diff options
Diffstat (limited to 'lib/ssl/test/openssl_session_SUITE.erl')
-rw-r--r-- | lib/ssl/test/openssl_session_SUITE.erl | 168 |
1 files changed, 83 insertions, 85 deletions
diff --git a/lib/ssl/test/openssl_session_SUITE.erl b/lib/ssl/test/openssl_session_SUITE.erl index ceeb496ba4..08369733dc 100644 --- a/lib/ssl/test/openssl_session_SUITE.erl +++ b/lib/ssl/test/openssl_session_SUITE.erl @@ -21,13 +21,27 @@ -module(openssl_session_SUITE). -%% Note: This directive should only be used in test suites. --compile(export_all). - -include_lib("common_test/include/ct.hrl"). +%% Callback functions +-export([all/0, + groups/0, + init_per_suite/1, + end_per_suite/1, + init_per_group/2, + end_per_group/2, + init_per_testcase/2, + end_per_testcase/2]). + +%% Testcases +-export([reuse_session_erlang_server/0, + reuse_session_erlang_server/1, + reuse_session_erlang_client/0, + reuse_session_erlang_client/1 + ]). -define(SLEEP, 1000). -define(EXPIRE, 10). +-define(TIMEOUT, {seconds, 120}). %%-------------------------------------------------------------------- %% Common Test interface functions ----------------------------------- @@ -39,14 +53,13 @@ all() -> [{group, 'tlsv1.2'}, {group, 'tlsv1.1'}, {group, 'tlsv1'}, - {group, 'sslv3'}, {group, 'dtlsv1.2'}, {group, 'dtlsv1'}]; false -> [{group, 'tlsv1.2'}, {group, 'tlsv1.1'}, - {group, 'tlsv1'}, - {group, 'sslv3'}] + {group, 'tlsv1'} + ] end. groups() -> @@ -55,15 +68,13 @@ groups() -> [{'tlsv1.2', [], tests()}, {'tlsv1.1', [], tests()}, {'tlsv1', [], tests()}, - {'sslv3', [], tests()}, {'dtlsv1.2', [], tests()}, {'dtlsv1', [], tests()} ]; false -> [{'tlsv1.2', [], tests()}, {'tlsv1.1', [], tests()}, - {'tlsv1', [], tests()}, - {'sslv3', [], tests()} + {'tlsv1', [], tests()} ] end. @@ -84,7 +95,11 @@ init_per_suite(Config0) -> try crypto:start() of ok -> ssl_test_lib:clean_start(), - ssl_test_lib:make_rsa_cert(Config0) + {ClientOpts, ServerOpts} = + ssl_test_lib:make_rsa_cert_chains([{server_chain, ssl_test_lib:default_cert_chain_conf()}, + {client_chain, ssl_test_lib:default_cert_chain_conf()}], + Config0, "openssl_session_SUITE"), + [{client_opts, ClientOpts}, {server_opts, ServerOpts} | Config0] catch _:_ -> {skip, "Crypto did not start"} end @@ -96,31 +111,10 @@ end_per_suite(_Config) -> ssl_test_lib:kill_openssl(). init_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - case ssl_test_lib:supports_ssl_tls_version(GroupName) of - true -> - case ssl_test_lib:check_sane_openssl_version(GroupName) of - true -> - ssl_test_lib:init_tls_version(GroupName, Config); - false -> - {skip, openssl_does_not_support_version} - end; - false -> - {skip, openssl_does_not_support_version} - end; - _ -> - ssl:start(), - Config - end. + ssl_test_lib:init_per_group_openssl(GroupName, Config). end_per_group(GroupName, Config) -> - case ssl_test_lib:is_tls_version(GroupName) of - true -> - ssl_test_lib:clean_tls_version(Config); - false -> - Config - end. + ssl_test_lib:end_per_group(GroupName, Config). init_per_testcase(reuse_session_erlang_client, Config) -> ct:timetrap(?EXPIRE * 1000 * 5), @@ -130,22 +124,27 @@ init_per_testcase(reuse_session_erlang_client, Config) -> ssl:start(), Config; init_per_testcase(reuse_session_erlang_server, Config) -> - Version = ssl_test_lib:protocol_version(Config), - case ssl_test_lib:is_dtls_version(Version) of + case ssl_test_lib:working_openssl_client() of true -> - case ssl_test_lib:openssl_sane_dtls_session_reuse() of + Version = ssl_test_lib:protocol_version(Config), + case ssl_test_lib:is_dtls_version(Version) of true -> - ct:timetrap({seconds, 10}), - Config; + case ssl_test_lib:openssl_sane_dtls_session_reuse() of + true -> + ct:timetrap(?TIMEOUT), + Config; + false -> + {skip, "Broken OpenSSL DTLS session reuse"} + end; false -> - {skip, "Broken OpenSSL DTLS session reuse"} + ct:timetrap(?TIMEOUT), + Config end; - false -> - ct:timetrap({seconds, 10}), - Config + false -> + {skip, "Broken OpenSSL s_client"} end; -init_per_testcase(TestCase, Config) -> - ct:timetrap({seconds, 10}), +init_per_testcase(_TestCase, Config) -> + ct:timetrap(?TIMEOUT), Config. end_per_testcase(reuse_session_erlang_client, Config) -> @@ -163,66 +162,58 @@ reuse_session_erlang_server() -> [{doc, "Test erlang server with openssl client that reconnects with the" "same session id, to test reusing of sessions."