +94,7 @@ end_per_group(GroupName, Config) -> ssl_test_lib:end_per_group(GroupName, Config). init_per_testcase(TestCase, Config) -> - ct:timetrap({seconds, 10}), + ct:timetrap({seconds, 30}), special_init(TestCase, Config). special_init(erlang_client_openssl_server_npn_renegotiate, Config) -> @@ -122,169 +122,239 @@ erlang_client_openssl_server_npn() -> [{doc,"Test erlang client with openssl server doing npn negotiation"}]. erlang_client_openssl_server_npn(Config) when is_list(Config) -> - Data = "From openssl to erlang", - start_erlang_client_and_openssl_server_for_npn_negotiation(Config, Data, - fun(Client, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Client, Data) - end). + ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + NpnProtocol = <<"spdy/2">>, + + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [{np,"http/1.1,spdy/2"},return_port], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), + + {Client, CSocket} = ssl_test_lib:start_client(erlang, [{port, Port}, + return_socket], + [{client_opts, + [{client_preferred_next_protocols, + {client, [NpnProtocol], <<"http/1.1">>}} | ClientOpts]} + | Config]), + + case ssl:negotiated_protocol(CSocket) of + {ok, NpnProtocol} -> + ok; + Result -> + ct:fail({error, {{expected, NpnProtocol}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Client, OpenSSLPort), + ssl:close(CSocket). %%-------------------------------------------------------------------- erlang_client_openssl_server_npn_renegotiate() -> [{doc,"Test erlang client with openssl server doing npn negotiation and renegotiate"}]. erlang_client_openssl_server_npn_renegotiate(Config) when is_list(Config) -> - Data = "From openssl to erlang", - start_erlang_client_and_openssl_server_for_npn_negotiation(Config, Data, - fun(Client, OpensslPort) -> - true = port_command(OpensslPort, - ?OPENSSL_RENEGOTIATE), - ct:sleep(?SLEEP), - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Client, Data) - end). + + ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + NpnProtocol = <<"spdy/2">>, + + Server = ssl_test_lib:start_server(openssl, [{np,"http/1.1,spdy/2"}], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), + + {_, CSocket} = ssl_test_lib:start_client(erlang, [{port, Port}, + return_socket], + [{client_opts, + [{client_preferred_next_protocols, + {client, [NpnProtocol], <<"http/1.1">>}} | ClientOpts]} | Config]), + + case ssl:negotiated_protocol(CSocket) of + {ok, NpnProtocol} -> + ok; + Result -> + ct:fail({error, {{expected, NpnProtocol}, {got, Result}}}) + end, + ssl_test_lib:send(Server, ?OPENSSL_RENEGOTIATE), + ct:sleep(1000), + %%% Should still be the same as initially negotiated + case ssl:negotiated_protocol(CSocket) of + {ok, NpnProtocol} -> + ok; + Other -> + ct:fail({error, {{expected, NpnProtocol}, {got, Other}}}) + end. + %%-------------------------------------------------------------------------- erlang_server_openssl_client_npn() -> [{doc,"Test erlang server with openssl client and npn negotiation"}]. erlang_server_openssl_client_npn(Config) when is_list(Config) -> - - Data = "From openssl to erlang", - start_erlang_server_and_openssl_client_for_npn_negotiation(Config, Data, - fun(Server, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Server, Data) - end). - + ClientOpts = proplists:get_value(client_rsa_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), + Protocol = <<"spdy/2">>, + Server = ssl_test_lib:start_server(erlang, [{from, self()}], + [{server_opts, [{next_protocols_advertised, + [<<"spdy/2">>]} |ServerOpts]} | Config]), + Port = ssl_test_lib:inet_port(Server), + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, + {np, "spdy/2"}, + {options, ClientOpts}, + return_port], Config), + Server ! get_socket, + SSocket = + receive + {Server, {socket, Socket}} -> + Socket + end, + case ssl:negotiated_protocol(SSocket) of + {ok, Protocol} -> + ok; + Result -> + ct:fail({error, {{expected, Protocol}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Server, OpenSSLPort), + ssl:close(SSocket). + + %%-------------------------------------------------------------------------- erlang_server_openssl_client_npn_renegotiate() -> [{doc,"Test erlang server with openssl client and npn negotiation with renegotiation"}]. erlang_server_openssl_client_npn_renegotiate(Config) when is_list(Config) -> - Data = "From openssl to erlang", - start_erlang_server_and_openssl_client_for_npn_negotiation(Config, Data, - fun(Server, OpensslPort) -> - true = port_command(OpensslPort, - ?OPENSSL_RENEGOTIATE), - ct:sleep(?SLEEP), - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Server, Data) - end). -%%-------------------------------------------------------------------------- -erlang_client_openssl_server_npn_only_server(Config) when is_list(Config) -> - Data = "From openssl to erlang", - ssl_test_lib:start_erlang_client_and_openssl_server_with_opts(Config, [], - ["-nextprotoneg", "spdy/2"], Data, - fun(Server, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Server, Data) - end). - + ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), + NpnProtocol = <<"spdy/2">>, + Server = ssl_test_lib:start_server(erlang, [{from, self()}], + [{server_opts, [{next_protocols_advertised, + [NpnProtocol]} | ServerOpts]} | Config]), + Port = ssl_test_lib:inet_port(Server), + {_Client, OpenSSLPort} = + ssl_test_lib:start_client(openssl, [{port, Port}, {np, "spdy/2"}, + {options, ClientOpts}, return_port], Config), + + Server ! get_socket, + SSocket = + receive + {Server, {socket, Socket}} -> + Socket + end, + case ssl:negotiated_protocol(SSocket) of + {ok, NpnProtocol} -> + ok; + Result -> + ct:fail({error, {{expected, NpnProtocol}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Server, OpenSSLPort), + ssl:renegotiate(SSocket), + case ssl:negotiated_protocol(SSocket) of + {ok, NpnProtocol} -> + ok; + Other -> + ct:fail({error, {{expected, NpnProtocol}, {got, Other}}}) + end, + ssl_test_lib:sanity_check(Server, OpenSSLPort), + ssl:close(SSocket). %%-------------------------------------------------------------------------- - erlang_client_openssl_server_npn_only_client(Config) when is_list(Config) -> - Data = "From openssl to erlang", - ssl_test_lib:start_erlang_client_and_openssl_server_with_opts(Config, - [{client_preferred_next_protocols, - {client, [<<"spdy/2">>], <<"http/1.1">>}}], [], - Data, - fun(Server, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Server, Data) - end). + ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [{np,"spdy/2"}, return_port], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), + + {Client, CSocket} = ssl_test_lib:start_client(erlang, [{port, Port}, + return_socket], + [{client_opts, ClientOpts} | Config]), + + case ssl:negotiated_protocol(CSocket) of + {error, protocol_not_negotiated} -> + ok; + Result -> + ct:fail({error, {{expected, undefined}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Client, OpenSSLPort), + ssl:close(CSocket). %%-------------------------------------------------------------------------- +erlang_client_openssl_server_npn_only_server(Config) when is_list(Config) -> + ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [{np,"spdy/2"}, return_port], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), + + {Client, CSocket} = ssl_test_lib:start_client(erlang, [{port, Port}, + return_socket], + [{client_opts, ClientOpts} | Config]), + + case ssl:negotiated_protocol(CSocket) of + {error, protocol_not_negotiated} -> + ok; + Result -> + ct:fail({error, {{expected, undefined}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Client, OpenSSLPort), + ssl:close(CSocket). + +%%-------------------------------------------------------------------------- erlang_server_openssl_client_npn_only_server(Config) when is_list(Config) -> - Data = "From openssl to erlang", - ssl_test_lib:start_erlang_server_and_openssl_client_with_opts(Config, - [{next_protocols_advertised, [<<"spdy/2">>]}], [], - Data, - fun(Server, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Server, Data) - end). + ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), + Server = ssl_test_lib:start_server(erlang, [{from, self()}], + [{server_opts, [{client_preferred_next_protocols, + {client, [<<"spdy/2">>], <<"http/1.1">>} + } | ServerOpts]} | Config]), + Port = ssl_test_lib:inet_port(Server), + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, + {options, ClientOpts}, + return_port], Config), + + Server ! get_socket, + SSocket = + receive + {Server, {socket, Socket}} -> + Socket + end, + case ssl:negotiated_protocol(SSocket) of + {error, protocol_not_negotiated} -> + ok; + Result -> + ct:fail({error, {{expected, undefined}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Server, OpenSSLPort), + ssl:close(SSocket). +%%-------------------------------------------------------------------------- erlang_server_openssl_client_npn_only_client(Config) when is_list(Config) -> - Data = "From openssl to erlang", - ssl_test_lib:start_erlang_server_and_openssl_client_with_opts(Config, [], ["-nextprotoneg", "spdy/2"], - Data, - fun(Server, OpensslPort) -> - true = port_command(OpensslPort, Data), - ssl_test_lib:check_result(Server, Data) - end). + ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), + Server = ssl_test_lib:start_server(erlang, [{from, self()}], + [{server_opts, [ServerOpts]} | Config]), + Port = ssl_test_lib:inet_port(Server), + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, + {np, "spdy/2"}, + {options, ClientOpts}, + return_port], Config), + + Server ! get_socket, + SSocket = + receive + {Server, {socket, Socket}} -> + Socket + end, + case ssl:negotiated_protocol(SSocket) of + {error, protocol_not_negotiated} -> + ok; + Result -> + ct:fail({error, {{expected, undefined}, {got, Result}}}) + end, + ssl_test_lib:sanity_check(Server, OpenSSLPort), + ssl:close(SSocket). %%-------------------------------------------------------------------- %% Internal functions ----------------------------------------------- %%-------------------------------------------------------------------- -start_erlang_client_and_openssl_server_for_npn_negotiation(Config, Data, Callback) -> - process_flag(trap_exit, true), - ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), - ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), - ClientOpts = [{client_preferred_next_protocols, {client, [<<"spdy/2">>], <<"http/1.1">>}} | ClientOpts0], - - {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), - - Data = "From openssl to erlang", - - Port = ssl_test_lib:inet_port(node()), - CaCertFile = proplists:get_value(cacertfile, ServerOpts), - CertFile = proplists:get_value(certfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = ["s_server", "-msg", "-nextprotoneg", "http/1.1,spdy/2", "-accept", integer_to_list(Port), - ssl_test_lib:version_flag(Version), - "-CAfile", CaCertFile, - "-cert", CertFile, "-key", KeyFile], - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), - - Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, - {host, Hostname}, - {from, self()}, - {mfa, {ssl_test_lib, - erlang_ssl_receive_and_assert_negotiated_protocol, [<<"spdy/2">>, Data]}}, - {options, ClientOpts}]), - - Callback(Client, OpensslPort), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), - - ssl_test_lib:close(Client), - process_flag(trap_exit, false). - -start_erlang_server_and_openssl_client_for_npn_negotiation(Config, Data, Callback) -> - process_flag(trap_exit, true), - ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config), - ServerOpts = [{next_protocols_advertised, [<<"spdy/2">>]} | ServerOpts0], - - {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config), - - Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, - {from, self()}, - {mfa, {ssl_test_lib, erlang_ssl_receive_and_assert_negotiated_protocol, [<<"spdy/2">>, Data]}}, - {options, ServerOpts}]), - Port = ssl_test_lib:inet_port(Server), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = ["s_client", "-nextprotoneg", "http/1.0,spdy/2", "-msg", "-connect", - ssl_test_lib:hostname_format(Hostname) ++ ":" - ++ integer_to_list(Port), ssl_test_lib:version_flag(Version)], - - OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), - - Callback(Server, OpenSslPort), - - ssl_test_lib:close(Server), - - ssl_test_lib:close_port(OpenSslPort), - process_flag(trap_exit, false). - check_openssl_npn_support(Config) -> HelpText = os:cmd("openssl s_client --help"), case string:str(HelpText, "nextprotoneg") of diff --git a/lib/ssl/test/openssl_renegotiate_SUITE.erl b/lib/ssl/test/openssl_renegotiate_SUITE.erl index 66dfdc8115..b55f6c2d6c 100644 --- a/lib/ssl/test/openssl_renegotiate_SUITE.erl +++ b/lib/ssl/test/openssl_renegotiate_SUITE.erl @@ -127,7 +127,6 @@ end_per_testcase(_, Config) -> erlang_client_openssl_server_renegotiate() -> [{doc,"Test erlang client when openssl server issuses a renegotiate"}]. erlang_client_openssl_server_renegotiate(Config) when is_list(Config) -> - process_flag(trap_exit, true), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), @@ -136,21 +135,9 @@ erlang_client_openssl_server_renegotiate(Config) when is_list(Config) -> ErlData = "From erlang to openssl", OpenSslData = "From openssl to erlang", - Port = ssl_test_lib:inet_port(node()), - CertFile = proplists:get_value(certfile, ServerOpts), - CaCertFile = proplists:get_value(cacertfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = ["s_server", "-accept", integer_to_list(Port), - ssl_test_lib:version_flag(Version), - "-CAfile", CaCertFile, - "-cert", CertFile, "-key", KeyFile, "-msg"], - - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [return_port], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, {host, Hostname}, @@ -159,22 +146,17 @@ erlang_client_openssl_server_renegotiate(Config) when is_list(Config) -> delayed_send, [[ErlData, OpenSslData]]}}, {options, [{reuse_sessions, false} | ClientOpts]}]), - true = port_command(OpensslPort, ?OPENSSL_RENEGOTIATE), + true = port_command(OpenSSLPort, ?OPENSSL_RENEGOTIATE), ct:sleep(?SLEEP), - true = port_command(OpensslPort, OpenSslData), + true = port_command(OpenSSLPort, OpenSslData), ssl_test_lib:check_result(Client, OpenSslData), + ssl_test_lib:close(Client). - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), - ssl_test_lib:close(Client), - process_flag(trap_exit, false), - ok. %%-------------------------------------------------------------------- erlang_client_openssl_server_renegotiate_after_client_data() -> [{doc,"Test erlang client when openssl server issuses a renegotiate after reading client data"}]. erlang_client_openssl_server_renegotiate_after_client_data(Config) when is_list(Config) -> - process_flag(trap_exit, true), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), @@ -183,21 +165,9 @@ erlang_client_openssl_server_renegotiate_after_client_data(Config) when is_list( ErlData = "From erlang to openssl", OpenSslData = "From openssl to erlang", - Port = ssl_test_lib:inet_port(node()), - CaCertFile = proplists:get_value(cacertfile, ServerOpts), - CertFile = proplists:get_value(certfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = ["s_server", "-accept", integer_to_list(Port), - ssl_test_lib:version_flag(Version), - "-CAfile", CaCertFile, - "-cert", CertFile, "-key", KeyFile, "-msg"], - - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [return_port], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, {host, Hostname}, @@ -206,17 +176,12 @@ erlang_client_openssl_server_renegotiate_after_client_data(Config) when is_list( send_wait_send, [[ErlData, OpenSslData]]}}, {options, [{reuse_sessions, false} |ClientOpts]}]), - true = port_command(OpensslPort, ?OPENSSL_RENEGOTIATE), + true = port_command(OpenSSLPort, ?OPENSSL_RENEGOTIATE), ct:sleep(?SLEEP), - true = port_command(OpensslPort, OpenSslData), + true = port_command(OpenSSLPort, OpenSslData), ssl_test_lib:check_result(Client, OpenSslData), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), - ssl_test_lib:close(Client), - process_flag(trap_exit, false), - ok. + ssl_test_lib:close(Client). %%-------------------------------------------------------------------- erlang_client_openssl_server_nowrap_seqnum() -> @@ -225,7 +190,6 @@ erlang_client_openssl_server_nowrap_seqnum() -> "in the testcase we use the test option renegotiate_at" " to lower treashold substantially."}]. erlang_client_openssl_server_nowrap_seqnum(Config) when is_list(Config) -> - process_flag(trap_exit, true), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), @@ -234,21 +198,9 @@ erlang_client_openssl_server_nowrap_seqnum(Config) when is_list(Config) -> ErlData = "From erlang to openssl\n", N = 10, - Port = ssl_test_lib:inet_port(node()), - CaCertFile = proplists:get_value(cacertfile, ServerOpts), - CertFile = proplists:get_value(certfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - Version = ssl_test_lib:protocol_version(Config), - Exe = "openssl", - Args = ["s_server", "-accept", integer_to_list(Port), - ssl_test_lib:version_flag(Version), - "-CAfile", CaCertFile, - "-cert", CertFile, "-key", KeyFile, "-msg"], - - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), - + Server = ssl_test_lib:start_server(openssl, [], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, {host, Hostname}, {from, self()}, @@ -258,11 +210,8 @@ erlang_client_openssl_server_nowrap_seqnum(Config) when is_list(Config) -> {renegotiate_at, N} | ClientOpts]}]), ssl_test_lib:check_result(Client, ok), + ssl_test_lib:close(Client). - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), - ssl_test_lib:close(Client), - process_flag(trap_exit, false). %%-------------------------------------------------------------------- erlang_server_openssl_client_nowrap_seqnum() -> [{doc, "Test that erlang server will renegotiate session when", @@ -272,8 +221,9 @@ erlang_server_openssl_client_nowrap_seqnum() -> erlang_server_openssl_client_nowrap_seqnum(Config) when is_list(Config) -> process_flag(trap_exit, true), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), - {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + {_, ServerNode, _Hostname} = ssl_test_lib:run_where(Config), Data = "From openssl to erlang", @@ -285,23 +235,14 @@ erlang_server_openssl_client_nowrap_seqnum(Config) when is_list(Config) -> trigger_renegotiate, [[Data, N+2]]}}, {options, [{renegotiate_at, N}, {reuse_sessions, false} | ServerOpts]}]), Port = ssl_test_lib:inet_port(Server), - Version = ssl_test_lib:protocol_version(Config), - Exe = "openssl", - Args = ["s_client","-connect", ssl_test_lib:hostname_format(Hostname) ++ ":" ++ integer_to_list(Port), - ssl_test_lib:version_flag(Version), - "-msg"], - - OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), - true = port_command(OpenSslPort, Data), + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, + {options, ClientOpts}, + return_port], Config), + true = port_command(OpenSSLPort, Data), ssl_test_lib:check_result(Server, ok), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close(Server), - ssl_test_lib:close_port(OpenSslPort), - process_flag(trap_exit, false). - + ssl_test_lib:close(Server). %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ diff --git a/lib/ssl/test/openssl_session_SUITE.erl b/lib/ssl/test/openssl_session_SUITE.erl index ae66cdeb51..4d82debd3a 100644 --- a/lib/ssl/test/openssl_session_SUITE.erl +++ b/lib/ssl/test/openssl_session_SUITE.erl @@ -140,10 +140,10 @@ reuse_session_erlang_server() -> [{doc, "Test erlang server with openssl client that reconnects with the" "same session id, to test reusing of sessions."}]. reuse_session_erlang_server(Config) when is_list(Config) -> - process_flag(trap_exit, true), + ClientOpts = proplists:get_value(client_rsa_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), - {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + {_, ServerNode, _} = ssl_test_lib:run_where(Config), Data = "From openssl to erlang", @@ -153,53 +153,37 @@ reuse_session_erlang_server(Config) when is_list(Config) -> {reconnect_times, 5}, {options, ServerOpts}]), Port = ssl_test_lib:inet_port(Server), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname) - ++ ":" ++ integer_to_list(Port), - ssl_test_lib:version_flag(Version), - "-reconnect"], - - OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), + - true = port_command(OpenSslPort, Data), + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, + {reconnect, true}, + {options, ClientOpts}, + return_port], Config), + true = port_command(OpenSSLPort, Data), ssl_test_lib:check_result(Server, Data), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close(Server), - ssl_test_lib:close_port(OpenSslPort). + ssl_test_lib:close(Server). %%-------------------------------------------------------------------- reuse_session_erlang_client() -> [{doc, "Test erlang ssl client that wants to reuse sessions"}]. reuse_session_erlang_client(Config) when is_list(Config) -> - process_flag(trap_exit, true), ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), - ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), + ServerOpts = proplists:get_value(server_rsa_opts, Config), {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), - Version = ssl_test_lib:protocol_version(Config), - Port = ssl_test_lib:inet_port(node()), - CertFile = proplists:get_value(certfile, ServerOpts), - CACertFile = proplists:get_value(cacertfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - - Exe = "openssl", - Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-cert", CertFile,"-key", KeyFile, "-CAfile", CACertFile], - - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), + Server = ssl_test_lib:start_server(openssl, [], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), Client0 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, {host, Hostname}, {mfa, {ssl_test_lib, session_id, []}}, - {from, self()}, {options, [{reuse_sessions, save}, {verify, verify_peer}| ClientOpts]}]), + {from, self()}, + {options, [{reuse_sessions, save}, + {verify, verify_peer}| ClientOpts]}]), SID = receive {Client0, Id0} -> @@ -239,9 +223,6 @@ reuse_session_erlang_client(Config) when is_list(Config) -> ok end end, - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), ssl_test_lib:close(Client2). diff --git a/lib/ssl/test/openssl_session_ticket_SUITE.erl b/lib/ssl/test/openssl_session_ticket_SUITE.erl index 775048e355..9986a492b1 100644 --- a/lib/ssl/test/openssl_session_ticket_SUITE.erl +++ b/lib/ssl/test/openssl_session_ticket_SUITE.erl @@ -112,28 +112,18 @@ end_per_testcase(_TestCase, Config) -> openssl_server_basic() -> [{doc,"Test session resumption with session tickets (erlang client - openssl server)"}]. openssl_server_basic(Config) when is_list(Config) -> - process_flag(trap_exit, true), ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), - Version = 'tlsv1.3', - Port = ssl_test_lib:inet_port(node()), - CertFile = proplists:get_value(certfile, ServerOpts), - CACertFile = proplists:get_value(cacertfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - %% Configure session tickets ClientOpts = [{session_tickets, auto}, {log_level, debug}, {versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0], - Exe = "openssl", - Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-cert", CertFile,"-key", KeyFile, "-CAfile", CACertFile, "-msg", "-debug"], - - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), + Server = ssl_test_lib:start_server(openssl, [], + [{server_opts, ServerOpts} | Config]), + + Port = ssl_test_lib:inet_port(Server), %% Store ticket from first connection Client0 = ssl_test_lib:start_client([{node, ClientNode}, @@ -156,17 +146,16 @@ openssl_server_basic(Config) when is_list(Config) -> [true, no_reply]}}, {from, self()}, {options, ClientOpts}]), - process_flag(trap_exit, false), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), + ssl_test_lib:close(Server), ssl_test_lib:close(Client1). openssl_client_basic() -> [{doc,"Test session resumption with session tickets (openssl client - erlang server)"}]. openssl_client_basic(Config) when is_list(Config) -> ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), - {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + ClientOpts = proplists:get_value(client_rsa_opts, Config), + + {_, ServerNode, _Hostname} = ssl_test_lib:run_where(Config), TicketFile0 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket0"]), TicketFile1 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket1"]), ServerTicketMode = proplists:get_value(server_ticket_mode, Config), @@ -185,75 +174,52 @@ openssl_client_basic(Config) when is_list(Config) -> [false]}}, {options, ServerOpts}]), - Version = 'tlsv1.3', Port0 = ssl_test_lib:inet_port(Server0), - Exe = "openssl", - Args0 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname) - ++ ":" ++ integer_to_list(Port0), - ssl_test_lib:version_flag(Version), - "-sess_out", TicketFile0], + Client0 = ssl_test_lib:start_client(openssl, [{port, Port0}, + {options, ClientOpts}, + {session_args, ["-sess_out", TicketFile0]}], Config), - OpenSslPort0 = ssl_test_lib:portable_open_port(Exe, Args0), - - true = port_command(OpenSslPort0, Data), + ssl_test_lib:send(Client0, Data), ssl_test_lib:check_result(Server0, ok), Server0 ! {listen, {mfa, {ssl_test_lib, - verify_active_session_resumption, + verify_active_session_resumption, [true]}}}, - - %% Wait for session ticket + ssl_test_lib:close(Client0), + %% %% Wait for session ticket ct:sleep(100), - - Args1 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname) - ++ ":" ++ integer_to_list(Port0), - ssl_test_lib:version_flag(Version), - "-sess_in", TicketFile0, - "-sess_out", TicketFile1], - - OpenSslPort1 = ssl_test_lib:portable_open_port(Exe, Args1), - - true = port_command(OpenSslPort1, Data), - + + Client1 = ssl_test_lib:start_client(openssl, [{port, Port0}, + {options, ClientOpts}, + {session_args, ["-sess_in", TicketFile0, + "-sess_out", TicketFile1]}], Config), + + + ssl_test_lib:send(Client1, Data), ssl_test_lib:check_result(Server0, ok), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close(Server0), - ssl_test_lib:close_port(OpenSslPort0), - ssl_test_lib:close_port(OpenSslPort1). + ssl_test_lib:close(Server0), + ssl_test_lib:close(Client1). openssl_server_hrr() -> [{doc,"Test session resumption with session tickets and hello_retry_request (erlang client - openssl server)"}]. openssl_server_hrr(Config) when is_list(Config) -> - process_flag(trap_exit, true), ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), - Version = 'tlsv1.3', - Port = ssl_test_lib:inet_port(node()), - CertFile = proplists:get_value(certfile, ServerOpts), - CACertFile = proplists:get_value(cacertfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - %% Configure session tickets ClientOpts = [{session_tickets, auto}, {log_level, debug}, {versions, ['tlsv1.2','tlsv1.3']}, {supported_groups,[secp256r1, x25519]}|ClientOpts0], - Exe = "openssl", - Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-cert", CertFile, - "-key", KeyFile, - "-CAfile", CACertFile, - "-groups", "X448:X25519", - "-msg", "-debug"], - - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), + + Server = ssl_test_lib:start_server(openssl, [{groups, "X448:X25519"}], + [{server_opts, ServerOpts} | Config]), + + Port = ssl_test_lib:inet_port(Server), + %% Store ticket from first connection Client0 = ssl_test_lib:start_client([{node, ClientNode}, @@ -276,17 +242,15 @@ openssl_server_hrr(Config) when is_list(Config) -> [true, no_reply]}}, {from, self()}, {options, ClientOpts}]), - process_flag(trap_exit, false), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), + ssl_test_lib:close(Server), ssl_test_lib:close(Client1). openssl_client_hrr() -> [{doc,"Test session resumption with session tickets and hello_retry_request (openssl client - erlang server)"}]. openssl_client_hrr(Config) when is_list(Config) -> ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), - {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + ClientOpts = proplists:get_value(client_rsa_opts, Config), + {_, ServerNode, _Hostname} = ssl_test_lib:run_where(Config), TicketFile0 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket0"]), TicketFile1 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket1"]), ServerTicketMode = proplists:get_value(server_ticket_mode, Config), @@ -306,19 +270,15 @@ openssl_client_hrr(Config) when is_list(Config) -> [false]}}, {options, ServerOpts}]), - Version = 'tlsv1.3', Port0 = ssl_test_lib:inet_port(Server0), + - Exe = "openssl", - Args0 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname) - ++ ":" ++ integer_to_list(Port0), - ssl_test_lib:version_flag(Version), - "-groups", "P-256:X25519", - "-sess_out", TicketFile0], - - OpenSslPort0 = ssl_test_lib:portable_open_port(Exe, Args0), + Client0 = ssl_test_lib:start_client(openssl, [{port, Port0}, + {options, ClientOpts}, + {groups, "P-256:X25519"}, + {session_args, ["-sess_out", TicketFile0]}], Config), - true = port_command(OpenSslPort0, Data), + ssl_test_lib:send(Client0, Data), ssl_test_lib:check_result(Server0, ok), @@ -327,56 +287,40 @@ openssl_client_hrr(Config) when is_list(Config) -> [true]}}}, %% Wait for session ticket + ssl_test_lib:close(Client0), ct:sleep(100), - Args1 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname) - ++ ":" ++ integer_to_list(Port0), - ssl_test_lib:version_flag(Version), - "-groups", "P-256:X25519", - "-sess_in", TicketFile0, - "-sess_out", TicketFile1], - - OpenSslPort1 = ssl_test_lib:portable_open_port(Exe, Args1), - - true = port_command(OpenSslPort1, Data), + Client1 = ssl_test_lib:start_client(openssl, [{port, Port0}, + {options, ClientOpts}, + {groups, "P-256:X25519"}, + {session_args, ["-sess_in", TicketFile0, + "-sess_out", TicketFile1]}], Config), + ssl_test_lib:send(Client1, Data), ssl_test_lib:check_result(Server0, ok), - %% Clean close down! Server needs to be closed first !! ssl_test_lib:close(Server0), - ssl_test_lib:close_port(OpenSslPort0), - ssl_test_lib:close_port(OpenSslPort1). + ssl_test_lib:close(Client1). openssl_server_hrr_multiple_tickets() -> - [{doc,"Test session resumption with multiple session tickets and hello_retry_request (erlang client - openssl server)"}]. + [{doc,"Test session resumption with multiple session tickets and hello_retry_request " + "(erlang client - openssl server)"}]. openssl_server_hrr_multiple_tickets(Config) when is_list(Config) -> process_flag(trap_exit, true), ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), - Version = 'tlsv1.3', - Port = ssl_test_lib:inet_port(node()), - CertFile = proplists:get_value(certfile, ServerOpts), - CACertFile = proplists:get_value(cacertfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - %% Configure session tickets ClientOpts = [{session_tickets, manual}, {log_level, debug}, {versions, ['tlsv1.2','tlsv1.3']}, {supported_groups,[secp256r1, x25519]}|ClientOpts0], - Exe = "openssl", - Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-cert", CertFile, - "-key", KeyFile, - "-CAfile", CACertFile, - "-groups", "X448:X25519", - "-msg", "-debug"], - - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), + + Server = ssl_test_lib:start_server(openssl, [{groups, "X448:X25519"}], + [{server_opts, ServerOpts} | Config]), + + Port = ssl_test_lib:inet_port(Server), %% Store ticket from first connection Client0 = ssl_test_lib:start_client([{node, ClientNode}, @@ -404,6 +348,5 @@ openssl_server_hrr_multiple_tickets(Config) when is_list(Config) -> process_flag(trap_exit, false), - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), - ssl_test_lib:close(Client1). + ssl_test_lib:close(Client1), + ssl_test_lib:close(Server). diff --git a/lib/ssl/test/openssl_tls_1_3_version_SUITE.erl b/lib/ssl/test/openssl_tls_1_3_version_SUITE.erl index 443236f166..a8d9179a6d 100644 --- a/lib/ssl/test/openssl_tls_1_3_version_SUITE.erl +++ b/lib/ssl/test/openssl_tls_1_3_version_SUITE.erl @@ -74,19 +74,27 @@ end_per_suite(_Config) -> ssl:stop(), application:stop(crypto). -init_per_group(openssl_client, Config0) -> +init_per_group(GroupName, Config) -> + case ssl_test_lib:is_protocol_version(GroupName) of + true -> + ssl_test_lib:init_per_group_openssl(GroupName, Config); + false -> + do_init_per_group(GroupName, Config) + end. + +do_init_per_group(openssl_client, Config0) -> Config = proplists:delete(server_type, proplists:delete(client_type, Config0)), [{client_type, openssl}, {server_type, erlang} | Config]; -init_per_group(openssl_server, Config0) -> +do_init_per_group(openssl_server, Config0) -> Config = proplists:delete(server_type, proplists:delete(client_type, Config0)), [{client_type, erlang}, {server_type, openssl} | Config]; -init_per_group(rsa, Config0) -> +do_init_per_group(rsa, Config0) -> Config = ssl_test_lib:make_rsa_cert(Config0), COpts = proplists:get_value(client_rsa_opts, Config), SOpts = proplists:get_value(server_rsa_opts, Config), [{client_cert_opts, COpts}, {server_cert_opts, SOpts} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))]; -init_per_group(ecdsa, Config0) -> +do_init_per_group(ecdsa, Config0) -> PKAlg = crypto:supports(public_keys), case lists:member(ecdsa, PKAlg) andalso (lists:member(ecdh, PKAlg) orelse lists:member(dh, PKAlg)) of @@ -98,30 +106,10 @@ init_per_group(ecdsa, Config0) -> lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))]; false -> {skip, "Missing EC crypto support"} - end; -init_per_group(GroupName, Config) -> - ssl_test_lib:clean_tls_version(Config), - case ssl_test_lib:is_tls_version(GroupName) andalso - ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - _ -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl:start(), - Config; - false -> - {skip, "Missing crypto support"} - end end. end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). %%-------------------------------------------------------------------- %% Test Cases -------------------------------------------------------- diff --git a/lib/ssl/test/ssl_ECC_SUITE.erl b/lib/ssl/test/ssl_ECC_SUITE.erl index 215a1ab9f1..9b3a11e865 100644 --- a/lib/ssl/test/ssl_ECC_SUITE.erl +++ b/lib/ssl/test/ssl_ECC_SUITE.erl @@ -94,23 +94,18 @@ end_per_suite(_Config) -> %%-------------------------------------------------------------------- init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of + case ssl_test_lib:is_protocol_version(GroupName) of true -> - [{tls_version, GroupName}, - {server_type, erlang}, - {client_type, erlang} | ssl_test_lib:init_tls_version(GroupName, Config)]; - _ -> + ssl_test_lib:init_per_group(GroupName, + [{client_type, erlang}, + {server_type, erlang}, + {version, GroupName} | Config]); + false -> Config end. -end_per_group(GroupName, Config0) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - Config = ssl_test_lib:clean_tls_version(Config0), - proplists:delete(tls_version, Config); - false -> - Config0 - end. +end_per_group(GroupName, Config) -> + ssl_test_lib:end_per_group(GroupName, Config). %%-------------------------------------------------------------------- diff --git a/lib/ssl/test/ssl_ECC_openssl_SUITE.erl b/lib/ssl/test/ssl_ECC_openssl_SUITE.erl index e541134a0d..ea4285b86f 100644 --- a/lib/ssl/test/ssl_ECC_openssl_SUITE.erl +++ b/lib/ssl/test/ssl_ECC_openssl_SUITE.erl @@ -72,13 +72,12 @@ end_per_suite(_Config) -> %%-------------------------------------------------------------------- init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of + case ssl_test_lib:is_protocol_version(GroupName) of true -> case ssl_test_lib:check_sane_openssl_version(GroupName) of true -> - [{tls_version, GroupName}, - {server_type, erlang}, - {client_type, openssl} | ssl_test_lib:init_tls_version(GroupName, Config)]; + ssl_test_lib:init_per_group_openssl([{server_type, erlang}, + {client_type, openssl}], [{tls_version, GroupName} | Config]); false -> {skip, openssl_does_not_support_version} end; @@ -86,14 +85,8 @@ init_per_group(GroupName, Config) -> Config end. -end_per_group(GroupName, Config0) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - Config = ssl_test_lib:clean_tls_version(Config0), - proplists:delete(tls_version, Config); - false -> - Config0 - end. +end_per_group(GroupName, Config) -> + ssl_test_lib:end_per_group(GroupName, Config). %%-------------------------------------------------------------------- init_per_testcase(skip, Config) -> diff --git a/lib/ssl/test/ssl_alpn_SUITE.erl b/lib/ssl/test/ssl_alpn_SUITE.erl index 424776293a..1ca2619f68 100644 --- a/lib/ssl/test/ssl_alpn_SUITE.erl +++ b/lib/ssl/test/ssl_alpn_SUITE.erl @@ -90,26 +90,10 @@ end_per_suite(_Config) -> init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - false -> - {skip, "Missing crypto support"} - end; - _ -> - ssl:start(), - Config - end. + ssl_test_lib:init_per_group(GroupName, Config). end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). init_per_testcase(_TestCase, Config) -> diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl index 9856c5db0f..66084d5c4c 100644 --- a/lib/ssl/test/ssl_api_SUITE.erl +++ b/lib/ssl/test/ssl_api_SUITE.erl @@ -165,13 +165,16 @@ end_per_suite(_Config) -> application:unload(ssl), application:stop(crypto). -init_per_group(GroupName, Config0) -> - case ssl_test_lib:init_per_group(GroupName, Config0) of - {skip, _} = Skip -> - Skip; - Config -> - [{client_type, erlang}, - {server_type, erlang}|Config] +init_per_group(GroupName, Config) -> + case ssl_test_lib:is_protocol_version(GroupName) of + true -> + ssl_test_lib:init_per_group(GroupName, + [{client_type, erlang}, + {server_type, erlang}, + {version, GroupName} + | Config]); + false -> + Config end. end_per_group(GroupName, Config) -> diff --git a/lib/ssl/test/ssl_app_env_SUITE.erl b/lib/ssl/test/ssl_app_env_SUITE.erl index d337dabb69..34a2192449 100644 --- a/lib/ssl/test/ssl_app_env_SUITE.erl +++ b/lib/ssl/test/ssl_app_env_SUITE.erl @@ -74,13 +74,15 @@ end_per_suite(_Config) -> application:unload(ssl), application:stop(crypto). -init_per_group(GroupName, Config0) -> - case ssl_test_lib:init_per_group(GroupName, Config0) of - {skip, _} = Skip -> - Skip; - Config -> - [{client_type, erlang}, - {server_type, erlang}| Config] +init_per_group(GroupName, Config) -> + case ssl_test_lib:is_protocol_version(GroupName) of + true -> + ssl_test_lib:init_per_group(GroupName, + [{client_type, erlang}, + {server_type, erlang}, + {version, GroupName} | Config]); + false -> + Config end. end_per_group(GroupName, Config) -> @@ -146,7 +148,16 @@ empty_protocol_versions() -> [{doc,"Test to set an empty list of protocol versions in app environment."}]. empty_protocol_versions(Config) when is_list(Config) -> + Version = proplists:get_value(version, Config), + VersionsR = ssl:versions(), + Supported = proplists:get_value(supported, VersionsR) ++ + proplists:get_value(supported_dtls, VersionsR), ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), - ssl_test_lib:basic_test(ClientOpts, ServerOpts, Config). - + case lists:member(Version, Supported) of + true -> + ssl_test_lib:basic_test([{versions, [Version]} | ClientOpts], ServerOpts, Config); + false -> + ssl_test_lib:basic_alert([{versions, [Version]} | ClientOpts], + ServerOpts, Config, protocol_version) + end. diff --git a/lib/ssl/test/ssl_cert_SUITE.erl b/lib/ssl/test/ssl_cert_SUITE.erl index 2fe470e281..1a1a36eb8d 100644 --- a/lib/ssl/test/ssl_cert_SUITE.erl +++ b/lib/ssl/test/ssl_cert_SUITE.erl @@ -149,8 +149,20 @@ end_per_suite(_Config) -> application:unload(ssl), application:stop(crypto). -init_per_group(Group, Config0) when Group == rsa; - Group == rsa_1_3 -> + +init_per_group(GroupName, Config) -> + case ssl_test_lib:is_protocol_version(GroupName) of + true -> + ssl_test_lib:init_per_group(GroupName, + [{client_type, erlang}, + {server_type, erlang}, + {version, GroupName} | Config]); + false -> + do_init_per_group(GroupName, Config) + end. + +do_init_per_group(Group, Config0) when Group == rsa; + Group == rsa_1_3 -> Config1 = ssl_test_lib:make_rsa_cert(Config0), Config = ssl_test_lib:make_rsa_1024_cert(Config1), COpts = proplists:get_value(client_rsa_opts, Config), @@ -162,7 +174,7 @@ init_per_group(Group, Config0) when Group == rsa; lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; -init_per_group(Alg, Config) when Alg == rsa_pss_rsae; +do_init_per_group(Alg, Config) when Alg == rsa_pss_rsae; Alg == rsa_pss_pss; Alg == rsa_pss_rsae_1_3; Alg == rsa_pss_pss_1_3 -> @@ -185,7 +197,7 @@ init_per_group(Alg, Config) when Alg == rsa_pss_rsae; false -> {skip, "Missing EC crypto support"} end; -init_per_group(Group, Config0) when Group == ecdsa; +do_init_per_group(Group, Config0) when Group == ecdsa; Group == ecdsa_1_3 -> PKAlg = crypto:supports(public_keys), @@ -205,7 +217,7 @@ init_per_group(Group, Config0) when Group == ecdsa; {skip, "Missing EC crypto support"} end; -init_per_group(Group, Config0) when Group == dsa -> +do_init_per_group(Group, Config0) when Group == dsa -> PKAlg = crypto:supports(public_keys), case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) of true -> @@ -220,30 +232,12 @@ init_per_group(Group, Config0) when Group == dsa -> lists:delete(client_cert_opts, Config))])]; false -> {skip, "Missing DSS crypto support"} - end; -init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - [{client_type, erlang}, - {server_type, erlang}, {version, GroupName} - | ssl_test_lib:init_tls_version(GroupName, Config)]; - false -> - {skip, "Missing crypto support"} - end; - _ -> - ssl:start(), - Config - end. + end; +do_init_per_group(Group, Config) -> + Config. end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). init_per_testcase(_TestCase, Config) -> ssl_test_lib:ct_log_supported_protocol_versions(Config), diff --git a/lib/ssl/test/ssl_cert_tests.erl b/lib/ssl/test/ssl_cert_tests.erl index 657ccd2079..ee50d1cf84 100644 --- a/lib/ssl/test/ssl_cert_tests.erl +++ b/lib/ssl/test/ssl_cert_tests.erl @@ -401,6 +401,17 @@ test_ciphers(_, 'tlsv1.3' = Version) -> ct:log("Cipher ~p~n", [C]), lists:member(ssl_cipher_format:suite_map_to_openssl_str(C), OpenSSLCiphers) end, Ciphers); +test_ciphers(_, Version) when Version == 'dtlsv1'; + Version == 'dtlsv1.2' -> + {_, Minor} = dtls_record:proplists(Version), + Ciphers = dtls_v1:suites(Minor), + ct:log("Version ~p Testing ~p~n", [Version, Ciphers]), + OpenSSLCiphers = openssl_ciphers(), + ct:log("OpenSSLCiphers ~p~n", [OpenSSLCiphers]), + lists:filter(fun(C) -> + ct:log("Cipher ~p~n", [C]), + lists:member(ssl_cipher_format:suite_map_to_openssl_str(C), OpenSSLCiphers) + end, Ciphers); test_ciphers(Kex, Version) -> Ciphers = ssl:filter_cipher_suites(ssl:cipher_suites(default, Version), [{key_exchange, Kex}]), diff --git a/lib/ssl/test/ssl_cipher_suite_SUITE.erl b/lib/ssl/test/ssl_cipher_suite_SUITE.erl index 71628e9b40..7f866c2bd9 100644 --- a/lib/ssl/test/ssl_cipher_suite_SUITE.erl +++ b/lib/ssl/test/ssl_cipher_suite_SUITE.erl @@ -182,15 +182,24 @@ init_per_suite(Config) -> end_per_suite(_Config) -> ssl:stop(), application:stop(crypto). +init_per_group(GroupName, Config) -> + case ssl_test_lib:is_protocol_version(GroupName) of + true -> + ssl_test_lib:init_per_group(GroupName, [{client_type, erlang}, + {server_type, erlang}, + {version, GroupName} | Config]); + false -> + do_init_per_group(GroupName, Config) + end. -init_per_group(GroupName, Config) when GroupName == ecdhe_1_3_rsa_cert -> +do_init_per_group(GroupName, Config) when GroupName == ecdhe_1_3_rsa_cert -> case proplists:get_bool(ecdh, proplists:get_value(public_keys, crypto:supports())) of true -> init_certs(GroupName, Config); false -> {skip, "Missing EC crypto support"} end; -init_per_group(GroupName, Config) when GroupName == ecdh_anon; +do_init_per_group(GroupName, Config) when GroupName == ecdh_anon; GroupName == ecdhe_rsa; GroupName == ecdhe_psk -> case proplists:get_bool(ecdh, proplists:get_value(public_keys, crypto:supports())) of @@ -199,7 +208,7 @@ init_per_group(GroupName, Config) when GroupName == ecdh_anon; false -> {skip, "Missing EC crypto support"} end; -init_per_group(ecdhe_ecdsa = GroupName, Config) -> +do_init_per_group(ecdhe_ecdsa = GroupName, Config) -> PKAlg = proplists:get_value(public_keys, crypto:supports()), case lists:member(ecdh, PKAlg) andalso lists:member(ecdsa, PKAlg) of true -> @@ -207,7 +216,7 @@ init_per_group(ecdhe_ecdsa = GroupName, Config) -> false -> {skip, "Missing EC crypto support"} end; -init_per_group(dhe_dss = GroupName, Config) -> +do_init_per_group(dhe_dss = GroupName, Config) -> PKAlg = proplists:get_value(public_keys, crypto:supports()), case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) of true -> @@ -215,7 +224,7 @@ init_per_group(dhe_dss = GroupName, Config) -> false -> {skip, "Missing DSS crypto support"} end; -init_per_group(srp_dss = GroupName, Config) -> +do_init_per_group(srp_dss = GroupName, Config) -> PKAlg = proplists:get_value(public_keys, crypto:supports()), case lists:member(dss, PKAlg) andalso lists:member(srp, PKAlg) of true -> @@ -223,8 +232,8 @@ init_per_group(srp_dss = GroupName, Config) -> false -> {skip, "Missing DSS_SRP crypto support"} end; -init_per_group(GroupName, Config) when GroupName == srp_anon; - GroupName == srp_rsa -> +do_init_per_group(GroupName, Config) when GroupName == srp_anon; + GroupName == srp_rsa -> PKAlg = proplists:get_value(public_keys, crypto:supports()), case lists:member(srp, PKAlg) of true -> @@ -232,7 +241,7 @@ init_per_group(GroupName, Config) when GroupName == srp_anon; false -> {skip, "Missing SRP crypto support"} end; -init_per_group(dhe_psk = GroupName, Config) -> +do_init_per_group(dhe_psk = GroupName, Config) -> PKAlg = proplists:get_value(public_keys, crypto:supports()), case lists:member(dh, PKAlg) of true -> @@ -240,13 +249,8 @@ init_per_group(dhe_psk = GroupName, Config) -> false -> {skip, "Missing SRP crypto support"} end; -init_per_group(GroupName, Config0) -> - case ssl_test_lib:init_per_group(GroupName, Config0) of - {skip, _} = Skip -> - Skip; - Config -> - init_certs(GroupName, Config) - end. +do_init_per_group(GroupName, Config) -> + init_certs(GroupName, Config). end_per_group(GroupName, Config) -> ssl_test_lib:end_per_group(GroupName, Config). diff --git a/lib/ssl/test/ssl_mfl_SUITE.erl b/lib/ssl/test/ssl_mfl_SUITE.erl index bcc2b24651..e7e4e9ecba 100644 --- a/lib/ssl/test/ssl_mfl_SUITE.erl +++ b/lib/ssl/test/ssl_mfl_SUITE.erl @@ -85,10 +85,6 @@ end_per_testcase(_TestCase, Config) -> %%-------------------------------------------------------------------- %% Test Cases -------------------------------------------------------- %%-------------------------------------------------------------------- - -nyi(Config) when is_list(Config) -> - {skip, "NYI"}. - %-------------------------------------------------------------------------------- %% check max_fragment_length option on the client is accepted %% and both sides can successfully send > MFL @@ -132,10 +128,10 @@ reuse_session(Config) when is_list(Config) -> %%-------------------------------------------------------------------- reuse_session_erlang_server(Config) when is_list(Config) -> - process_flag(trap_exit, true), ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), + ClientOpts = proplists:get_value(client_rsa_opts, Config), - {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + {_, ServerNode, _} = ssl_test_lib:run_where(Config), MFL = 512, Data = "reuse_session_erlang_server " ++ lists:duplicate(MFL, $r), @@ -144,57 +140,33 @@ reuse_session_erlang_server(Config) when is_list(Config) -> {from, self()}, {mfa, {ssl_test_lib, active_recv, [length(Data)]}}, {reconnect_times, 5}, - {options, ServerOpts}]), + {options, ServerOpts}]), Port = ssl_test_lib:inet_port(Server), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname) - ++ ":" ++ integer_to_list(Port), - "-tlsextdebug", "-4", "-maxfraglen", integer_to_list(MFL), - ssl_test_lib:version_flag(Version), - "-reconnect"], - - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - run_mfl_openssl(Server, OpensslPort, MFL, Data), - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close(Server), - ssl_test_lib:close_port(OpensslPort). + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, + {reconnect, true}, + {maxfrag, MFL}, + {options, ClientOpts}, + return_port], Config), + max_frag_len_test(Server, OpenSSLPort, MFL, Data), + ssl_test_lib:close(Server). %%-------------------------------------------------------------------- reuse_session_erlang_client(Config) when is_list(Config) -> process_flag(trap_exit, true), ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_opts, Config), - ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), + ServerOpts = proplists:get_value(server_rsa_opts, Config), {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), MFL = 512, Data = "reuse_session_erlang_client " ++ lists:duplicate(MFL, $r), - ClientOpts = [{max_fragment_length, 512} | ClientOpts0], - - Version = ssl_test_lib:protocol_version(Config), - Port = ssl_test_lib:inet_port(node()), - CertFile = proplists:get_value(certfile, ServerOpts), - CACertFile = proplists:get_value(cacertfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - - Exe = "openssl", - Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-tlsextdebug", "-cert", CertFile,"-key", KeyFile, "-CAfile", CACertFile], + ClientOpts = [{max_fragment_length, MFL} | ClientOpts0], - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - OpensslProtocol = case proplists:get_value(protocol, Config) of - undefined -> - tls; - ConfigProtocol -> - ConfigProtocol - end, + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [{maxfrag, MFL}, return_port], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), - ssl_test_lib:wait_for_openssl_server(Port, OpensslProtocol), Client0 = ssl_test_lib:start_client([{node, ClientNode}, @@ -209,11 +181,9 @@ reuse_session_erlang_client(Config) when is_list(Config) -> end, %% quit s_server's current session so we can interact with the next client - true = port_command(OpensslPort, "q\n"), + true = port_command(OpenSSLPort, "q\n"), ssl_test_lib:close(Client0), - flush(), - Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, {host, Hostname}, @@ -229,10 +199,7 @@ reuse_session_erlang_client(Config) when is_list(Config) -> ErlRecvFun = fun() -> Data = ssl_test_lib:check_active_receive(Client1, Data) end, - run_mfl_openssl(Client1, OpensslPort, MFL, Data, ErlRecvFun), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), + max_frag_len_test(Client1, OpenSSLPort, MFL, Data, ErlRecvFun), ssl_test_lib:close(Client1). %%-------------------------------------------------------------------- @@ -357,40 +324,57 @@ ssl_receive(Socket, Data, Buffer) -> end. %% ------------------------------------------------------------ -mfl_openssl_server(MFL, Config) -> +mfl_openssl_client(MFL, Config) -> + ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), + ClientOpts = proplists:get_value(client_rsa_opts, Config), + {_, ServerNode, _} = ssl_test_lib:run_where(Config), + Data = "mfl_openssl_server " ++ lists:duplicate(MFL, $s), - Fun = fun(C,S) -> run_mfl_openssl(C, S, MFL, Data) end, - ssl_test_lib:start_erlang_client_and_openssl_server_with_opts(Config, - [{max_fragment_length, MFL}], - ["-tlsextdebug", "-tlsextdebug"], - Data, Fun). + Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, + {from, self()}, + {mfa, {ssl_test_lib, active_recv, [length(Data)]}}, + {options, ServerOpts}]), + Port = ssl_test_lib:inet_port(Server), + + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, + {maxfrag, MFL}, + {options, ClientOpts}, + return_port], Config), + + max_frag_len_test(Server, OpenSSLPort, MFL, Data). %% ------------------------------------------------------------ -mfl_openssl_client(MFL, Config) -> - Data = "mfl_openssl_client " ++ lists:duplicate(MFL, $c), - Fun = fun(S,C) -> run_mfl_openssl(S, C, MFL, Data) end, - ClientArgs = ["-tlsextdebug", "-4", "-maxfraglen", integer_to_list(MFL)], - ssl_test_lib:start_erlang_server_and_openssl_client_with_opts(Config, - [], - ClientArgs, - Data, Fun). +mfl_openssl_server(MFL, Config) -> + ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), + ServerOpts = proplists:get_value(server_rsa_opts, Config), + {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), + Data = "mfl_openssl_server " ++ lists:duplicate(MFL, $s), + + {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [{maxfrag, MFL}, + return_port], + [{server_opts, ServerOpts} | Config]), + Port = ssl_test_lib:inet_port(Server), + + Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {ssl_test_lib, + active_recv, [length(Data)]}}, + {options, [{max_fragment_length, MFL} | ClientOpts]}]), + + max_frag_len_test(Client, OpenSSLPort, MFL, Data). %% ------------------------------------------------------------ -run_mfl_openssl(ErlProc, OpenSSL, MFL, Data) -> +max_frag_len_test(ErlProc, OpenSSL, MFL, Data) -> ErlRecvFun = fun() -> receive {ErlProc, Data} -> ok - after 1000 -> - flush(true), - error(timeout) end end, - run_mfl_openssl(ErlProc, OpenSSL, MFL, Data, ErlRecvFun). - -run_mfl_openssl(ErlProc, OpenSSL, MFL, Data, ErlRecvFun) -> - MFL = get_openssl_max_fragment_length(OpenSSL), + max_frag_len_test(ErlProc, OpenSSL, MFL, Data, ErlRecvFun). +max_frag_len_test(ErlProc, OpenSSL, MFL, Data, ErlRecvFun) -> true = port_command(OpenSSL, Data), ErlRecvFun(), @@ -399,111 +383,8 @@ run_mfl_openssl(ErlProc, OpenSSL, MFL, Data, ErlRecvFun) -> {ErlProc, {socket, ErlSocket0}} -> ErlSocket0 end, - assert_mfl(ErlSocket, MFL), - - RData = lists:reverse(Data), - flush(), - ssl:send(ErlSocket, RData), - RData = ssl_test_lib:active_recv(OpenSSL, length(RData)), - ok. - -%% ------------------------------------------------------------ -flush() -> - flush(false). -flush(Noisy) -> - receive Rx -> - if Noisy -> - io:format("~p:~p: ~999p~n", [self(), ?FUNCTION_NAME, Rx]); - true -> - ignore - end, - flush(Noisy) - after 100 -> - ok - end. - -%% ------------------------------------------------------------ -get_openssl_max_fragment_length(Port) -> - get_openssl_max_fragment_length(Port, []). - -get_openssl_max_fragment_length(Port, Acc) -> - receive - {Port, {data, Data}} -> - get_openssl_max_fragment_length_line(Port, Acc++Data) - after 1000 -> - error(timeout) - end. + assert_mfl(ErlSocket, MFL). -get_openssl_max_fragment_length_line(Port, Acc) -> - case get_line(Acc) of - more -> - get_openssl_max_fragment_length(Port, Acc); - {"TLS "++TlsInfo, Acc2} -> - get_openssl_max_fragment_length_tlsinfo(TlsInfo, Port, Acc2); - {_Discard, Acc2} -> - get_openssl_max_fragment_length_line(Port, Acc2) - end. - -get_openssl_max_fragment_length_tlsinfo("client extension "++ExtInfo, Port, Acc) -> - get_openssl_max_fragment_length_ext(ExtInfo, Port, Acc); -get_openssl_max_fragment_length_tlsinfo("server extension "++ExtInfo, Port, Acc) -> - get_openssl_max_fragment_length_ext(ExtInfo, Port, Acc); -get_openssl_max_fragment_length_tlsinfo(_Acc, Port, Acc) -> - get_openssl_max_fragment_length_line(Port, Acc). - -get_openssl_max_fragment_length_ext("\"max fragment length\" (id=1), len=1"=Ext, Port, Acc) -> - case get_line(Acc) of - more -> - receive - {Port, {data, Data}} -> - Acc1 = Acc++Data, - get_openssl_max_fragment_length_ext(Ext, Port, Acc1) - after 1000 -> - error(timeout) - end; - {"0000 - 01 "++_, _} -> - 512; - {"0000 - 02 "++_, _} -> - 1024; - {"0000 - 03 "++_, _} -> - 2048; - {"0000 - 04 "++_, _} -> - 4096 - end; -get_openssl_max_fragment_length_ext(_Acc, Port, Acc2) -> - get_openssl_max_fragment_length_line(Port, Acc2). - - -get_line(Data) -> - get_line(Data, []). - -get_line([$\r|T], A) -> - get_line(T, A); -get_line([$\n|T], A) -> - {lists:reverse(A), T}; -get_line([], _) -> - more; -get_line([H|T], A) -> - get_line(T, [H|A]). - - -get_openssl_data(Port, Exp) -> - get_openssl_data(Port, Exp, []). - -get_openssl_data(_Port, Exp, Exp) -> - ok; -get_openssl_data(Port, Exp, Acc) -> - case lists:prefix(Acc, Exp) of - true -> - receive - {Port, {data, Data}} -> - get_openssl_data(Port, Exp, Acc++Data) - after 1000 -> - error(timeout) - end; - false -> - ct:fail({get_openssl_data, {{expected, Exp}, {got, Acc}}}) - end. %% RFC 6066 mfl_enum(512) -> 1; diff --git a/lib/ssl/test/ssl_npn_SUITE.erl b/lib/ssl/test/ssl_npn_SUITE.erl index b3c93c19fb..35f749f567 100644 --- a/lib/ssl/test/ssl_npn_SUITE.erl +++ b/lib/ssl/test/ssl_npn_SUITE.erl @@ -74,28 +74,11 @@ end_per_suite(_Config) -> ssl:stop(), application:stop(crypto). - init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - false -> - {skip, "Missing crypto support"} - end; - _ -> - ssl:start(), - Config - end. + ssl_test_lib:init_per_group(GroupName, Config). end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). init_per_testcase(_TestCase, Config) -> ssl_test_lib:ct_log_supported_protocol_versions(Config), diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl index 2c6f169fd0..631be9658c 100644 --- a/lib/ssl/test/ssl_packet_SUITE.erl +++ b/lib/ssl/test/ssl_packet_SUITE.erl @@ -173,28 +173,10 @@ end_per_suite(_Config) -> application:stop(crypto). init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - false -> - {skip, "Missing crypto support"} - end; - _ -> - ssl:stop(), - ssl:start(), - Config - end. - + ssl_test_lib:init_per_group(GroupName, Config). end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). init_per_testcase(_TestCase, Config) -> ct:timetrap({seconds, ?BASE_TIMEOUT_SECONDS}), diff --git a/lib/ssl/test/ssl_payload_SUITE.erl b/lib/ssl/test/ssl_payload_SUITE.erl index 6b3df7ec3e..c2ff798428 100644 --- a/lib/ssl/test/ssl_payload_SUITE.erl +++ b/lib/ssl/test/ssl_payload_SUITE.erl @@ -92,26 +92,11 @@ end_per_suite(_Config) -> application:stop(crypto). init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - false -> - {skip, "Missing crypto support"} - end; - _ -> - ssl:start(), - Config - end. + ssl_test_lib:init_per_group(GroupName, Config). end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). + init_per_testcase(TestCase, Config) when TestCase == server_echos_passive_huge; diff --git a/lib/ssl/test/ssl_renegotiate_SUITE.erl b/lib/ssl/test/ssl_renegotiate_SUITE.erl index db36067db3..e36a47902a 100644 --- a/lib/ssl/test/ssl_renegotiate_SUITE.erl +++ b/lib/ssl/test/ssl_renegotiate_SUITE.erl @@ -91,27 +91,10 @@ end_per_suite(_Config) -> application:stop(crypto). init_per_group(GroupName, Config) -> - ssl_test_lib:clean_tls_version(Config), - case ssl_test_lib:is_tls_version(GroupName) andalso ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - _ -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl:start(), - Config; - false -> - {skip, "Missing crypto support"} - end - end. + ssl_test_lib:init_per_group(GroupName, Config). end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). init_per_testcase(TestCase, Config) when TestCase == renegotiate_dos_mitigate_active; TestCase == renegotiate_dos_mitigate_passive; diff --git a/lib/ssl/test/ssl_session_SUITE.erl b/lib/ssl/test/ssl_session_SUITE.erl index 60e71501fa..b4da42f783 100644 --- a/lib/ssl/test/ssl_session_SUITE.erl +++ b/lib/ssl/test/ssl_session_SUITE.erl @@ -70,7 +70,7 @@ init_per_suite(Config0) -> ok -> ssl_test_lib:clean_start(), Config = ssl_test_lib:make_rsa_cert(Config0), - ssl_test_lib:make_dsa_cert(Config) + ssl_test_lib:make_rsa_1024_cert(Config) catch _:_ -> {skip, "Crypto did not start"} end. @@ -80,27 +80,10 @@ end_per_suite(_Config) -> application:stop(crypto). init_per_group(GroupName, Config) -> - ssl_test_lib:clean_tls_version(Config), - case ssl_test_lib:is_tls_version(GroupName) andalso ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - _ -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl:start(), - Config; - false -> - {skip, "Missing crypto support"} - end - end. + ssl_test_lib:init_per_group(GroupName, Config). end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). init_per_testcase(reuse_session_expired, Config) -> Versions = ssl_test_lib:protocol_version(Config), @@ -268,8 +251,8 @@ no_reuses_session_server_restart_new_cert(Config) when is_list(Config) -> ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), - DsaServerOpts = ssl_test_lib:ssl_options(server_dsa_verify_opts, Config), - DsaClientOpts = ssl_test_lib:ssl_options(client_dsa_opts, Config), + RSA1024ServerOpts = ssl_test_lib:ssl_options(server_rsa_1024_opts, Config), + RSA1024ClientOpts = ssl_test_lib:ssl_options(client_rsa_1024_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Server = @@ -303,13 +286,13 @@ no_reuses_session_server_restart_new_cert(Config) when is_list(Config) -> ssl_test_lib:start_server([{node, ServerNode}, {port, Port}, {from, self()}, {mfa, {ssl_test_lib, no_result, []}}, - {options, [{reuseaddr, true} | DsaServerOpts]}]), + {options, [{reuseaddr, true} | RSA1024ServerOpts]}]), Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, {host, Hostname}, {mfa, {ssl_test_lib, session_info_result, []}}, - {from, self()}, {options, DsaClientOpts}]), + {from, self()}, {options, RSA1024ClientOpts}]), receive {Client1, SessionInfo} -> ct:fail(session_reused_when_server_has_new_cert); @@ -327,7 +310,7 @@ no_reuses_session_server_restart_new_cert_file() -> no_reuses_session_server_restart_new_cert_file(Config) when is_list(Config) -> ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), - DsaServerOpts = ssl_test_lib:ssl_options(server_dsa_verify_opts, Config), + RSA1024ServerOpts = ssl_test_lib:ssl_options(server_rsa_1024_verify_opts, Config), PrivDir = proplists:get_value(priv_dir, Config), NewServerOpts0 = ssl_test_lib:new_config(PrivDir, ServerOpts), @@ -358,7 +341,7 @@ no_reuses_session_server_restart_new_cert_file(Config) when is_list(Config) -> ssl:clear_pem_cache(), - NewServerOpts1 = ssl_test_lib:new_config(PrivDir, DsaServerOpts), + NewServerOpts1 = ssl_test_lib:new_config(PrivDir, RSA1024ServerOpts), Server1 = ssl_test_lib:start_server([{node, ServerNode}, {port, Port}, diff --git a/lib/ssl/test/ssl_session_cache_SUITE.erl b/lib/ssl/test/ssl_session_cache_SUITE.erl index f6b527aaf9..5c0cef06ce 100644 --- a/lib/ssl/test/ssl_session_cache_SUITE.erl +++ b/lib/ssl/test/ssl_session_cache_SUITE.erl @@ -85,27 +85,10 @@ end_per_suite(_Config) -> application:stop(crypto). init_per_group(GroupName, Config) -> - ssl_test_lib:clean_tls_version(Config), - case ssl_test_lib:is_tls_version(GroupName) andalso ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - _ -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl:start(), - Config; - false -> - {skip, "Missing crypto support"} - end - end. + ssl_test_lib:init_per_group(GroupName, Config). end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). init_per_testcase(session_cache_process_list, Config) -> init_customized_session_cache(list, Config); diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index d93338be15..7805b794be 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -51,10 +51,10 @@ start_server(Type, _Args, _Config) -> %% Test send_recv_result_active(Peer1, Peer2, Data) -> - ok = ssl_test_lib:send(Peer1, Data), - Data = ssl_test_lib:check_active_receive(Peer2, Data), - ok = ssl_test_lib:send(Peer2, Data), - Data = ssl_test_lib:check_active_receive(Peer1, Data). + ok = send(Peer1, Data), + Data = check_active_receive(Peer2, Data), + ok = send(Peer2, Data), + Data = check_active_receive(Peer1, Data). %% Certs init_ecdsa_certs(Config) -> @@ -69,19 +69,21 @@ init_ecdsa_certs(Config) -> %% Options get_server_opts(Config) -> - SOpts = proplists:get_value(server_ecdsa_opts, Config), + DSOpts = proplists:get_value(server_ecdsa_opts, Config), + SOpts = proplists:get_value(server_opts, Config, DSOpts), ssl_test_lib:ssl_options(SOpts, Config). get_client_opts(Config) -> - COpts = proplists:get_value(client_ecdsa_opts, Config), + DCOpts = proplists:get_value(client_ecdsa_opts, Config), + COpts = proplists:get_value(client_opts, Config, DCOpts), ssl_test_lib:ssl_options(COpts, Config). %% Default callback functions init_per_group(GroupName, Config) -> - clean_tls_version(Config), - case is_tls_version(GroupName) andalso sufficient_crypto_support(GroupName) of + case is_protocol_version(GroupName) andalso sufficient_crypto_support(GroupName) of true -> - init_tls_version(GroupName, Config); + clean_protocol_version(Config), + init_protocol_version(GroupName, Config); _ -> case sufficient_crypto_support(GroupName) of true -> @@ -95,11 +97,10 @@ init_per_group(GroupName, Config) -> init_per_group_openssl(GroupName, Config) -> case is_tls_version(GroupName) andalso sufficient_crypto_support(GroupName) of true -> - case check_sane_openssl_version(GroupName) - andalso maybe_legacy_tls_version_support(GroupName, Config) + case openssl_tls_version_support(GroupName, Config) of true -> - [{version, GroupName}|init_tls_version(GroupName, Config)]; + [{version, GroupName}|init_protocol_version(GroupName, Config)]; false -> {skip, "Missing openssl support"} end; @@ -116,7 +117,7 @@ init_per_group_openssl(GroupName, Config) -> end_per_group(GroupName, Config) -> case is_tls_version(GroupName) of true -> - clean_tls_version(Config); + clean_protocol_version(Config); false -> Config end. @@ -384,54 +385,6 @@ start_server_transport_control(Args) -> Result end. -start_erlang_client_and_openssl_server_with_opts(Config, ErlangClientOpts, OpensslServerOpts, Data, Callback) -> - process_flag(trap_exit, true), - ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), - ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), - ClientOpts = ErlangClientOpts ++ ClientOpts0, - - {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), - - Port = ssl_test_lib:inet_port(node()), - CaCertFile = proplists:get_value(cacertfile, ServerOpts), - CertFile = proplists:get_value(certfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = case OpensslServerOpts of - [] -> - ["s_server", "-accept", - integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-CAfile", CaCertFile, - "-cert", CertFile,"-key", KeyFile]; - [Opt, Value] -> - ["s_server", Opt, Value, "-accept", - integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-CAfile", CaCertFile, - "-cert", CertFile,"-key", KeyFile] - end, - - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), - - Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, - {host, Hostname}, - {from, self()}, - {mfa, {?MODULE, - active_recv, [length(Data)]}}, - {options, ClientOpts}]), - - Callback(Client, OpensslPort), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), - - ssl_test_lib:close(Client), - process_flag(trap_exit, false). - - transport_accept_abuse(Opts) -> Port = proplists:get_value(port, Opts), Options = proplists:get_value(options, Opts), @@ -446,35 +399,6 @@ transport_accept_abuse(Opts) -> _ = ssl:handshake(AcceptSocket, infinity), Pid ! {self(), ok}. -start_erlang_server_and_openssl_client_with_opts(Config, ErlangServerOpts, OpenSSLClientOpts, Data, Callback) -> - process_flag(trap_exit, true), - ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config), - ServerOpts = ErlangServerOpts ++ ServerOpts0, - - {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config), - - - Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, - {from, self()}, - {mfa, {?MODULE, active_recv, [length(Data)]}}, - {options, ServerOpts}]), - Port = ssl_test_lib:inet_port(Server), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = ["s_client"] ++ OpenSSLClientOpts ++ ["-msg", "-connect", - hostname_format(Hostname) ++ ":" ++ integer_to_list(Port), - ssl_test_lib:version_flag(Version)], - - OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), - - Callback(Server, OpenSslPort), - - ssl_test_lib:close(Server), - - ssl_test_lib:close_port(OpenSslPort), - process_flag(trap_exit, false). - transport_switch_control(Opts) -> Port = proplists:get_value(port, Opts), Options = proplists:get_value(options, Opts), @@ -504,11 +428,11 @@ start_openssl_server(Args0, Config) -> Node = proplists:get_value(node, Args0, ServerNode), Port = proplists:get_value(port, Args0, 0), Args = [{from, self()}, {port, Port}] ++ ServerOpts ++ Args0, - Result = spawn_link(Node, ?MODULE, init_openssl_server, [lists:delete(return_socket, Args)]), + Result = spawn_link(Node, ?MODULE, init_openssl_server, [lists:delete(return_port, Args)]), receive - {started, Socket} -> - case lists:member(return_socket, Args) of - true -> {Result, Socket}; + {started, OpenSSLPort} -> + case lists:member(return_port, Args) of + true -> {Result, OpenSSLPort}; false -> Result end; {start_failed, Reason} -> @@ -516,29 +440,32 @@ start_openssl_server(Args0, Config) -> end. init_openssl_server(Options) -> - {ok, Version} = application:get_env(ssl,protocol_version), - %% Port = proplists:get_value(port, Options), + DefaultVersions = default_tls_version(Options), + [Version | _] = proplists:get_value(versions, Options, DefaultVersions), Port = inet_port(node()), Pid = proplists:get_value(from, Options), - + Exe = "openssl", Ciphers = proplists:get_value(ciphers, Options, ssl:cipher_suites(default,Version)), Groups0 = proplists:get_value(groups, Options), - CertArgs = openssl_cert_options(Options, server), - Exe = "openssl", + CertArgs = openssl_cert_options(Options, server), + AlpnArgs = openssl_alpn_options(proplists:get_value(alpn, Options, undefined)), + NpnArgs = openssl_npn_options(proplists:get_value(np, Options, undefined)), + Debug = openssl_debug_options(), - Args = case Groups0 of + Args0 = case Groups0 of undefined -> ["s_server", "-accept", integer_to_list(Port), cipher_flag(Version), - ciphers(Ciphers, Version), - ssl_test_lib:version_flag(Version)] ++ CertArgs ++ ["-msg", "-debug"]; + ciphers(Ciphers, Version), + ssl_test_lib:version_flag(Version)] ++ AlpnArgs ++ NpnArgs ++ CertArgs ++ Debug; Group -> ["s_server", "-accept", integer_to_list(Port), cipher_flag(Version), ciphers(Ciphers, Version), "-groups", Group, - ssl_test_lib:version_flag(Version)] ++ CertArgs ++ ["-msg", "-debug"] + ssl_test_lib:version_flag(Version)] ++ AlpnArgs ++ NpnArgs ++ CertArgs ++ Debug end, + Args = maybe_force_ipv4(Args0), SslPort = ssl_test_lib:portable_open_port(Exe, Args), - Pid ! {started, Port}, + Pid ! {started, SslPort}, Pid ! {self(), {port, Port}}, case openssl_server_started(SslPort) of true -> @@ -598,17 +525,19 @@ openssl_server_loop(Pid, SslPort, Args) -> start_openssl_client(Args0, Config) -> {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), - ClientOpts = ssl_test_lib:get_client_opts(Config), + ClientOpts = ssl_test_lib:get_client_opts(Config), + DefaultVersions = default_tls_version(ClientOpts), + [Version | _] = proplists:get_value(versions, ClientOpts, DefaultVersions), Node = proplists:get_value(node, Args0, ClientNode), Args = [{from, self()}, {host, Hostname}, {options, ClientOpts} | Args0], - Result = spawn_link(Node, ?MODULE, init_openssl_client, [lists:delete(return_socket, Args)]), + Result = spawn_link(Node, ?MODULE, init_openssl_client, [[{version, Version} | lists:delete(return_port, Args)]]), receive - {connected, Socket} -> - case lists:member(return_socket, Args) of - true -> {Result, Socket}; + {connected, OpenSSLPort} -> + case lists:member(return_port, Args) of + true -> {Result, OpenSSLPort}; false -> Result end; {connect_failed, Reason} -> @@ -616,43 +545,12 @@ start_openssl_client(Args0, Config) -> end. init_openssl_client(Options) -> - {ok, Version} = application:get_env(ssl,protocol_version), + Version = proplists:get_value(version, Options), Port = proplists:get_value(port, Options), Pid = proplists:get_value(from, Options), + SslPort = start_client(openssl, Port, Options, [{version, Version}]), + openssl_client_loop(Pid, SslPort, []). - Exe = "openssl", - Ciphers = proplists:get_value(ciphers, Options, ssl:cipher_suites(default,Version)), - Groups0 = proplists:get_value(groups, Options), - CertArgs = openssl_cert_options(Options, client), - Exe = "openssl", - Args0 = case Groups0 of - undefined -> - ["s_client", "-verify", "2", "-port", integer_to_list(Port), cipher_flag(Version), - ciphers(Ciphers, Version), - ssl_test_lib:version_flag(Version)] ++ CertArgs ++ ["-msg", "-debug"]; - Group -> - ["s_client", "-verify", "2", "-port", integer_to_list(Port), cipher_flag(Version), - ciphers(Ciphers, Version), "-groups", Group, - ssl_test_lib:version_flag(Version)] ++ CertArgs ++ ["-msg", "-debug"] - end, - Args = maybe_force_ipv4(Args0), - SslPort = ssl_test_lib:portable_open_port(Exe, Args), - case openssl_client_started(SslPort) of - true -> - openssl_client_loop(Pid, SslPort, Args); - false -> - {error, openssl_client} - end. - -openssl_client_started(Port) -> - receive - {Port, {data, Data}} -> - ct:log("~p:~p~n Openssl~n ~s~n",[?MODULE,?LINE, Data]), - verify_openssl_client_started(Port, Data) - after - 5000 -> - false - end. verify_openssl_server_started(Port, Data) -> case re:run(Data, ".*CIPHER is.*") of @@ -662,14 +560,6 @@ verify_openssl_server_started(Port, Data) -> true end. -verify_openssl_client_started(Port, Data) -> - case re:run(Data, ".*New, TLSv\\d[.]\\d, Cipher is.*") of - nomatch -> - openssl_client_started(Port); - {match, _} -> - true - end. - openssl_client_loop(Pid, SslPort, Args) -> Pid ! {connected, SslPort}, openssl_client_loop_core(Pid, SslPort, Args). @@ -715,12 +605,12 @@ openssl_client_loop_core(Pid, SslPort, Args) -> start_client(Args0, Config) -> {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config), - ServerOpts = ssl_test_lib:get_server_opts(Config), + COpts = ssl_test_lib:get_client_opts(Config), Node = proplists:get_value(node, Args0, ServerNode), Args = [{from, self()}, {host, Hostname}, {node, Node}, - {options, ServerOpts} | Args0], + {options, COpts} | Args0], start_client(Args). %% start_client(Args) -> @@ -1459,10 +1349,10 @@ make_rsa_cert(Config) -> [{server_config, ServerConf}, {client_config, ClientConf}] = x509_test:gen_pem_config_files(GenCertData, ClientFileBase, ServerFileBase), - [{server_rsa_opts, [{ssl_imp, new},{reuseaddr, true} | ServerConf]}, + [{server_rsa_opts, [{reuseaddr, true} | ServerConf]}, - {server_rsa_verify_opts, [{ssl_imp, new}, {reuseaddr, true}, - {verify, verify_peer} | ServerConf]}, + {server_rsa_verify_opts, [{reuseaddr, true}, + {verify, verify_peer} | ServerConf]}, {client_rsa_opts, ClientConf}, {client_rsa_verify_opts, [{verify, verify_peer} |ClientConf]} | Config]; @@ -1745,10 +1635,10 @@ run_basic_alert(erlang, erlang, ClientOpts, ServerOpts, Config, Alert) -> Port = inet_port(Server), Client = start_client_error([{node, ClientNode}, {port, Port}, - {host, Hostname}, - {from, self()}, - {mfa, {ssl_test_lib, no_result, []}}, - {options, ClientOpts}]), + {host, Hostname}, + {from, self()}, + {mfa, {ssl_test_lib, no_result, []}}, + {options, ClientOpts}]), check_server_alert(Server, Client, Alert); run_basic_alert(openssl = SType, erlang, ClientOpts, ServerOpts, Config, Alert) -> @@ -1792,26 +1682,33 @@ start_client(openssl, Port, ClientOpts, Config) -> Ciphers = proplists:get_value(ciphers, ClientOpts, ssl:cipher_suites(default,Version)), Groups0 = proplists:get_value(groups, ClientOpts), CertArgs = openssl_cert_options(ClientOpts, client), + AlpnArgs = openssl_alpn_options(proplists:get_value(alpn, ClientOpts, undefined)), + NpnArgs = openssl_npn_options(proplists:get_value(np, ClientOpts, undefined)), + Reconnect = openssl_reconect_option(proplists:get_value(reconnect, ClientOpts, false)), + MaxFragLen = openssl_maxfag_option(proplists:get_value(maxfrag, ClientOpts, false)), + SessionArgs = proplists:get_value(session_args, ClientOpts, []), + HostName = proplists:get_value(hostname, ClientOpts, net_adm:localhost()), + Debug = openssl_debug_options(), Exe = "openssl", Args0 = case Groups0 of undefined -> - ["s_client", - "-verify", "2", - "-port", integer_to_list(Port), cipher_flag(Version), - ciphers(Ciphers, Version), - ssl_test_lib:version_flag(Version)] - ++ CertArgs - ++ ["-msg", "-debug"]; - Group -> - ["s_client", - "-verify", "2", - "-port", integer_to_list(Port), cipher_flag(Version), - ciphers(Ciphers, Version), "-groups", Group, - ssl_test_lib:version_flag(Version)] - ++CertArgs - ++ ["-msg", "-debug"] - end, + ["s_client", + "-verify", "2", + "-connect", hostname_format(HostName) ++ ":" ++ integer_to_list(Port), cipher_flag(Version), + ciphers(Ciphers, Version), + ssl_test_lib:version_flag(Version)] + ++ CertArgs ++ AlpnArgs ++ NpnArgs ++ Reconnect ++ MaxFragLen ++ SessionArgs + ++ Debug; + Group -> + ["s_client", + "-verify", "2", + "-connect", hostname_format(HostName) ++ ":" ++ integer_to_list(Port), cipher_flag(Version), + ciphers(Ciphers, Version), "-groups", Group, + ssl_test_lib:version_flag(Version)] + ++ CertArgs ++ AlpnArgs ++ NpnArgs ++ Reconnect ++ MaxFragLen ++ SessionArgs + ++ Debug + end, Args = maybe_force_ipv4(Args0), OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), true = port_command(OpenSslPort, "Hello world"), @@ -1867,15 +1764,18 @@ start_server(openssl, ClientOpts, ServerOpts, Config) -> Ciphers = proplists:get_value(ciphers, ClientOpts, ssl:cipher_suites(default,Version)), Groups0 = proplists:get_value(groups, ServerOpts), SigAlgs = proplists:get_value(openssl_sigalgs, Config, undefined), + SessionArgs = proplists:get_value(session_args, Config, []), + Debug = openssl_debug_options(), + Args = case Groups0 of undefined -> ["s_server", "-accept", integer_to_list(Port), cipher_flag(Version), ciphers(Ciphers, Version), - ssl_test_lib:version_flag(Version)] ++ sig_algs(SigAlgs) ++ CertArgs ++ ["-msg", "-debug"]; + ssl_test_lib:version_flag(Version)] ++ sig_algs(SigAlgs) ++ CertArgs ++ SessionArgs ++ Debug; Group -> ["s_server", "-accept", integer_to_list(Port), cipher_flag(Version), ciphers(Ciphers, Version), "-groups", Group, - ssl_test_lib:version_flag(Version)] ++ sig_algs(SigAlgs) ++ CertArgs ++ ["-msg", "-debug"] + ssl_test_lib:version_flag(Version)] ++ sig_algs(SigAlgs) ++ CertArgs ++ SessionArgs ++ Debug end, OpenSslPort = portable_open_port(Exe, Args), true = port_command(OpenSslPort, "Hello world"), @@ -1918,6 +1818,29 @@ ciphers_concat('tlsv1.3' = Version, [Head| Tail], Acc) -> ciphers_concat(Version, [Head| Tail], Acc) -> ciphers_concat(Version, Tail, [":", Head | Acc]). +openssl_alpn_options(undefined) -> + []; +openssl_alpn_options(Alpn) -> + ["-alpn", Alpn]. + +openssl_npn_options(undefined) -> + []; +openssl_npn_options(Npn) -> + ["-nextprotoneg", Npn]. + +openssl_reconect_option(false) -> + []; +openssl_reconect_option(true) -> + ["-reconnect"]. +openssl_maxfag_option(false) -> + []; +openssl_maxfag_option(Int) -> + ["-maxfraglen", integer_to_list(Int)]. + +openssl_debug_options() -> + ["-msg", "-debug"]. + + start_server_with_raw_key(erlang, ServerOpts, Config) -> {_, ServerNode, _} = ssl_test_lib:run_where(Config), Server = start_server([{node, ServerNode}, {port, 0}, @@ -2297,18 +2220,6 @@ public_key(#'PrivateKeyInfo'{privateKeyAlgorithm = public_key:der_decode('DSAPrivateKey', iolist_to_binary(Key)); public_key(Key) -> Key. -receive_rizzo_duong_beast() -> - receive - {ssl, _, "ello\n"} -> - receive - {ssl, _, " "} -> - receive - {ssl, _, "world\n"} -> - ok - end - end - end. - state([{data,[{"State", {_StateName, StateData}}]} | _]) -> %% gen_statem StateData; @@ -2319,11 +2230,10 @@ state([{data,[{"StateData", State}]} | _]) -> %% gen_fsm state([_ | Rest]) -> state(Rest). -%% TODO: DTLS considered tls version in this use maybe rename -is_tls_version('dtlsv1.2') -> - true; -is_tls_version('dtlsv1') -> - true; +is_protocol_version(Ver) -> + is_tls_version(Ver) orelse + is_dtls_version(Ver). + is_tls_version('tlsv1.3') -> true; is_tls_version('tlsv1.2') -> @@ -2342,10 +2252,8 @@ is_dtls_version('dtlsv1') -> is_dtls_version(_) -> false. -maybe_legacy_tls_version_support(Version, Config0) when - Version == 'tlsv1'; - Version == 'tlsv1.1' -> - %% Check if legacy version is supported +openssl_tls_version_support(Version, Config0) -> + %% Check if version is supported Config = ssl_test_lib:make_rsa_cert(Config0), ServerOpts = proplists:get_value(server_rsa_opts, Config), Port = ssl_test_lib:inet_port(node()), @@ -2353,46 +2261,53 @@ maybe_legacy_tls_version_support(Version, Config0) when CertFile = proplists:get_value(certfile, ServerOpts), KeyFile = proplists:get_value(keyfile, ServerOpts), Exe = "openssl", - Args = ["s_server", "-accept", + Args0 = ["s_server", "-accept", integer_to_list(Port), "-CAfile", CaCertFile, "-cert", CertFile,"-key", KeyFile], - + Args = maybe_force_ipv4(Args0), OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - ssl_test_lib:wait_for_openssl_server(Port, tls), - - case ssl:connect("localhost", Port, [{versions, [Version]}]) of - {ok, Socket} -> - ssl:close(Socket), - close_port(OpensslPort), - true; - {error, {tls_alert, {protocol_version, _}}} -> + + try wait_for_openssl_server(Port, tls) of + ok -> + case ssl:connect("localhost", Port, [{versions, [Version]}]) of + {ok, Socket} -> + ssl:close(Socket), + close_port(OpensslPort), + true; + {error, {tls_alert, {protocol_version, _}}} -> + ct:pal("Openssl does not support ~p", [Version]), + close_port(OpensslPort), + false; + {error, {tls_alert, Alert}} -> + ct:pal("Openssl returned alert ~p", [Alert]), + close_port(OpensslPort), + false + end + catch + _:_ -> + ct:pal("Openssl does not support ~p", [Version]), close_port(OpensslPort), false - end; -maybe_legacy_tls_version_support('dtlsv1', Config) -> - maybe_legacy_tls_version_support('tlsv1.1', Config); -maybe_legacy_tls_version_support(_, _) -> - %% Not a legacy version - true. + end. -init_tls_version(Version, Config) +init_protocol_version(Version, Config) when Version == 'dtlsv1.2'; Version == 'dtlsv1' -> ssl:stop(), application:load(ssl), - application:set_env(ssl, dtls_protocol_version, Version), + application:set_env(ssl, dtls_protocol_version, [Version]), ssl:start(), NewConfig = proplists:delete(protocol_opts, proplists:delete(protocol, Config)), [{protocol, dtls}, {protocol_opts, [{protocol, dtls}]} | NewConfig]; -init_tls_version(Version, Config) -> +init_protocol_version(Version, Config) -> ssl:stop(), application:load(ssl), - application:set_env(ssl, protocol_version, Version), + application:set_env(ssl, protocol_version, [Version]), ssl:start(), NewConfig = proplists:delete(protocol_opts, proplists:delete(protocol, Config)), [{protocol, tls} | NewConfig]. -clean_tls_version(Config) -> +clean_protocol_version(Config) -> proplists:delete(protocol_opts, proplists:delete(protocol, Config)). sufficient_crypto_support(Version) @@ -2911,7 +2826,8 @@ do_wait_for_openssl_tls_server(_, 0) -> do_wait_for_openssl_tls_server(Port, N) -> case gen_tcp:connect("localhost", Port, []) of {ok, S} -> - gen_tcp:close(S); + gen_tcp:close(S), + ok; _ -> ct:sleep(?SLEEP), do_wait_for_openssl_tls_server(Port, N-1) @@ -3104,8 +3020,12 @@ ssl_options(Options, Config) -> Options ++ ProtocolOpts. protocol_version(Config) -> - protocol_version(Config, atom). - + case proplists:get_value(version, Config, undefined) of + undefined -> + protocol_version(Config, atom); + Version -> + Version + end. protocol_version(Config, tuple) -> case proplists:get_value(protocol, Config) of dtls -> @@ -3619,3 +3539,17 @@ test_ciphers(Kex, Cipher, Version) -> (_) -> false end}]). +sanity_check(ErlangPeer, OpenSSLPort) -> + Data = "OpenSSL to Erlang", + port_command(OpenSSLPort, Data, [nosuspend]), + Data = check_active_receive(ErlangPeer, Data). + +default_tls_version(Config) -> + case proplists:get_value(protocol, Config, tls) of + tls -> + {ok, Versions} = application:get_env(ssl, protocol_version), + Versions; + dtls -> + {ok, Versions} = application:get_env(ssl, dtls_protocol_version), + Versions + end. diff --git a/lib/ssl/test/tls_1_3_version_SUITE.erl b/lib/ssl/test/tls_1_3_version_SUITE.erl index e0ac53e0f9..3a9c2f7e24 100644 --- a/lib/ssl/test/tls_1_3_version_SUITE.erl +++ b/lib/ssl/test/tls_1_3_version_SUITE.erl @@ -73,13 +73,23 @@ end_per_suite(_Config) -> ssl:stop(), application:stop(crypto). -init_per_group(rsa, Config0) -> +init_per_group(GroupName, Config) -> + case ssl_test_lib:is_protocol_version(GroupName) of + true -> + ssl_test_lib:init_per_group(GroupName, + [{client_type, erlang}, + {server_type, erlang} | Config]); + false -> + do_init_per_group(GroupName, Config) + end. + +do_init_per_group(rsa, Config0) -> Config = ssl_test_lib:make_rsa_cert(Config0), COpts = proplists:get_value(client_rsa_opts, Config), SOpts = proplists:get_value(server_rsa_opts, Config), [{client_cert_opts, COpts}, {server_cert_opts, SOpts} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))]; -init_per_group(ecdsa, Config0) -> +do_init_per_group(ecdsa, Config0) -> PKAlg = crypto:supports(public_keys), case lists:member(ecdsa, PKAlg) andalso (lists:member(ecdh, PKAlg) orelse lists:member(dh, PKAlg)) of @@ -91,31 +101,10 @@ init_per_group(ecdsa, Config0) -> lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))]; false -> {skip, "Missing EC crypto support"} - end; -init_per_group(GroupName, Config) -> - ssl_test_lib:clean_tls_version(Config), - case ssl_test_lib:is_tls_version(GroupName) andalso - ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - _ -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl:start(), - Config; - false -> - {skip, "Missing crypto support"} - end end. end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. - + ssl_test_lib:end_per_group(GroupName, Config). %%-------------------------------------------------------------------- %% Test Cases -------------------------------------------------------- %%-------------------------------------------------------------------- diff --git a/lib/ssl/test/tls_api_SUITE.erl b/lib/ssl/test/tls_api_SUITE.erl index 6804b09687..d8a753e628 100644 --- a/lib/ssl/test/tls_api_SUITE.erl +++ b/lib/ssl/test/tls_api_SUITE.erl @@ -91,33 +91,11 @@ end_per_suite(_Config) -> application:unload(ssl), application:stop(crypto). - init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - case ssl_test_lib:sufficient_crypto_support(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - false -> - {skip, "Missing crypto support"} - end; - _ -> - ssl:start(), - Config - end. + ssl_test_lib:init_per_group(GroupName, Config). end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. - -init_per_testcase(_TestCase, Config) -> - ssl_test_lib:ct_log_supported_protocol_versions(Config), - ct:timetrap(?TIMEOUT), - Config. + ssl_test_lib:end_per_group(GroupName, Config). end_per_testcase(_TestCase, Config) -> Config. |