diff options
Diffstat (limited to 'lib/ssl/test/openssl_reject_SUITE.erl')
-rw-r--r-- | lib/ssl/test/openssl_reject_SUITE.erl | 102 |
1 files changed, 68 insertions, 34 deletions
diff --git a/lib/ssl/test/openssl_reject_SUITE.erl b/lib/ssl/test/openssl_reject_SUITE.erl index deefd11823..e231a5ab99 100644 --- a/lib/ssl/test/openssl_reject_SUITE.erl +++ b/lib/ssl/test/openssl_reject_SUITE.erl @@ -21,10 +21,31 @@ -module(openssl_reject_SUITE). -%% Note: This directive should only be used in test suites. --compile(export_all). - -include_lib("common_test/include/ct.hrl"). +%% Common test +-export([all/0, + groups/0, + init_per_suite/1, + init_per_group/2, + init_per_testcase/2, + end_per_suite/1, + end_per_group/2, + end_per_testcase/2 + ]). + +%% Test cases +-export([erlang_client_bad_openssl_server/0, + erlang_client_bad_openssl_server/1, + ssl2_erlang_server_openssl_client/0, + ssl2_erlang_server_openssl_client/1, + ssl3_erlang_server_openssl_client/0, + ssl3_erlang_server_openssl_client/1 + ]). + +%% Apply export +-export([server_sent_garbage/1 + ]). + -define(SLEEP, 1000). -define(OPENSSL_GARBAGE, "P\n"). @@ -36,20 +57,20 @@ all() -> [{group, 'tlsv1.2'}, {group, 'tlsv1.1'}, - {group, 'tlsv1'}, - {group, 'sslv3'}]. + {group, 'tlsv1'} + ]. groups() -> [{'tlsv1.2', [], all_versions_tests()}, {'tlsv1.1', [], all_versions_tests()}, - {'tlsv1', [], all_versions_tests()}, - {'sslv3', [], all_versions_tests()} + {'tlsv1', [], all_versions_tests()} ]. - + all_versions_tests() -> - [ + [ erlang_client_bad_openssl_server, - ssl2_erlang_server_openssl_client + ssl2_erlang_server_openssl_client, + ssl3_erlang_server_openssl_client ]. init_per_suite(Config0) -> @@ -74,30 +95,10 @@ end_per_suite(_Config) -> ssl_test_lib:kill_openssl(). init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - case ssl_test_lib:supports_ssl_tls_version(GroupName) of - true -> - case ssl_test_lib:check_sane_openssl_version(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - false -> - {skip, openssl_does_not_support_version} - end; - false -> - {skip, openssl_does_not_support_version} - end; - _ -> - Config - end. + ssl_test_lib:init_per_group_openssl(GroupName, Config). end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). init_per_testcase(TestCase, Config) -> ct:timetrap({seconds, 10}), @@ -110,6 +111,14 @@ special_init(ssl2_erlang_server_openssl_client, Config) -> false -> {skip, "sslv2 not supported by openssl"} end; +special_init(ssl3_erlang_server_openssl_client, Config) -> + case ssl_test_lib:supports_ssl_tls_version(sslv3) of + true -> + Config; + false -> + {skip, "sslv3 not supported by openssl"} + end; + special_init(_, Config) -> Config. @@ -193,12 +202,37 @@ ssl2_erlang_server_openssl_client(Config) when is_list(Config) -> ct:log("Ports ~p~n", [[erlang:port_info(P) || P <- erlang:ports()]]), ssl_test_lib:consume_port_exit(OpenSslPort), - ssl_test_lib:check_server_alert(Server, unexpected_message), + ssl_test_lib:check_server_alert(Server, bad_record_mac), process_flag(trap_exit, false). +%%-------------------------------------------------------------------- +ssl3_erlang_server_openssl_client() -> + [{doc,"Test that ssl v3 clients are rejected"}]. + +ssl3_erlang_server_openssl_client(Config) when is_list(Config) -> + process_flag(trap_exit, true), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), + + {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + + Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, + {from, self()}, + {options, ServerOpts}]), + Port = ssl_test_lib:inet_port(Server), + + Exe = "openssl", + Args = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname) ++ ":" ++ integer_to_list(Port), + "-ssl3", "-msg"], + + OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), + + ct:log("Ports ~p~n", [[erlang:port_info(P) || P <- erlang:ports()]]), + ssl_test_lib:consume_port_exit(OpenSslPort), + ssl_test_lib:check_server_alert(Server, bad_record_mac), + process_flag(trap_exit, false). %%-------------------------------------------------------------------- -%% Internal functions ------------------------------------------------ +%% Callback functions ------------------------------------------------ %%-------------------------------------------------------------------- server_sent_garbage(Socket) -> |