summaryrefslogtreecommitdiff
path: root/lib/ssl/test
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ssl/test')
-rw-r--r--lib/ssl/test/Makefile2
-rw-r--r--lib/ssl/test/openssl_key_update_SUITE.erl134
-rw-r--r--lib/ssl/test/openssl_session_ticket_SUITE.erl409
-rw-r--r--lib/ssl/test/ssl_cipher_suite_SUITE.erl95
-rw-r--r--lib/ssl/test/ssl_key_update_SUITE.erl99
-rw-r--r--lib/ssl/test/ssl_session_SUITE.erl184
-rw-r--r--lib/ssl/test/ssl_session_ticket_SUITE.erl385
-rw-r--r--lib/ssl/test/ssl_test_lib.erl37
8 files changed, 912 insertions, 433 deletions
diff --git a/lib/ssl/test/Makefile b/lib/ssl/test/Makefile
index 1bd4c2c910..e53f54130f 100644
--- a/lib/ssl/test/Makefile
+++ b/lib/ssl/test/Makefile
@@ -67,6 +67,7 @@ MODULES = \
ssl_engine_SUITE\
ssl_handshake_SUITE \
ssl_key_update_SUITE \
+ openssl_key_update_SUITE \
ssl_npn_hello_SUITE \
ssl_packet_SUITE \
ssl_payload_SUITE \
@@ -74,6 +75,7 @@ MODULES = \
ssl_session_SUITE \
ssl_session_cache_SUITE \
ssl_session_ticket_SUITE \
+ openssl_session_ticket_SUITE \
openssl_session_SUITE \
ssl_ECC_SUITE \
ssl_ECC_openssl_SUITE \
diff --git a/lib/ssl/test/openssl_key_update_SUITE.erl b/lib/ssl/test/openssl_key_update_SUITE.erl
new file mode 100644
index 0000000000..4963f0bb30
--- /dev/null
+++ b/lib/ssl/test/openssl_key_update_SUITE.erl
@@ -0,0 +1,134 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2020-2020. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%
+%% %CopyrightEnd%
+%%
+-module(openssl_key_update_SUITE).
+
+%% Callback functions
+-export([all/0,
+ groups/0,
+ init_per_suite/1,
+ end_per_suite/1,
+ init_per_group/2,
+ end_per_group/2,
+ init_per_testcase/2,
+ end_per_testcase/2]).
+
+%% Testcases
+-export([openssl_client_explicit_key_update/0,
+ openssl_client_explicit_key_update/1,
+ openssl_server_explicit_key_update/0,
+ openssl_server_explicit_key_update/1]).
+
+-include_lib("common_test/include/ct.hrl").
+
+all() ->
+ [{group, 'tlsv1.3'}].
+
+groups() ->
+ [{'tlsv1.3', [], tls_1_3_tests()}].
+
+tls_1_3_tests() ->
+ [openssl_client_explicit_key_update,
+ openssl_server_explicit_key_update].
+
+init_per_suite(Config0) ->
+ catch crypto:stop(),
+ try crypto:start() of
+ ok ->
+ ssl_test_lib:clean_start(),
+ case proplists:get_bool(ecdh, proplists:get_value(public_keys, crypto:supports())) of
+ true ->
+ ssl_test_lib:make_ecdsa_cert(Config0);
+ false ->
+ {skip, "Missing EC crypto support"}
+ end
+ catch _:_ ->
+ {skip, "Crypto did not start"}
+ end.
+
+end_per_suite(_Config) ->
+ ssl:stop(),
+ application:unload(ssl),
+ application:stop(crypto).
+
+init_per_group(GroupName, Config) ->
+ ssl_test_lib:init_per_group_openssl(GroupName, Config).
+
+end_per_group(GroupName, Config) ->
+ ssl_test_lib:end_per_group(GroupName, Config).
+
+init_per_testcase(_TestCase, Config) ->
+ ssl_test_lib:ct_log_supported_protocol_versions(Config),
+ ct:timetrap({seconds, 10}),
+ Config.
+
+end_per_testcase(_TestCase, Config) ->
+ Config.
+
+
+%%--------------------------------------------------------------------
+%% Test Cases --------------------------------------------------------
+%%--------------------------------------------------------------------
+
+openssl_client_explicit_key_update() ->
+ [{doc,"Test ssl:update_key/2 between openssl s_client and erlang server."}].
+
+openssl_client_explicit_key_update(Config) ->
+ Data = "123456789012345", %% 15 bytes
+
+ Server = ssl_test_lib:start_server(erlang, [{log_level, debug}], Config),
+ Port = ssl_test_lib:inet_port(Server),
+
+ Client = ssl_test_lib:start_client(openssl, [{port, Port}], Config),
+ ssl_test_lib:send_recv_result_active(Client, Server, Data),
+
+ %% TODO s_client can hang after sending special commands e.g "k", "K"
+ %% ssl_test_lib:update_keys(Client, write),
+ %% ssl_test_lib:update_keys(Client, read_write),
+ ssl_test_lib:update_keys(Server, write),
+ ssl_test_lib:update_keys(Server, read_write),
+
+ ssl_test_lib:send_recv_result_active(Client, Server, Data),
+
+ ssl_test_lib:close(Client),
+ ssl_test_lib:close(Server).
+
+openssl_server_explicit_key_update() ->
+ [{doc,"Test ssl:update_key/2 between ssl client and s_server."}].
+
+openssl_server_explicit_key_update(Config) ->
+ Data = "123456789012345", %% 15 bytes
+
+ Server = ssl_test_lib:start_server(openssl, [], Config),
+ Port = ssl_test_lib:inet_port(Server),
+
+ Client = ssl_test_lib:start_client(erlang, [{port, Port},
+ {log_level, debug},
+ {versions, ['tlsv1.2','tlsv1.3']}],Config),
+ ssl_test_lib:send_recv_result_active(Server, Client, Data),
+
+ ssl_test_lib:update_keys(Client, write),
+ ssl_test_lib:update_keys(Client, read_write),
+ ssl_test_lib:update_keys(Server, write),
+ ssl_test_lib:update_keys(Server, read_write),
+
+ ssl_test_lib:send_recv_result_active(Client, Server, Data),
+
+ ssl_test_lib:close(Client),
+ ssl_test_lib:close(Server).
diff --git a/lib/ssl/test/openssl_session_ticket_SUITE.erl b/lib/ssl/test/openssl_session_ticket_SUITE.erl
new file mode 100644
index 0000000000..775048e355
--- /dev/null
+++ b/lib/ssl/test/openssl_session_ticket_SUITE.erl
@@ -0,0 +1,409 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2007-2020. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+-module(openssl_session_ticket_SUITE).
+
+%% Callback functions
+-export([all/0,
+ groups/0,
+ init_per_suite/1,
+ end_per_suite/1,
+ init_per_group/2,
+ end_per_group/2,
+ init_per_testcase/2,
+ end_per_testcase/2]).
+
+%% Testcases
+-export([openssl_server_basic/0,
+ openssl_server_basic/1,
+ openssl_server_hrr/0,
+ openssl_server_hrr/1,
+ openssl_server_hrr_multiple_tickets/0,
+ openssl_server_hrr_multiple_tickets/1,
+ openssl_client_basic/0,
+ openssl_client_basic/1,
+ openssl_client_hrr/0,
+ openssl_client_hrr/1]).
+
+-include("tls_handshake.hrl").
+
+-include_lib("common_test/include/ct.hrl").
