summaryrefslogtreecommitdiff
path: root/lib/ssl/test/openssl_session_SUITE.erl
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/test/openssl_session_SUITE.erl')
-rw-r--r--lib/ssl/test/openssl_session_SUITE.erl168
1 files changed, 83 insertions, 85 deletions
diff --git a/lib/ssl/test/openssl_session_SUITE.erl b/lib/ssl/test/openssl_session_SUITE.erl
index ceeb496ba4..08369733dc 100644
--- a/lib/ssl/test/openssl_session_SUITE.erl
+++ b/lib/ssl/test/openssl_session_SUITE.erl
@@ -21,13 +21,27 @@
-module(openssl_session_SUITE).
-%% Note: This directive should only be used in test suites.
--compile(export_all).
-
-include_lib("common_test/include/ct.hrl").
+%% Callback functions
+-export([all/0,
+ groups/0,
+ init_per_suite/1,
+ end_per_suite/1,
+ init_per_group/2,
+ end_per_group/2,
+ init_per_testcase/2,
+ end_per_testcase/2]).
+
+%% Testcases
+-export([reuse_session_erlang_server/0,
+ reuse_session_erlang_server/1,
+ reuse_session_erlang_client/0,
+ reuse_session_erlang_client/1
+ ]).
-define(SLEEP, 1000).
-define(EXPIRE, 10).
+-define(TIMEOUT, {seconds, 120}).
%%--------------------------------------------------------------------
%% Common Test interface functions -----------------------------------
@@ -39,14 +53,13 @@ all() ->
[{group, 'tlsv1.2'},
{group, 'tlsv1.1'},
{group, 'tlsv1'},
- {group, 'sslv3'},
{group, 'dtlsv1.2'},
{group, 'dtlsv1'}];
false ->
[{group, 'tlsv1.2'},
{group, 'tlsv1.1'},
- {group, 'tlsv1'},
- {group, 'sslv3'}]
+ {group, 'tlsv1'}
+ ]
end.
groups() ->
@@ -55,15 +68,13 @@ groups() ->
[{'tlsv1.2', [], tests()},
{'tlsv1.1', [], tests()},
{'tlsv1', [], tests()},
- {'sslv3', [], tests()},
{'dtlsv1.2', [], tests()},
{'dtlsv1', [], tests()}
];
false ->
[{'tlsv1.2', [], tests()},
{'tlsv1.1', [], tests()},
- {'tlsv1', [], tests()},
- {'sslv3', [], tests()}
+ {'tlsv1', [], tests()}
]
end.
@@ -84,7 +95,11 @@ init_per_suite(Config0) ->
try crypto:start() of
ok ->
ssl_test_lib:clean_start(),
- ssl_test_lib:make_rsa_cert(Config0)
+ {ClientOpts, ServerOpts} =
+ ssl_test_lib:make_rsa_cert_chains([{server_chain, ssl_test_lib:default_cert_chain_conf()},
+ {client_chain, ssl_test_lib:default_cert_chain_conf()}],
+ Config0, "openssl_session_SUITE"),
+ [{client_opts, ClientOpts}, {server_opts, ServerOpts} | Config0]
catch _:_ ->
{skip, "Crypto did not start"}
end
@@ -96,31 +111,10 @@ end_per_suite(_Config) ->
ssl_test_lib:kill_openssl().
init_per_group(GroupName, Config) ->
- case ssl_test_lib:is_tls_version(GroupName) of
- true ->
- case ssl_test_lib:supports_ssl_tls_version(GroupName) of
- true ->
- case ssl_test_lib:check_sane_openssl_version(GroupName) of
- true ->
- ssl_test_lib:init_tls_version(GroupName, Config);
- false ->
- {skip, openssl_does_not_support_version}
- end;
- false ->
- {skip, openssl_does_not_support_version}
- end;
- _ ->
- ssl:start(),
- Config
- end.
+ ssl_test_lib:init_per_group_openssl(GroupName, Config).
end_per_group(GroupName, Config) ->
- case ssl_test_lib:is_tls_version(GroupName) of
- true ->
- ssl_test_lib:clean_tls_version(Config);
- false ->
- Config
- end.
+ ssl_test_lib:end_per_group(GroupName, Config).
init_per_testcase(reuse_session_erlang_client, Config) ->
ct:timetrap(?EXPIRE * 1000 * 5),
@@ -130,22 +124,27 @@ init_per_testcase(reuse_session_erlang_client, Config) ->
ssl:start(),
Config;
init_per_testcase(reuse_session_erlang_server, Config) ->
- Version = ssl_test_lib:protocol_version(Config),
- case ssl_test_lib:is_dtls_version(Version) of
+ case ssl_test_lib:working_openssl_client() of
true ->
- case ssl_test_lib:openssl_sane_dtls_session_reuse() of
+ Version = ssl_test_lib:protocol_version(Config),
+ case ssl_test_lib:is_dtls_version(Version) of
true ->
- ct:timetrap({seconds, 10}),
- Config;
+ case ssl_test_lib:openssl_sane_dtls_session_reuse() of
+ true ->
+ ct:timetrap(?TIMEOUT),
+ Config;
+ false ->
+ {skip, "Broken OpenSSL DTLS session reuse"}
+ end;
false ->
- {skip, "Broken OpenSSL DTLS session reuse"}
+ ct:timetrap(?TIMEOUT),
+ Config
end;
- false ->
- ct:timetrap({seconds, 10}),
- Config
+ false ->
+ {skip, "Broken OpenSSL s_client"}
end;
-init_per_testcase(TestCase, Config) ->
- ct:timetrap({seconds, 10}),
+init_per_testcase(_TestCase, Config) ->
+ ct:timetrap(?TIMEOUT),
Config.