}]. reuse_session_erlang_server(Config) when is_list(Config) -> - process_flag(trap_exit, true), - ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), + ClientOpts = proplists:get_value(client_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_opts, Config), + Version = ssl_test_lib:protocol_version(Config), - {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + {_, ServerNode, _} = ssl_test_lib:run_where(Config), + Ciphers = common_ciphers(Version), + Data = "From openssl to erlang", Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, {from, self()}, {mfa, {ssl_test_lib, active_recv, [length(Data)]}}, {reconnect_times, 5}, - {options, ServerOpts}]), + {options, [{ciphers, Ciphers}, + {versions, [Version]}| ServerOpts]}]), Port = ssl_test_lib:inet_port(Server), - Version = ssl_test_lib:protocol_version(Config), - - Exe = "openssl", - Args = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname) - ++ ":" ++ integer_to_list(Port), - ssl_test_lib:version_flag(Version), - "-reconnect"], - - OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), + - true = port_command(OpenSslPort, Data), + {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port}, + {reconnect, true}, + {options, [{ciphers, Ciphers} | ClientOpts]}, + return_port], Config), + true = port_command(OpenSSLPort, Data), ssl_test_lib:check_result(Server, Data), - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close(Server), - ssl_test_lib:close_port(OpenSslPort). + ssl_test_lib:close(Server). %%-------------------------------------------------------------------- reuse_session_erlang_client() -> [{doc, "Test erlang ssl client that wants to reuse sessions"}]. reuse_session_erlang_client(Config) when is_list(Config) -> - process_flag(trap_exit, true), - ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), - ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), - {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), - - Version = ssl_test_lib:protocol_version(Config), - Port = ssl_test_lib:inet_port(node()), - CertFile = proplists:get_value(certfile, ServerOpts), - CACertFile = proplists:get_value(cacertfile, ServerOpts), - KeyFile = proplists:get_value(keyfile, ServerOpts), - - Exe = "openssl", - Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version), - "-cert", CertFile,"-key", KeyFile, "-CAfile", CACertFile], - - OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), + ClientOpts = ssl_test_lib:ssl_options(client_opts, Config), + ServerOpts = proplists:get_value(server_opts, Config), + Version = ssl_test_lib:protocol_version(Config), - ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), + {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), + Ciphers = common_ciphers(Version), + Server = ssl_test_lib:start_server(openssl, [], + [{server_opts, [{ciphers, Ciphers} | ServerOpts]} | Config]), + Port = ssl_test_lib:inet_port(Server), Client0 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, {host, Hostname}, {mfa, {ssl_test_lib, session_id, []}}, - {from, self()}, {options, [{reuse_sessions, save}, {verify, verify_peer}| ClientOpts]}]), + {from, self()}, + {options, [{reuse_sessions, save}, + {verify, verify_peer}, + {ciphers, Ciphers}, + {versions, [Version]} | ClientOpts]}]), SID = receive {Client0, Id0} -> @@ -235,7 +226,9 @@ reuse_session_erlang_client(Config) when is_list(Config) -> ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, {host, Hostname}, {mfa, {ssl_test_lib, session_id, []}}, - {from, self()}, {options, [{reuse_session, SID} | ClientOpts]}]), + {from, self()}, {options, [ {ciphers, Ciphers}, + {versions, [Version]}, + {reuse_session, SID} | ClientOpts]}]), receive {Client1, SID} -> ok @@ -252,7 +245,8 @@ reuse_session_erlang_client(Config) when is_list(Config) -> ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, {host, Hostname}, {mfa, {ssl_test_lib, session_id, []}}, - {from, self()}, {options, ClientOpts}]), + {from, self()}, {options, [{ciphers, Ciphers}, + {versions, [Version]} | ClientOpts]}]), receive {Client2, ID} -> case ID of @@ -262,12 +256,16 @@ reuse_session_erlang_client(Config) when is_list(Config) -> ok end end, - - %% Clean close down! Server needs to be closed first !! - ssl_test_lib:close_port(OpensslPort), ssl_test_lib:close(Client2). %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- + +common_ciphers(Version) -> + OpenSSLCiphers = ssl_test_lib:openssl_ciphers(), + ErlOpenSSLCiphers = [ssl:str_to_suite(C) || C <- OpenSSLCiphers], + ErlCiphers = ssl:cipher_suites(all, Version), + [Suite || Suite <- ErlOpenSSLCiphers, lists:member(Suite, ErlCiphers)]. + |