+
+-define(SLEEP, 500).
+
+%%--------------------------------------------------------------------
+%% Common Test interface functions -----------------------------------
+%%--------------------------------------------------------------------
+all() ->
+ [
+ {group, 'tlsv1.3'}
+ ].
+
+groups() ->
+ [{'tlsv1.3', [], [{group, stateful},
+ {group, stateless},
+ {group, openssl_server}]},
+ {openssl_server, [], [openssl_server_basic,
+ openssl_server_hrr,
+ openssl_server_hrr_multiple_tickets
+ ]},
+ {stateful, [], session_tests()},
+ {stateless, [], session_tests()}].
+
+session_tests() ->
+ [openssl_client_basic,
+ openssl_client_hrr].
+
+init_per_suite(Config0) ->
+ catch crypto:stop(),
+ try crypto:start() of
+ ok ->
+ ssl_test_lib:clean_start(),
+ ssl_test_lib:make_rsa_cert(Config0)
+ catch _:_ ->
+ {skip, "Crypto did not start"}
+ end.
+
+end_per_suite(_Config) ->
+ ssl:stop(),
+ application:stop(crypto).
+
+init_per_group(stateful, Config) ->
+ [{server_ticket_mode, stateful} | proplists:delete(server_ticket_mode, Config)];
+init_per_group(stateless, Config) ->
+ [{server_ticket_mode, stateless} | proplists:delete(server_ticket_mode, Config)];
+init_per_group(GroupName, Config) ->
+ ssl_test_lib:init_per_group_openssl(GroupName, Config).
+
+end_per_group(GroupName, Config) ->
+ ssl_test_lib:end_per_group(GroupName, Config).
+
+init_per_testcase(_TestCase, Config) ->
+ ssl:stop(),
+ application:load(ssl),
+ ssl:start(),
+ ct:timetrap({seconds, 15}),
+ Config.
+
+end_per_testcase(_TestCase, Config) ->
+ Config.
+
+%%--------------------------------------------------------------------
+%% Test Cases --------------------------------------------------------
+%%--------------------------------------------------------------------
+
+openssl_server_basic() ->
+ [{doc,"Test session resumption with session tickets (erlang client - openssl server)"}].
+openssl_server_basic(Config) when is_list(Config) ->
+ process_flag(trap_exit, true),
+ ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
+ {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
+
+ Version = 'tlsv1.3',
+ Port = ssl_test_lib:inet_port(node()),
+ CertFile = proplists:get_value(certfile, ServerOpts),
+ CACertFile = proplists:get_value(cacertfile, ServerOpts),
+ KeyFile = proplists:get_value(keyfile, ServerOpts),
+
+ %% Configure session tickets
+ ClientOpts = [{session_tickets, auto}, {log_level, debug},
+ {versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
+
+ Exe = "openssl",
+ Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version),
+ "-cert", CertFile,"-key", KeyFile, "-CAfile", CACertFile, "-msg", "-debug"],
+
+ OpensslPort = ssl_test_lib:portable_open_port(Exe, Args),
+
+ ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)),
+
+ %% Store ticket from first connection
+ Client0 = ssl_test_lib:start_client([{node, ClientNode},
+ {port, Port}, {host, Hostname},
+ {mfa, {ssl_test_lib,
+ verify_active_session_resumption,
+ [false, no_reply]}},
+ {from, self()}, {options, ClientOpts}]),
+ %% Wait for session ticket
+ ct:sleep(100),
+
+ %% Close previous connection as s_server can only handle one at a time
+ ssl_test_lib:close(Client0),
+
+ %% Use ticket
+ Client1 = ssl_test_lib:start_client([{node, ClientNode},
+ {port, Port}, {host, Hostname},
+ {mfa, {ssl_test_lib,
+ verify_active_session_resumption,
+ [true, no_reply]}},
+ {from, self()},
+ {options, ClientOpts}]),
+ process_flag(trap_exit, false),
+
+ %% Clean close down! Server needs to be closed first !!
+ ssl_test_lib:close_port(OpensslPort),
+ ssl_test_lib:close(Client1).
+
+openssl_client_basic() ->
+ [{doc,"Test session resumption with session tickets (openssl client - erlang server)"}].
+openssl_client_basic(Config) when is_list(Config) ->
+ ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
+ {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+ TicketFile0 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket0"]),
+ TicketFile1 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket1"]),
+ ServerTicketMode = proplists:get_value(server_ticket_mode, Config),
+
+ Data = "Hello world",
+
+ %% Configure session tickets
+ ServerOpts = [{session_tickets, ServerTicketMode}, {log_level, debug},
+ {versions, ['tlsv1.2','tlsv1.3']}|ServerOpts0],
+
+ Server0 =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {ssl_test_lib,
+ verify_active_session_resumption,
+ [false]}},
+ {options, ServerOpts}]),
+
+ Version = 'tlsv1.3',
+ Port0 = ssl_test_lib:inet_port(Server0),
+
+ Exe = "openssl",
+ Args0 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname)
+ ++ ":" ++ integer_to_list(Port0),
+ ssl_test_lib:version_flag(Version),
+ "-sess_out", TicketFile0],
+
+ OpenSslPort0 = ssl_test_lib:portable_open_port(Exe, Args0),
+
+ true = port_command(OpenSslPort0, Data),
+
+ ssl_test_lib:check_result(Server0, ok),
+
+ Server0 ! {listen, {mfa, {ssl_test_lib,
+ verify_active_session_resumption,
+ [true]}}},
+
+ %% Wait for session ticket
+ ct:sleep(100),
+
+ Args1 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname)
+ ++ ":" ++ integer_to_list(Port0),
+ ssl_test_lib:version_flag(Version),
+ "-sess_in", TicketFile0,
+ "-sess_out", TicketFile1],
+
+ OpenSslPort1 = ssl_test_lib:portable_open_port(Exe, Args1),
+
+ true = port_command(OpenSslPort1, Data),
+
+ ssl_test_lib:check_result(Server0, ok),
+
+ %% Clean close down! Server needs to be closed first !!
+ ssl_test_lib:close(Server0),
+ ssl_test_lib:close_port(OpenSslPort0),
+ ssl_test_lib:close_port(OpenSslPort1).
+
+openssl_server_hrr() ->
+ [{doc,"Test session resumption with session tickets and hello_retry_request (erlang client - openssl server)"}].
+openssl_server_hrr(Config) when is_list(Config) ->
+ process_flag(trap_exit, true),
+ ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
+ {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
+
+ Version = 'tlsv1.3',
+ Port = ssl_test_lib:inet_port(node()),
+ CertFile = proplists:get_value(certfile, ServerOpts),
+ CACertFile = proplists:get_value(cacertfile, ServerOpts),
+ KeyFile = proplists:get_value(keyfile, ServerOpts),
+
+ %% Configure session tickets
+ ClientOpts = [{session_tickets, auto}, {log_level, debug},
+ {versions, ['tlsv1.2','tlsv1.3']},
+ {supported_groups,[secp256r1, x25519]}|ClientOpts0],
+
+ Exe = "openssl",
+ Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version),
+ "-cert", CertFile,
+ "-key", KeyFile,
+ "-CAfile", CACertFile,
+ "-groups", "X448:X25519",
+ "-msg", "-debug"],
+
+ OpensslPort = ssl_test_lib:portable_open_port(Exe, Args),
+
+ ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)),
+
+ %% Store ticket from first connection
+ Client0 = ssl_test_lib:start_client([{node, ClientNode},
+ {port, Port}, {host, Hostname},
+ {mfa, {ssl_test_lib,
+ verify_active_session_resumption,
+ [false, no_reply]}},
+ {from, self()}, {options, ClientOpts}]),
+ %% Wait for session ticket
+ ct:sleep(100),
+
+ %% Close previous connection as s_server can only handle one at a time
+ ssl_test_lib:close(Client0),
+
+ %% Use ticket
+ Client1 = ssl_test_lib:start_client([{node, ClientNode},
+ {port, Port}, {host, Hostname},
+ {mfa, {ssl_test_lib,
+ verify_active_session_resumption,
+ [true, no_reply]}},
+ {from, self()},
+ {options, ClientOpts}]),
+ process_flag(trap_exit, false),
+
+ %% Clean close down! Server needs to be closed first !!