end_per_testcase(reuse_session_erlang_client, Config) ->
@@ -163,66 +162,58 @@ reuse_session_erlang_server() ->
[{doc, "Test erlang server with openssl client that reconnects with the"
"same session id, to test reusing of sessions."}].
reuse_session_erlang_server(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
- ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config),
+ ClientOpts = proplists:get_value(client_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+ Version = ssl_test_lib:protocol_version(Config),
- {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+ {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+ Ciphers = common_ciphers(Version),
+
Data = "From openssl to erlang",
Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
{from, self()},
{mfa, {ssl_test_lib, active_recv, [length(Data)]}},
{reconnect_times, 5},
- {options, ServerOpts}]),
+ {options, [{ciphers, Ciphers},
+ {versions, [Version]}| ServerOpts]}]),
Port = ssl_test_lib:inet_port(Server),
- Version = ssl_test_lib:protocol_version(Config),
-
- Exe = "openssl",
- Args = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname)
- ++ ":" ++ integer_to_list(Port),
- ssl_test_lib:version_flag(Version),
- "-reconnect"],
-
- OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args),
+
- true = port_command(OpenSslPort, Data),
+ {_Client, OpenSSLPort} = ssl_test_lib:start_client(openssl, [{port, Port},
+ {reconnect, true},
+ {options, [{ciphers, Ciphers} | ClientOpts]},
+ return_port], Config),
+ true = port_command(OpenSSLPort, Data),
ssl_test_lib:check_result(Server, Data),
-
- %% Clean close down! Server needs to be closed first !!
- ssl_test_lib:close(Server),
- ssl_test_lib:close_port(OpenSslPort).
+ ssl_test_lib:close(Server).
%%--------------------------------------------------------------------
reuse_session_erlang_client() ->
[{doc, "Test erlang ssl client that wants to reuse sessions"}].
reuse_session_erlang_client(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
- ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config),
- ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config),
- {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
-
- Version = ssl_test_lib:protocol_version(Config),
- Port = ssl_test_lib:inet_port(node()),
- CertFile = proplists:get_value(certfile, ServerOpts),
- CACertFile = proplists:get_value(cacertfile, ServerOpts),
- KeyFile = proplists:get_value(keyfile, ServerOpts),
-
- Exe = "openssl",
- Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version),
- "-cert", CertFile,"-key", KeyFile, "-CAfile", CACertFile],
-
- OpensslPort = ssl_test_lib:portable_open_port(Exe, Args),
+ ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+ ServerOpts = proplists:get_value(server_opts, Config),
+ Version = ssl_test_lib:protocol_version(Config),
- ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)),
+ {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
+ Ciphers = common_ciphers(Version),
+ Server = ssl_test_lib:start_server(openssl, [],
+ [{server_opts, [{ciphers, Ciphers} | ServerOpts]} | Config]),
+ Port = ssl_test_lib:inet_port(Server),
Client0 =
ssl_test_lib:start_client([{node, ClientNode},
{port, Port}, {host, Hostname},
{mfa, {ssl_test_lib, session_id, []}},
- {from, self()}, {options, [{reuse_sessions, save}, {verify, verify_peer}| ClientOpts]}]),
+ {from, self()},
+ {options, [{reuse_sessions, save},
+ {verify, verify_peer},
+ {ciphers, Ciphers},
+ {versions, [Version]} | ClientOpts]}]),
SID = receive
{Client0, Id0} ->
@@ -235,7 +226,9 @@ reuse_session_erlang_client(Config) when is_list(Config) ->
ssl_test_lib:start_client([{node, ClientNode},
{port, Port}, {host, Hostname},
{mfa, {ssl_test_lib, session_id, []}},
- {from, self()}, {options, [{reuse_session, SID} | ClientOpts]}]),
+ {from, self()}, {options, [ {ciphers, Ciphers},
+ {versions, [Version]},
+ {reuse_session, SID} | ClientOpts]}]),
receive
{Client1, SID} ->
ok
@@ -252,7 +245,8 @@ reuse_session_erlang_client(Config) when is_list(Config) ->
ssl_test_lib:start_client([{node, ClientNode},
{port, Port}, {host, Hostname},
{mfa, {ssl_test_lib, session_id, []}},
- {from, self()}, {options, ClientOpts}]),
+ {from, self()}, {options, [{ciphers, Ciphers},
+ {versions, [Version]} | ClientOpts]}]),
receive
{Client2, ID} ->
case ID of
@@ -262,12 +256,16 @@ reuse_session_erlang_client(Config) when is_list(Config) ->
ok
end
end,
-
- %% Clean close down! Server needs to be closed first !!
- ssl_test_lib:close_port(OpensslPort),
ssl_test_lib:close(Client2).
%%--------------------------------------------------------------------
%% Internal functions ------------------------------------------------
%%--------------------------------------------------------------------
+
+common_ciphers(Version) ->
+ OpenSSLCiphers = ssl_test_lib:openssl_ciphers(),
+ ErlOpenSSLCiphers = [ssl:str_to_suite(C) || C <- OpenSSLCiphers],
+ ErlCiphers = ssl:cipher_suites(all, Version),
+ [Suite || Suite <- ErlOpenSSLCiphers, lists:member(Suite, ErlCiphers)].
+
View Lorry Controller Status