diff options
Diffstat (limited to 'lib/ssl/test')
-rw-r--r-- | lib/ssl/test/property_test/ssl_eqc_chain.erl | 36 | ||||
-rw-r--r-- | lib/ssl/test/ssl_eqc_SUITE.erl | 12 |
2 files changed, 44 insertions, 4 deletions
diff --git a/lib/ssl/test/property_test/ssl_eqc_chain.erl b/lib/ssl/test/property_test/ssl_eqc_chain.erl index e78dc3fc0e..e108591776 100644 --- a/lib/ssl/test/property_test/ssl_eqc_chain.erl +++ b/lib/ssl/test/property_test/ssl_eqc_chain.erl @@ -124,6 +124,23 @@ prop_tls_extraneous_and_unordered_path() -> end ). +prop_client_cert_auth() -> + ?FORALL({ClientOptions, ServerOptions}, ?LET(Version, tls_version(), client_cert_auth_opts(Version)), + try + [TLSVersion] = proplists:get_value(versions, ClientOptions), + ssl_test_lib:basic_test(ClientOptions, ServerOptions, [{server_type, erlang}, + {client_type, erlang}, + {version, TLSVersion} + ]) + of + _ -> + true + catch + _:_ -> + false + end + ). + %%-------------------------------------------------------------------- %% Chain Generators ----------------------------------------------- %%-------------------------------------------------------------------- @@ -232,6 +249,9 @@ unordered_extraneous_options(Version) -> der_extraneous_and_unorder_options(Version) -> ?LET(Alg, key_alg(Version), der_extraneous_and_unorder_chain(Version, Alg)). +client_cert_auth_opts(Version) -> + ?LET({SAlg, CAlg}, {key_alg(Version), key_alg(Version)}, der_cert_chains(Version, CAlg,SAlg)). + extraneous_der_cert_chain_opts(Version, Alg) -> #{cert := OrgSRoot} = SRoot = public_key:pkix_test_root_cert("OTP test server ROOT", root_key(Alg)), #{cert := OrgCRoot} = CRoot = public_key:pkix_test_root_cert("OTP test client ROOT", root_key(Alg)), @@ -275,7 +295,6 @@ extraneous_pem_cert_chain_opts(Version, Alg, PrivDir) -> extraneous_pem_conf(ServerChain, ClientRoot, OrgCRoot, ServerConf0, PrivDir)]}. extra_extraneous_der_cert_chain_opts(Version, Alg) -> - #{cert := OrgSRoot} = SRoot = public_key:pkix_test_root_cert("OTP test server ROOT", root_key(Alg)), #{cert := OrgCRoot} = CRoot = public_key:pkix_test_root_cert("OTP test client ROOT", root_key(Alg)), @@ -304,7 +323,6 @@ extra_extraneous_der_cert_chain_opts(Version, Alg) -> der_extraneous_and_unorder_chain(Version, Alg) -> - #{cert := OrgSRoot} = SRoot = public_key:pkix_test_root_cert("OTP test server ROOT", root_key(Alg)), #{cert := OrgCRoot} = CRoot = public_key:pkix_test_root_cert("OTP test client ROOT", root_key(Alg)), @@ -331,6 +349,20 @@ der_extraneous_and_unorder_chain(Version, Alg) -> server_options(Version) ++ [protocol(Version), {versions, [Version]} | extraneous_der_conf(ServerChain, ClientRoot1, [OrgCRoot, ClientRoot0], ServerConf0)]}. +der_cert_chains(Version, CAlg, SAlg) -> + SRoot = public_key:pkix_test_root_cert("OTP test server ROOT", root_key(SAlg)), + CRoot = public_key:pkix_test_root_cert("OTP test client ROOT", root_key(CAlg)), + + #{server_config := ServerConf, + client_config := ClientConf} = public_key:pkix_test_data(#{server_chain => #{root => SRoot, + intermediates => intermediates(SAlg, 1), + peer => peer_key(SAlg)}, + client_chain => #{root => CRoot, + intermediates => intermediates(CAlg, 1), + peer => peer_key(CAlg)}}), + {client_options(Version) ++ [protocol(Version), {versions, [Version]} | ClientConf], + server_options(Version) ++ [protocol(Version), {versions, [Version]} | ServerConf]}. + chain_and_root(Config) -> OwnCert = proplists:get_value(cert, Config), {ok, ExtractedCAs} = ssl_pkix_db:extract_trusted_certs({der, proplists:get_value(cacerts, Config)}), diff --git a/lib/ssl/test/ssl_eqc_SUITE.erl b/lib/ssl/test/ssl_eqc_SUITE.erl index 3c9a1d0ab0..4bfff1585e 100644 --- a/lib/ssl/test/ssl_eqc_SUITE.erl +++ b/lib/ssl/test/ssl_eqc_SUITE.erl @@ -39,7 +39,8 @@ tls_unorded_chains/1, tls_extraneous_chain/1, tls_extraneous_chains/1, - tls_extraneous_and_unorder_chains/1 + tls_extraneous_and_unorder_chains/1, + tls_client_cert_auth/1 ]). %%-------------------------------------------------------------------- @@ -56,7 +57,8 @@ all() -> tls_unorded_chains, tls_extraneous_chain, tls_extraneous_chains, - tls_extraneous_and_unorder_chains + tls_extraneous_and_unorder_chains, + tls_client_cert_auth ]. %%-------------------------------------------------------------------- @@ -123,3 +125,9 @@ tls_extraneous_and_unorder_chains(Config) when is_list(Config) -> ssl:start(), true = ct_property_test:quickcheck(ssl_eqc_chain:prop_tls_extraneous_and_unordered_path(), Config). + +tls_client_cert_auth(Config) when is_list(Config) -> + %% manual test: proper:quickcheck(ssl_eqc_chain:prop_client_cert_auth() + ssl:start(), + true = ct_property_test:quickcheck(ssl_eqc_chain:prop_client_cert_auth(), + Config). |