+ ssl_test_lib:close_port(OpensslPort),
+ ssl_test_lib:close(Client1).
+
+openssl_client_hrr() ->
+ [{doc,"Test session resumption with session tickets and hello_retry_request (openssl client - erlang server)"}].
+openssl_client_hrr(Config) when is_list(Config) ->
+ ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
+ {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+ TicketFile0 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket0"]),
+ TicketFile1 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket1"]),
+ ServerTicketMode = proplists:get_value(server_ticket_mode, Config),
+
+ Data = "Hello world",
+
+ %% Configure session tickets
+ ServerOpts = [{session_tickets, ServerTicketMode}, {log_level, debug},
+ {versions, ['tlsv1.2','tlsv1.3']},
+ {supported_groups,[x448, x25519]}|ServerOpts0],
+
+ Server0 =
+ ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, {ssl_test_lib,
+ verify_active_session_resumption,
+ [false]}},
+ {options, ServerOpts}]),
+
+ Version = 'tlsv1.3',
+ Port0 = ssl_test_lib:inet_port(Server0),
+
+ Exe = "openssl",
+ Args0 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname)
+ ++ ":" ++ integer_to_list(Port0),
+ ssl_test_lib:version_flag(Version),
+ "-groups", "P-256:X25519",
+ "-sess_out", TicketFile0],
+
+ OpenSslPort0 = ssl_test_lib:portable_open_port(Exe, Args0),
+
+ true = port_command(OpenSslPort0, Data),
+
+ ssl_test_lib:check_result(Server0, ok),
+
+ Server0 ! {listen, {mfa, {ssl_test_lib,
+ verify_active_session_resumption,
+ [true]}}},
+
+ %% Wait for session ticket
+ ct:sleep(100),
+
+ Args1 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname)
+ ++ ":" ++ integer_to_list(Port0),
+ ssl_test_lib:version_flag(Version),
+ "-groups", "P-256:X25519",
+ "-sess_in", TicketFile0,
+ "-sess_out", TicketFile1],
+
+ OpenSslPort1 = ssl_test_lib:portable_open_port(Exe, Args1),
+
+ true = port_command(OpenSslPort1, Data),
+
+ ssl_test_lib:check_result(Server0, ok),
+
+ %% Clean close down! Server needs to be closed first !!
+ ssl_test_lib:close(Server0),
+ ssl_test_lib:close_port(OpenSslPort0),
+ ssl_test_lib:close_port(OpenSslPort1).
+
+openssl_server_hrr_multiple_tickets() ->
+ [{doc,"Test session resumption with multiple session tickets and hello_retry_request (erlang client - openssl server)"}].
+openssl_server_hrr_multiple_tickets(Config) when is_list(Config) ->
+ process_flag(trap_exit, true),
+ ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
+ ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
+ {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
+
+ Version = 'tlsv1.3',
+ Port = ssl_test_lib:inet_port(node()),
+ CertFile = proplists:get_value(certfile, ServerOpts),
+ CACertFile = proplists:get_value(cacertfile, ServerOpts),
+ KeyFile = proplists:get_value(keyfile, ServerOpts),
+
+ %% Configure session tickets
+ ClientOpts = [{session_tickets, manual}, {log_level, debug},
+ {versions, ['tlsv1.2','tlsv1.3']},
+ {supported_groups,[secp256r1, x25519]}|ClientOpts0],
+
+ Exe = "openssl",
+ Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version),
+ "-cert", CertFile,
+ "-key", KeyFile,
+ "-CAfile", CACertFile,
+ "-groups", "X448:X25519",
+ "-msg", "-debug"],
+
+ OpensslPort = ssl_test_lib:portable_open_port(Exe, Args),
+
+ ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)),
+
+ %% Store ticket from first connection
+ Client0 = ssl_test_lib:start_client([{node, ClientNode},
+ {port, Port}, {host, Hostname},
+ {mfa, {ssl_test_lib,
+ verify_active_session_resumption,
+ [false, no_reply, {tickets, 2}]}},
+ {from, self()}, {options, ClientOpts}]),
+
+ Tickets0 = ssl_test_lib:check_tickets(Client0),
+
+ ct:pal("Received tickets: ~p~n", [Tickets0]),
+
+ %% Close previous connection as s_server can only handle one at a time
+ ssl_test_lib:close(Client0),
+
+ %% Use tickets
+ Client1 = ssl_test_lib:start_client([{node, ClientNode},
+ {port, Port}, {host, Hostname},
+ {mfa, {ssl_test_lib,
+ verify_active_session_resumption,
+ [true, no_reply, no_tickets]}},
+ {from, self()},
+ {options, [{use_ticket, Tickets0}|ClientOpts]}]),
+
+ process_flag(trap_exit, false),
+
+ %% Clean close down! Server needs to be closed first !!
+ ssl_test_lib:close_port(OpensslPort),
+ ssl_test_lib:close(Client1).
diff --git a/lib/ssl/test/ssl_cipher_suite_SUITE.erl b/lib/ssl/test/ssl_cipher_suite_SUITE.erl
index e598d662e9..855533cc3d 100644
--- a/lib/ssl/test/ssl_cipher_suite_SUITE.erl
+++ b/lib/ssl/test/ssl_cipher_suite_SUITE.erl
@@ -32,6 +32,7 @@
%%--------------------------------------------------------------------
all() ->
[
+ {group, 'tlsv1.3'},
{group, 'tlsv1.2'},
{group, 'tlsv1.1'},
{group, 'tlsv1'},
@@ -42,6 +43,7 @@ all() ->
groups() ->
[
+ {'tlsv1.3', [], tls_1_3_kex()},
{'tlsv1.2', [], kex()},
{'tlsv1.1', [], kex()},
{'tlsv1', [], kex()},
@@ -60,6 +62,7 @@ groups() ->
ecdhe_rsa_aes_256_gcm,
ecdhe_rsa_chacha20_poly1305
]},
+ {ecdhe_1_3_rsa_cert, [], tls_1_3_cipher_suites()},
{ecdhe_ecdsa, [],[ecdhe_ecdsa_rc4_128,
ecdhe_ecdsa_3des_ede_cbc,
ecdhe_ecdsa_aes_128_cbc,
@@ -127,6 +130,17 @@ groups() ->
]}
].
+
+tls_1_3_kex() ->
+ [{group, ecdhe_1_3_rsa_cert}].
+
+tls_1_3_cipher_suites() ->
+ [aes_256_gcm_sha384,
+ aes_128_gcm_sha256,
+ chacha20_poly1305_sha256,
+ aes_128_ccm_sha256
+ ].
+
kex() ->
rsa() ++ ecdsa() ++ dss() ++ anonymous().
