diff options
Diffstat (limited to 'lib/ssl/test/ssl_cert_tests.erl')
-rw-r--r-- | lib/ssl/test/ssl_cert_tests.erl | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/ssl/test/ssl_cert_tests.erl b/lib/ssl/test/ssl_cert_tests.erl index 5422ff7fe4..d9d535106a 100644 --- a/lib/ssl/test/ssl_cert_tests.erl +++ b/lib/ssl/test/ssl_cert_tests.erl @@ -21,6 +21,8 @@ %% -module(ssl_cert_tests). +-behaviour(ct_suite). + -include_lib("public_key/include/public_key.hrl"). %% Test cases @@ -42,6 +44,8 @@ client_auth_partial_chain_fun_fail/1, client_auth_sni/0, client_auth_sni/1, + client_auth_seelfsigned_peer/0, + client_auth_seelfsigned_peer/1, missing_root_cert_no_auth/0, missing_root_cert_no_auth/1, invalid_signature_client/0, @@ -235,6 +239,18 @@ client_auth_sni(Config) when is_list(Config) -> ssl_test_lib:basic_alert(ClientOpts, ServerOpts, Config, handshake_failure). %%-------------------------------------------------------------------- +client_auth_seelfsigned_peer() -> + [{doc, "Check that selfsigned peer raises alert"}]. +client_auth_seelfsigned_peer(Config) when is_list(Config) -> + Ext = x509_test:extensions([{key_usage, [keyCertSign, cRLSign, digitalSignature, keyAgreement]}]), + #{cert := Cert, + key := Key} = public_key:pkix_test_root_cert("OTP test server ROOT", [{key, ssl_test_lib:hardcode_rsa_key(6)}, + {extensions, Ext}]), + DerKey = public_key:der_encode('RSAPrivateKey', Key), + ssl_test_lib:basic_alert(ssl_test_lib:ssl_options([{verify, verify_peer}, {cacerts , [Cert]}], Config), + ssl_test_lib:ssl_options([{cert, Cert}, + {key, {'RSAPrivateKey', DerKey}}], Config), Config, bad_certificate). +%%-------------------------------------------------------------------- missing_root_cert_no_auth() -> [{doc,"Test that the client succeds if the ROOT CA is unknown in verify_none mode"}]. |