@@ -186,7 +200,13 @@ end_per_suite(_Config) ->
ssl:stop(),
application:stop(crypto).
-
+init_per_group(GroupName, Config) when GroupName == ecdhe_1_3_rsa_cert ->
+ case proplists:get_bool(ecdh, proplists:get_value(public_keys, crypto:supports())) of
+ true ->
+ init_certs(GroupName, Config);
+ false ->
+ {skip, "Missing EC crypto support"}
+ end;
init_per_group(GroupName, Config) when GroupName == ecdh_anon;
GroupName == ecdhe_rsa;
GroupName == ecdhe_psk ->
@@ -318,6 +338,53 @@ init_per_testcase(TestCase, Config) when TestCase == psk_aes_256_ccm_8;
_ ->
{skip, "Missing AES_256_CCM crypto support"}
end;
+init_per_testcase(aes_256_gcm_sha384, Config) ->
+ SupCiphers = proplists:get_value(ciphers, crypto:supports()),
+ SupHashs = proplists:get_value(hashs, crypto:supports()),
+ case (lists:member(aes_256_gcm, SupCiphers)) andalso
+ (lists:member(sha384, SupHashs))
+ of
+ true ->
+ ct:timetrap({seconds, 5}),
+ Config;
+ _ ->
+ {skip, "Missing AES_256_GCM_SHA384 crypto support"}
+ end;
+init_per_testcase(aes_128_gcm_sha256, Config) ->
+ SupCiphers = proplists:get_value(ciphers, crypto:supports()),
+ SupHashs = proplists:get_value(hashs, crypto:supports()),
+ case (lists:member(aes_256_gcm, SupCiphers)) andalso
+ (lists:member(sha256, SupHashs))
+ of
+ true ->
+ ct:timetrap({seconds, 5}),
+ Config;
+ _ ->
+ {skip, "Missing AES_128_GCM_SHA256 crypto support"}
+ end;
+init_per_testcase(chacha20_poly1305_sha256, Config) ->
+ SupCiphers = proplists:get_value(ciphers, crypto:supports()),
+ SupHashs = proplists:get_value(hashs, crypto:supports()),
+ case (lists:member(chacha20_poly1305, SupCiphers)) andalso
+ (lists:member(sha256, SupHashs))
+ of
+ true ->
+ ct:timetrap({seconds, 5}),
+ Config;
+ _ ->
+ {skip, "Missing chacha20_poly1305_sha256 crypto support"}
+ end;
+init_per_testcase(aes_128_ccm_sha256, Config) ->
+ SupCiphers = proplists:get_value(ciphers, crypto:supports()),
+ SupHashs = proplists:get_value(hashs, crypto:supports()),
+ case (lists:member(aes_128_ccm, SupCiphers)) andalso
+ (lists:member(sha256, SupHashs)) of
+ true ->
+ ct:timetrap({seconds, 5}),
+ Config;
+ _ ->
+ {skip, "Missing AES_128_CCM_SHA256 crypto support"}
+ end;
init_per_testcase(TestCase, Config) ->
Cipher = ssl_test_lib:test_cipher(TestCase, Config),
SupCiphers = proplists:get_value(ciphers, crypto:supports()),
@@ -335,7 +402,6 @@ end_per_testcase(_TestCase, Config) ->
%%--------------------------------------------------------------------
%% Initializtion ------------------------------------------
%%--------------------------------------------------------------------
-
init_certs(srp_rsa, Config) ->
DefConf = ssl_test_lib:default_cert_chain_conf(),
CertChainConf = ssl_test_lib:gen_conf(rsa, rsa, DefConf, DefConf),
@@ -367,6 +433,14 @@ init_certs(rsa, Config) ->
[{tls_config, #{server_config => ServerOpts,
client_config => ClientOpts}} |
proplists:delete(tls_config, Config)];
+init_certs(ecdhe_1_3_rsa_cert, Config) ->
+ ClientExt = x509_test:extensions([{key_usage, [digitalSignature]}]),
+ {ClientOpts, ServerOpts} = ssl_test_lib:make_rsa_cert_chains([{server_chain,
+ [[],[],[{extensions, ClientExt}]]}],
+ Config, "_peer_rsa_digitalsign"),
+ [{tls_config, #{server_config => ServerOpts,
+ client_config => ClientOpts}} |
+ proplists:delete(tls_config, Config)];
init_certs(dhe_dss, Config) ->
DefConf = ssl_test_lib:default_cert_chain_conf(),
CertChainConf = ssl_test_lib:gen_conf(dsa, dsa, DefConf, DefConf),
@@ -427,6 +501,22 @@ init_certs(_GroupName, Config) ->
%% Test Cases --------------------------------------------------------
%%--------------------------------------------------------------------
+aes_256_gcm_sha384(Config) when is_list(Config)->
+ Version = ssl_test_lib:protocol_version(Config),
+ cipher_suite_test(ssl:str_to_suite("TLS_AES_256_GCM_SHA384"), Version, Config).
+
+aes_128_gcm_sha256(Config) when is_list(Config) ->
+ Version = ssl_test_lib:protocol_version(Config),
+ cipher_suite_test(ssl:str_to_suite("TLS_AES_128_GCM_SHA256"), Version, Config).
+
+chacha20_poly1305_sha256(Config) when is_list(Config) ->
+ Version = ssl_test_lib:protocol_version(Config),
+ cipher_suite_test(ssl:str_to_suite("TLS_CHACHA20_POLY1305_SHA256"), Version, Config).
+
+aes_128_ccm_sha256(Config) when is_list(Config) ->
+ Version = ssl_test_lib:protocol_version(Config),
+ cipher_suite_test(ssl:str_to_suite("TLS_AES_128_CCM_SHA256"), Version, Config).
+
%%--------------------------------------------------------------------
%% SRP --------------------------------------------------------
%%--------------------------------------------------------------------
@@ -775,3 +865,4 @@ test_ciphers(Kex, Cipher, Version) ->
(_) -> false
end}]).
+
diff --git a/lib/ssl/test/ssl_key_update_SUITE.erl b/lib/ssl/test/ssl_key_update_SUITE.erl
index 32cbe0a5a1..2816f1a39e 100644
--- a/lib/ssl/test/ssl_key_update_SUITE.erl
+++ b/lib/ssl/test/ssl_key_update_SUITE.erl
@@ -19,7 +19,21 @@
%%
-module(ssl_key_update_SUITE).
--compile(export_all).
+%% Callback functions
+-export([all/0,
+ groups/0,
+ init_per_suite/1,
+ end_per_suite/1,
+ init_per_group/2,
+ end_per_group/2,
+ init_per_testcase/2,
+ end_per_testcase/2]).
+
+%% Testcases
+-export([key_update_at/0,
+ key_update_at/1,
+ explicit_key_update/0,
+ explicit_key_update/1]).
-include_lib("common_test/include/ct.hrl").
@@ -30,10 +44,8 @@ groups() ->
[{'tlsv1.3', [], tls_1_3_tests()}].
tls_1_3_tests() ->
- [ssl_client_ssl_server_key_update_at,
- ssl_client_ssl_server_explicit_key_update,
- openssl_client_ssl_server_explicit_key_update,
- ssl_client_openssl_server_explicit_key_update].
+ [key_update_at,
+ explicit_key_update].
init_per_suite(Config0) ->
catch crypto:stop(),
@@ -56,28 +68,10 @@ end_per_suite(_Config) ->
application:stop(crypto).
init_per_group(GroupName, Config) ->
- case ssl_test_lib:is_tls_version(GroupName) of
- true ->
- case ssl_test_lib:sufficient_crypto_support(GroupName) of
- true ->
- [{client_type, erlang},
- {server_type, erlang}, {version, GroupName}
- | ssl_test_lib:init_tls_version(GroupName, Config)];
- false ->
- {skip, "Missing crypto support"}
- end;
- _ ->
- ssl:start(),
- Config
- end.
+ ssl_test_lib:init_per_group(GroupName, Config).
end_per_group(GroupName, Config) ->
- case ssl_test_lib:is_tls_version(GroupName) of
- true ->
- ssl_test_lib:clean_tls_version(Config);
- false ->
- Config
- end.
+ ssl_test_lib:end_per_group(GroupName, Config).
init_per_testcase(_TestCase, Config) ->
ssl_test_lib:ct_log_supported_protocol_versions(Config),
@@ -92,10 +86,10 @@ end_per_testcase(_TestCase, Config) ->
%% Test Cases --------------------------------------------------------
%%--------------------------------------------------------------------
-ssl_client_ssl_server_key_update_at() ->
+key_update_at() ->
[{doc,"Test option 'key_update_at' between erlang client and erlang server."}].
-ssl_client_ssl_server_key_update_at(Config) ->
+key_update_at(Config) ->
%% {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
Data = "123456789012345", %% 15 bytes
@@ -117,10 +111,10 @@ ssl_client_ssl_server_key_update_at(Config) ->
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
-ssl_client_ssl_server_explicit_key_update() ->
+explicit_key_update() ->
[{doc,"Test ssl:update_key/2 between erlang client and erlang server."}].
-ssl_client_ssl_server_explicit_key_update(Config) ->
+explicit_key_update(Config) ->
Data = "123456789012345", %% 15 bytes
Server = ssl_test_lib:start_server(erlang, [{log_level, debug}], Config),
@@ -140,50 +134,3 @@ ssl_client_ssl_server_explicit_key_update(Config) ->
ssl_test_lib:close(Server),
ssl_test_lib:close(Client).
-
-openssl_client_ssl_server_explicit_key_update() ->
- [{doc,"Test ssl:update_key/2 between openssl s_client and erlang server."}].
-
-openssl_client_ssl_server_explicit_key_update(Config) ->
- Data = "123456789012345", %% 15 bytes
-
- Server = ssl_test_lib:start_server(erlang, [{log_level, debug}], Config),
- Port = ssl_test_lib:inet_port(Server),
-
- Client = ssl_test_lib:start_client(openssl, [{port, Port}], Config),
- ssl_test_lib:send_recv_result_active(Client, Server, Data),
-
- %% TODO s_client can hang after sending special commands e.g "k", "K"
- %% ssl_test_lib:update_keys(Client, write),
- %% ssl_test_lib:update_keys(Client, read_write),
- ssl_test_lib:update_keys(Server, write),
- ssl_test_lib:update_keys(Server, read_write),
-
- ssl_test_lib:send_recv_result_active(Client, Server, Data),
-
- ssl_test_lib:close(Client),
- ssl_test_lib:close(Server).
-
-ssl_client_openssl_server_explicit_key_update() ->
- [{doc,"Test ssl:update_key/2 between ssl client and s_server."}].
-
-ssl_client_openssl_server_explicit_key_update(Config) ->
- Data = "123456789012345", %% 15 bytes
-
- Server = ssl_test_lib:start_server(openssl, [], Config),
- Port = ssl_test_lib:inet_port(Server),
-
- Client = ssl_test_lib:start_client(erlang, [{port, Port},
- {log_level, debug},
- {versions, ['tlsv1.2','tlsv1.3']}],Config),
- ssl_test_lib:send_recv_result_active(Server, Client, Data),
-
- ssl_test_lib:update_keys(Client, write),
- ssl_test_lib:update_keys(Client, read_write),
- ssl_test_lib:update_keys(Server, write),
- ssl_test_lib:update_keys(Server, read_write),
-
- ssl_test_lib:send_recv_result_active(Client, Server, Data),
-
- ssl_test_lib:close(Client),
- ssl_test_lib:close(Server).
diff --git a/lib/ssl/test/ssl_session_SUITE.erl b/lib/ssl/test/ssl_session_SUITE.erl
index aa79698a72..f8dd633ed4 100644
--- a/lib/ssl/test/ssl_session_SUITE.erl
+++ b/lib/ssl/test/ssl_session_SUITE.erl
@@ -25,6 +25,7 @@
-compile(export_all).
-include("tls_handshake.hrl").
+-include("ssl_record.hrl").
-include_lib("common_test/include/ct.hrl").
-include_lib("public_key/include/public_key.hrl").
@@ -48,11 +49,11 @@ all() ->
groups() ->
[{'dtlsv1.2', [], session_tests()},
{'dtlsv1', [], session_tests()},
- {'tlsv1.3', [], session_tests()},
- {'tlsv1.2', [], session_tests()},
- {'tlsv1.1', [], session_tests()},
- {'tlsv1', [], session_tests()},
- {'sslv3', [], session_tests()}
+ {'tlsv1.3', [], session_tests() ++ tls_session_tests()},
+ {'tlsv1.2', [], session_tests() ++ tls_session_tests()},
+ {'tlsv1.1', [], session_tests() ++ tls_session_tests()},
+ {'tlsv1', [], session_tests() ++ tls_session_tests()},
+ {'sslv3', [], session_tests() ++ tls_session_tests()}
].
session_tests() ->
@@ -62,6 +63,8 @@ session_tests() ->
no_reuses_session_server_restart_new_cert,
no_reuses_session_server_restart_new_cert_file].
+tls_session_tests() ->
+ [session_table_stable_size_on_tcp_close].
init_per_suite(Config0) ->
catch crypto:stop(),
@@ -372,6 +375,177 @@ no_reuses_session_server_restart_new_cert_file(Config) when is_list(Config) ->
ssl_test_lib:close(Server1),
ssl_test_lib:close(Client1).
+session_table_stable_size_on_tcp_close() ->
+ [{doc, "Check that new sessions are cleanup when connection is closed abruptly during first handshake"}].
+
+session_table_stable_size_on_tcp_close(Config) when is_list(Config)->
+ ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
+ {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+ {status, _, _, StatusInfo} = sys:get_status(whereis(ssl_manager)),
+ [_, _,_, _, Prop] = StatusInfo,
+ State = ssl_test_lib:state(Prop),
+ ServerCache = element(3, State),
+
+ N = ets:info(ServerCache, size),
+
+ Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {options, [{reuseaddr, true} | ServerOpts]}]),
+ Port = ssl_test_lib:inet_port(Server),
+ faulty_client(Hostname, Port),
+ check_table_did_not_grow(ServerCache, N).
+
+
%%--------------------------------------------------------------------
%% Internal functions ------------------------------------------------
%%--------------------------------------------------------------------
+check_table_did_not_grow(ServerCache, N) ->
+ ct:sleep(500),
+ check_table_did_not_grow(ServerCache, N, 10).
+
+check_table_did_not_grow(_, _, 0) ->
+ ct:fail(table_grew);
+check_table_did_not_grow(ServerCache, N, Tries) ->
+ case ets:info(ServerCache, size) of
+ N ->
+ ok;
+ _ ->
+ ct:sleep(500),
+ check_table_did_not_grow(ServerCache, N, Tries -1)
+ end.
+
+faulty_client(Host, Port) ->
+ {ok, Sock} = gen_tcp:connect(Host, Port, [], 10000),
+ Random = crypto:strong_rand_bytes(32),
+ CH = client_hello(Random),
+ CHBin = encode_client_hello(CH, Random),
+ gen_tcp:send(Sock, CHBin),
+ ct:sleep(100),
+ gen_tcp:close(Sock).
+
+
+server(LOpts, Port) ->
+ {ok, LSock} = ssl:listen(Port, LOpts),
+ Pid = spawn_link(?MODULE, accept_loop, [LSock]),
+ ssl:controlling_process(LSock, Pid),
+ Pid.
+
+accept_loop(Sock) ->
+ {ok, CSock} = ssl:transport_accept(Sock),
+ _ = ssl:handshake(CSock),
+ accept_loop(Sock).
+
+
+encode_client_hello(CH, Random) ->
+ HSBin = tls_handshake:encode_handshake(CH, {3,3}),
+ CS = connection_states(Random),
+ {Encoded, _} = tls_record:encode_handshake(HSBin, {3,3}, CS),
+ Encoded.
+
+client_hello(Random) ->
+ CipherSuites = [<<0,255>>, <<"À,">>, <<"À0">>, <<"À$">>, <<"À(">>,
+ <<"À.">>, <<"À2">>, <<"À&">>, <<"À*">>, <<0,159>>,
+ <<0,163>>, <<0,107>>, <<0,106>>, <<"À+">>, <<"À/">>,
+ <<"À#">>, <<"À'">>, <<"À-">>, <<"À1">>, <<"À%">>,
+ <<"À)">>, <<0,158>>, <<0,162>>, <<0,103>>, <<0,64>>,
+ <<"À\n">>, <<192,20>>, <<0,57>>, <<0,56>>, <<192,5>>,
+ <<192,15>>, <<"À\t">>, <<192,19>>, <<0,51>>, <<0,50>>,
+ <<192,4>>, <<192,14>>],
+ Extensions = #{alpn => undefined,
+ ec_point_formats =>
+ {ec_point_formats,
+ [0]},
+ elliptic_curves =>
+ {elliptic_curves,
+ [{1,3,132,0,39},
+ {1,3,132,0,38},
+ {1,3,132,0,35},
+ {1,3,36,3,3,2,
+ 8,1,1,13},
+ {1,3,132,0,36},
+ {1,3,132,0,37},
+ {1,3,36,3,3,2,
+ 8,1,1,11},
+ {1,3,132,0,34},
+ {1,3,132,0,16},
+ {1,3,132,0,17},
+ {1,3,36,3,3,2,
+ 8,1,1,7},
+ {1,3,132,0,10},
+ {1,2,840,
+ 10045,3,1,7},
+ {1,3,132,0,3},
+ {1,3,132,0,26},
+ {1,3,132,0,27},
+ {1,3,132,0,32},
+ {1,3,132,0,33},
+ {1,3,132,0,24},
+ {1,3,132,0,25},
+ {1,3,132,0,31},
+ {1,2,840,
+ 10045,3,1,1},
+ {1,3,132,0,1},
+ {1,3,132,0,2},
+ {1,3,132,0,15},
+ {1,3,132,0,9},
+ {1,3,132,0,8},
+ {1,3,132,0,
+ 30}]},
+ next_protocol_negotiation =>
+ undefined,
+ renegotiation_info =>
+ {renegotiation_info,
+ undefined},
+ signature_algs =>
+ {hash_sign_algos,
+ [{sha512,ecdsa},
+ {sha512,rsa},
+ {sha384,ecdsa},
+ {sha384,rsa},
+ {sha256,ecdsa},
+ {sha256,rsa},
+ {sha224,ecdsa},
+ {sha224,rsa},
+ {sha,ecdsa},
+ {sha,rsa},
+ {sha,dsa}]},
+ sni =>
+ {sni,
+ "localhost"},
+ srp =>
+ undefined},
+
+ #client_hello{client_version = {3,3},
+ random = Random,
+ session_id = crypto:strong_rand_bytes(32),
+ cipher_suites = CipherSuites,
+ compression_methods = [0],
+ extensions = Extensions
+ }.
+
+connection_states(Random) ->
+ #{current_write =>
+ #{beast_mitigation => one_n_minus_one,cipher_state => undefined,
+ client_verify_data => undefined,compression_state => undefined,
+ mac_secret => undefined,secure_renegotiation => undefined,
+ security_parameters =>
+ #security_parameters{
+ cipher_suite = <<0,0>>,
+ connection_end = 1,
+ bulk_cipher_algorithm = 0,
+ cipher_type = 0,
+ iv_size = 0,
+ key_size = 0,
+ key_material_length = 0,
+ expanded_key_material_length = 0,
+ mac_algorithm = 0,
+ prf_algorithm = 0,
+ hash_size = 0,
+ compression_algorithm = 0,
+ master_secret = undefined,
+ resumption_master_secret = undefined,
+ client_random = Random,
+ server_random = undefined,
+ exportable = undefined},
+ sequence_number => 0,server_verify_data => undefined}}.
diff --git a/lib/ssl/test/ssl_session_ticket_SUITE.erl b/lib/ssl/test/ssl_session_ticket_SUITE.erl
index 96b0fb5c2a..3d41b59223 100644
--- a/lib/ssl/test/ssl_session_ticket_SUITE.erl
+++ b/lib/ssl/test/ssl_session_ticket_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2007-2019. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2020. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
@@ -18,11 +18,27 @@
%% %CopyrightEnd%
%%
-%%
-module(ssl_session_ticket_SUITE).
-%% Note: This directive should only be used in test suites.
--compile(export_all).
+%% Callback functions
+-export([all/0,
+ groups/0,
+ init_per_suite/1,
+ end_per_suite/1,
+ init_per_group/2,
+ end_per_group/2,
+ init_per_testcase/2,
+ end_per_testcase/2]).
+
+%% Testcases
+-export([basic/0,
+ basic/1,
+ hello_retry_request/0,
+ hello_retry_request/1,
+ multiple_tickets/0,
+ multiple_tickets/1,
+ multiple_tickets_2hash/0,
+ multiple_tickets_2hash/1]).
-include("tls_handshake.hrl").
@@ -40,21 +56,15 @@ all() ->
].
groups() ->
- [{'tlsv1.3', [], [{group, stateful}, {group, stateless}, {group, openssl_server}]},
- {openssl_server, [], [erlang_client_openssl_server_basic,
- erlang_client_openssl_server_hrr,
- erlang_client_openssl_server_hrr_multiple_tickets
- ]},
+ [{'tlsv1.3', [], [{group, stateful}, {group, stateless}]},
{stateful, [], session_tests()},
{stateless, [], session_tests()}].
session_tests() ->
- [erlang_client_erlang_server_basic,
- openssl_client_erlang_server_basic,
- erlang_client_erlang_server_hrr,
- openssl_client_erlang_server_hrr,
- erlang_client_erlang_server_multiple_tickets,
- erlang_client_erlang_server_multiple_tickets_2hash].
+ [basic,
+ hello_retry_request,
+ multiple_tickets,
+ multiple_tickets_2hash].
init_per_suite(Config0) ->
catch crypto:stop(),
@@ -75,27 +85,10 @@ init_per_group(stateful, Config) ->
init_per_group(stateless, Config) ->
[{server_ticket_mode, stateless} | proplists:delete(server_ticket_mode, Config)];
init_per_group(GroupName, Config) ->
- ssl_test_lib:clean_tls_version(Config),
- case ssl_test_lib:is_tls_version(GroupName) andalso ssl_test_lib:sufficient_crypto_support(GroupName) of
- true ->
- ssl_test_lib:init_tls_version(GroupName, Config);
- _ ->
- case ssl_test_lib:sufficient_crypto_support(GroupName) of
- true ->
- ssl:start(),
- Config;
- false ->
- {skip, "Missing crypto support"}
- end
- end.
+ ssl_test_lib:init_per_group(GroupName, Config).
end_per_group(GroupName, Config) ->
- case ssl_test_lib:is_tls_version(GroupName) of
- true ->
- ssl_test_lib:clean_tls_version(Config);
- false ->
- Config
- end.
+ ssl_test_lib:end_per_group(GroupName, Config).
init_per_testcase(_, Config) ->
ssl:stop(),
@@ -111,10 +104,9 @@ end_per_testcase(_TestCase, Config) ->
%% Test Cases --------------------------------------------------------
%%--------------------------------------------------------------------
-
-erlang_client_erlang_server_basic() ->
+basic() ->
[{doc,"Test session resumption with session tickets (erlang client - erlang server)"}].
-erlang_client_erlang_server_basic(Config) when is_list(Config) ->
+basic(Config) when is_list(Config) ->
ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -166,127 +158,9 @@ erlang_client_erlang_server_basic(Config) when is_list(Config) ->
ssl_test_lib:close(Server0),
ssl_test_lib:close(Client1).
-
-erlang_client_openssl_server_basic() ->
- [{doc,"Test session resumption with session tickets (erlang client - openssl server)"}].
-erlang_client_openssl_server_basic(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
- ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
- ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
- {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
-
- Version = 'tlsv1.3',
- Port = ssl_test_lib:inet_port(node()),
- CertFile = proplists:get_value(certfile, ServerOpts),
- CACertFile = proplists:get_value(cacertfile, ServerOpts),
- KeyFile = proplists:get_value(keyfile, ServerOpts),
-
- %% Configure session tickets
- ClientOpts = [{session_tickets, auto}, {log_level, debug},
- {versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
-
- Exe = "openssl",
- Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version),
- "-cert", CertFile,"-key", KeyFile, "-CAfile", CACertFile, "-msg", "-debug"],
-
- OpensslPort = ssl_test_lib:portable_open_port(Exe, Args),
-
- ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)),
-
- %% Store ticket from first connection
- Client0 = ssl_test_lib:start_client([{node, ClientNode},
- {port, Port}, {host, Hostname},
- {mfa, {ssl_test_lib,
- verify_active_session_resumption,
- [false, no_reply]}},
- {from, self()}, {options, ClientOpts}]),
- %% Wait for session ticket
- ct:sleep(100),
-
- %% Close previous connection as s_server can only handle one at a time
- ssl_test_lib:close(Client0),
-
- %% Use ticket
- Client1 = ssl_test_lib:start_client([{node, ClientNode},
- {port, Port}, {host, Hostname},
- {mfa, {ssl_test_lib,
- verify_active_session_resumption,
- [true, no_reply]}},
- {from, self()},
- {options, ClientOpts}]),
- process_flag(trap_exit, false),
-
- %% Clean close down! Server needs to be closed first !!
- ssl_test_lib:close_port(OpensslPort),
- ssl_test_lib:close(Client1).
-
-
-openssl_client_erlang_server_basic() ->
- [{doc,"Test session resumption with session tickets (openssl client - erlang server)"}].
-openssl_client_erlang_server_basic(Config) when is_list(Config) ->
- ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
- {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
- TicketFile0 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket0"]),
- TicketFile1 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket1"]),
- ServerTicketMode = proplists:get_value(server_ticket_mode, Config),
-
- Data = "Hello world",
-
- %% Configure session tickets
- ServerOpts = [{session_tickets, ServerTicketMode}, {log_level, debug},
- {versions, ['tlsv1.2','tlsv1.3']}|ServerOpts0],
-
- Server0 =
- ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
- {from, self()},
- {mfa, {ssl_test_lib,
- verify_active_session_resumption,
- [false]}},
- {options, ServerOpts}]),
-
- Version = 'tlsv1.3',
- Port0 = ssl_test_lib:inet_port(Server0),
-
- Exe = "openssl",
- Args0 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname)
- ++ ":" ++ integer_to_list(Port0),
- ssl_test_lib:version_flag(Version),
- "-sess_out", TicketFile0],
-
- OpenSslPort0 = ssl_test_lib:portable_open_port(Exe, Args0),
-
- true = port_command(OpenSslPort0, Data),
-
- ssl_test_lib:check_result(Server0, ok),
-
- Server0 ! {listen, {mfa, {ssl_test_lib,
- verify_active_session_resumption,
- [true]}}},
-
- %% Wait for session ticket
- ct:sleep(100),
-
- Args1 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname)
- ++ ":" ++ integer_to_list(Port0),
- ssl_test_lib:version_flag(Version),
- "-sess_in", TicketFile0,
- "-sess_out", TicketFile1],
-
- OpenSslPort1 = ssl_test_lib:portable_open_port(Exe, Args1),
-
- true = port_command(OpenSslPort1, Data),
-
- ssl_test_lib:check_result(Server0, ok),
-
- %% Clean close down! Server needs to be closed first !!
- ssl_test_lib:close(Server0),
- ssl_test_lib:close_port(OpenSslPort0),
- ssl_test_lib:close_port(OpenSslPort1).
-
-
-erlang_client_erlang_server_hrr() ->
+hello_retry_request() ->
[{doc,"Test session resumption with session tickets and hello_retry_request (erlang client - erlang server)"}].
-erlang_client_erlang_server_hrr(Config) when is_list(Config) ->
+hello_retry_request(Config) when is_list(Config) ->
ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -340,135 +214,9 @@ erlang_client_erlang_server_hrr(Config) when is_list(Config) ->
ssl_test_lib:close(Server0),
ssl_test_lib:close(Client1).
-
-erlang_client_openssl_server_hrr() ->
- [{doc,"Test session resumption with session tickets and hello_retry_request (erlang client - openssl server)"}].
-erlang_client_openssl_server_hrr(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
- ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
- ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
- {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
-
- Version = 'tlsv1.3',
- Port = ssl_test_lib:inet_port(node()),
- CertFile = proplists:get_value(certfile, ServerOpts),
- CACertFile = proplists:get_value(cacertfile, ServerOpts),
- KeyFile = proplists:get_value(keyfile, ServerOpts),
-
- %% Configure session tickets
- ClientOpts = [{session_tickets, auto}, {log_level, debug},
- {versions, ['tlsv1.2','tlsv1.3']},
- {supported_groups,[secp256r1, x25519]}|ClientOpts0],
-
- Exe = "openssl",
- Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version),
- "-cert", CertFile,
- "-key", KeyFile,
- "-CAfile", CACertFile,
- "-groups", "X448:X25519",
- "-msg", "-debug"],
-
- OpensslPort = ssl_test_lib:portable_open_port(Exe, Args),
-
- ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)),
-
- %% Store ticket from first connection
- Client0 = ssl_test_lib:start_client([{node, ClientNode},
- {port, Port}, {host, Hostname},
- {mfa, {ssl_test_lib,
- verify_active_session_resumption,
- [false, no_reply]}},
- {from, self()}, {options, ClientOpts}]),
- %% Wait for session ticket
- ct:sleep(100),
-
- %% Close previous connection as s_server can only handle one at a time
- ssl_test_lib:close(Client0),
-
- %% Use ticket
- Client1 = ssl_test_lib:start_client([{node, ClientNode},
- {port, Port}, {host, Hostname},
- {mfa, {ssl_test_lib,
- verify_active_session_resumption,
- [true, no_reply]}},
- {from, self()},
- {options, ClientOpts}]),
- process_flag(trap_exit, false),
-
- %% Clean close down! Server needs to be closed first !!
- ssl_test_lib:close_port(OpensslPort),
- ssl_test_lib:close(Client1).
-
-
-openssl_client_erlang_server_hrr() ->
- [{doc,"Test session resumption with session tickets and hello_retry_request (openssl client - erlang server)"}].
-openssl_client_erlang_server_hrr(Config) when is_list(Config) ->
- ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
- {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
- TicketFile0 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket0"]),
- TicketFile1 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket1"]),
- ServerTicketMode = proplists:get_value(server_ticket_mode, Config),
-
- Data = "Hello world",
-
- %% Configure session tickets
- ServerOpts = [{session_tickets, ServerTicketMode}, {log_level, debug},
- {versions, ['tlsv1.2','tlsv1.3']},
- {supported_groups,[x448, x25519]}|ServerOpts0],
-
- Server0 =
- ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
- {from, self()},
- {mfa, {ssl_test_lib,
- verify_active_session_resumption,
- [false]}},
- {options, ServerOpts}]),
-
- Version = 'tlsv1.3',
- Port0 = ssl_test_lib:inet_port(Server0),
-
- Exe = "openssl",
- Args0 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname)
- ++ ":" ++ integer_to_list(Port0),
- ssl_test_lib:version_flag(Version),
- "-groups", "P-256:X25519",
- "-sess_out", TicketFile0],
-
- OpenSslPort0 = ssl_test_lib:portable_open_port(Exe, Args0),
-
- true = port_command(OpenSslPort0, Data),
-
- ssl_test_lib:check_result(Server0, ok),
-
- Server0 ! {listen, {mfa, {ssl_test_lib,
- verify_active_session_resumption,
- [true]}}},
-
- %% Wait for session ticket
- ct:sleep(100),
-
- Args1 = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname)
- ++ ":" ++ integer_to_list(Port0),
- ssl_test_lib:version_flag(Version),
- "-groups", "P-256:X25519",
- "-sess_in", TicketFile0,
- "-sess_out", TicketFile1],
-
- OpenSslPort1 = ssl_test_lib:portable_open_port(Exe, Args1),
-
- true = port_command(OpenSslPort1, Data),
-
- ssl_test_lib:check_result(Server0, ok),
-
- %% Clean close down! Server needs to be closed first !!
- ssl_test_lib:close(Server0),
- ssl_test_lib:close_port(OpenSslPort0),
- ssl_test_lib:close_port(OpenSslPort1).
-
-
-erlang_client_erlang_server_multiple_tickets() ->
+multiple_tickets() ->
[{doc,"Test session resumption with multiple session tickets (erlang client - erlang server)"}].
-erlang_client_erlang_server_multiple_tickets(Config) when is_list(Config) ->
+multiple_tickets(Config) when is_list(Config) ->
ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -524,72 +272,9 @@ erlang_client_erlang_server_multiple_tickets(Config) when is_list(Config) ->
ssl_test_lib:close(Server0),
ssl_test_lib:close(Client1).
-
-erlang_client_openssl_server_hrr_multiple_tickets() ->
- [{doc,"Test session resumption with multiple session tickets and hello_retry_request (erlang client - openssl server)"}].
-erlang_client_openssl_server_hrr_multiple_tickets(Config) when is_list(Config) ->
- process_flag(trap_exit, true),
- ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
- ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
- {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
-
- Version = 'tlsv1.3',
- Port = ssl_test_lib:inet_port(node()),
- CertFile = proplists:get_value(certfile, ServerOpts),
- CACertFile = proplists:get_value(cacertfile, ServerOpts),
- KeyFile = proplists:get_value(keyfile, ServerOpts),
-
- %% Configure session tickets
- ClientOpts = [{session_tickets, manual}, {log_level, debug},
- {versions, ['tlsv1.2','tlsv1.3']},
- {supported_groups,[secp256r1, x25519]}|ClientOpts0],
-
- Exe = "openssl",
- Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version),
- "-cert", CertFile,
- "-key", KeyFile,
- "-CAfile", CACertFile,
- "-groups", "X448:X25519",
- "-msg", "-debug"],
-
- OpensslPort = ssl_test_lib:portable_open_port(Exe, Args),
-
- ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)),
-
- %% Store ticket from first connection
- Client0 = ssl_test_lib:start_client([{node, ClientNode},
- {port, Port}, {host, Hostname},
- {mfa, {ssl_test_lib,
- verify_active_session_resumption,
- [false, no_reply, {tickets, 2}]}},
- {from, self()}, {options, ClientOpts}]),
-
- Tickets0 = ssl_test_lib:check_tickets(Client0),
-
- ct:pal("Received tickets: ~p~n", [Tickets0]),
-
- %% Close previous connection as s_server can only handle one at a time
- ssl_test_lib:close(Client0),
-
- %% Use tickets
- Client1 = ssl_test_lib:start_client([{node, ClientNode},
- {port, Port}, {host, Hostname},
- {mfa, {ssl_test_lib,
- verify_active_session_resumption,
- [true, no_reply, no_tickets]}},
- {from, self()},
- {options, [{use_ticket, Tickets0}|ClientOpts]}]),
-
- process_flag(trap_exit, false),
-
- %% Clean close down! Server needs to be closed first !!
- ssl_test_lib:close_port(OpensslPort),
- ssl_test_lib:close(Client1).
-
-
-erlang_client_erlang_server_multiple_tickets_2hash() ->
+multiple_tickets_2hash() ->
[{doc,"Test session resumption with multiple session tickets with 2 different hash algorithms (erlang client - erlang server)"}].
-erlang_client_erlang_server_multiple_tickets_2hash(Config) when is_list(Config) ->
+multiple_tickets_2hash(Config) when is_list(Config) ->
ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index e7f5a59235..206c4c8b32 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -76,6 +76,43 @@ get_client_opts(Config) ->
COpts = proplists:get_value(client_ecdsa_opts, Config),
ssl_test_lib:ssl_options(COpts, Config).
+%% Default callback functions
+init_per_group(GroupName, Config) ->
+ clean_tls_version(Config),
+ case is_tls_version(GroupName) andalso sufficient_crypto_support(GroupName) of
+ true ->
+ init_tls_version(GroupName, Config);
+ _ ->
+ case sufficient_crypto_support(GroupName) of
+ true ->
+ ssl:start(),
+ Config;
+ false ->
+ {skip, "Missing crypto support"}
+ end
+ end.
+
+init_per_group_openssl(GroupName, Config) ->
+ case is_tls_version(GroupName) of
+ true ->
+ case check_sane_openssl_version(GroupName) of
+ true ->
+ [{version, GroupName}|init_tls_version(GroupName, Config)];
+ false ->
+ {skip, "Missing openssl support"}
+ end;
+ _ ->
+ ssl:start(),
+ Config
+ end.
+
+end_per_group(GroupName, Config) ->
+ case is_tls_version(GroupName) of
+ true ->
+ clean_tls_version(Config);
+ false ->
+ Config
+ end.
%%====================================================================
%% Internal functions
View Lorry Controller Status