Merge branch 'maint'

erlang · Aug 10, 2023 · ef4cdc8 · ef4cdc8
2 parents 9d6a376 + 9c299d2
commit ef4cdc8
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 5 deletions.
diff --git a/lib/ssl/src/ssl_gen_statem.erl b/lib/ssl/src/ssl_gen_statem.erl
@@ -1074,10 +1074,11 @@ handle_normal_shutdown(Alert, StateName, #state{static_env = #static_env{role =
                                                                          protocol_cb = Connection,
                                                                          trackers = Trackers},
                                                 connection_env  = #connection_env{user_application = {_Mon, Pid}},
+                                                handshake_env = #handshake_env{renegotiation = Type},
                                                 socket_options = Opts,
 						start_or_recv_from = RecvFrom} = State) ->
     Pids = Connection:pids(State),
-    alert_user(Pids, Transport, Trackers, Socket, StateName, Opts, Pid, RecvFrom, Alert, Role, StateName, Connection).
+    alert_user(Pids, Transport, Trackers, Socket, Type, Opts, Pid, RecvFrom, Alert, Role, StateName, Connection).
 
 handle_alert(#alert{level = ?FATAL} = Alert, StateName, State) ->
     handle_fatal_alert(Alert, StateName, State);
@@ -1879,9 +1880,11 @@ send_user(Pid, Msg) ->
     Pid ! Msg,
     ok.
 
-alert_user(Pids, Transport, Trackers, Socket, connection, Opts, Pid, From, Alert, Role, StateName, Connection) ->
+alert_user(Pids, Transport, Trackers, Socket, _, Opts, Pid, From, Alert, Role, connection = StateName, Connection) ->
     alert_user(Pids, Transport, Trackers, Socket, Opts#socket_options.active, Pid, From, Alert, Role, StateName, Connection);
-alert_user(Pids, Transport, Trackers, Socket,_, _, _, From, Alert, Role, StateName, Connection) ->
+alert_user(Pids, Transport, Trackers, Socket, {true, internal}, Opts, Pid, From, Alert, Role, StateName, Connection) ->
+    alert_user(Pids, Transport, Trackers, Socket, Opts#socket_options.active, Pid, From, Alert, Role, StateName, Connection);
+alert_user(Pids, Transport, Trackers, Socket, _, _, _, From, Alert, Role, StateName, Connection) ->
     alert_user(Pids, Transport, Trackers, Socket, From, Alert, Role, StateName, Connection).
 
 alert_user(Pids, Transport, Trackers, Socket, From, Alert, Role, StateName, Connection) ->

diff --git a/lib/ssl/test/ssl_renegotiate_SUITE.erl b/lib/ssl/test/ssl_renegotiate_SUITE.erl
@@ -61,7 +61,9 @@
          renegotiate_dos_mitigate_passive/0,
          renegotiate_dos_mitigate_passive/1,
          renegotiate_dos_mitigate_absolute/0,
-         renegotiate_dos_mitigate_absolute/1
+         renegotiate_dos_mitigate_absolute/1,
+         active_error_disallowed_client_renegotiate/0,
+         active_error_disallowed_client_renegotiate/1
         ]).
 
 %% Apply export
@@ -105,7 +107,8 @@ renegotiate_tests() ->
      server_no_wrap_sequence_number,
      renegotiate_dos_mitigate_active,
      renegotiate_dos_mitigate_passive,
-     renegotiate_dos_mitigate_absolute].
+     renegotiate_dos_mitigate_absolute,
+     active_error_disallowed_client_renegotiate].
 
 init_per_suite(Config) ->
     catch crypto:stop(),
@@ -466,6 +469,31 @@ renegotiate_dos_mitigate_absolute(Config) when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
+%%--------------------------------------------------------------------
+active_error_disallowed_client_renegotiate() ->
+    [{doc,"Test that an active client socket gets an error when server denies client renegotiation."}].
+active_error_disallowed_client_renegotiate(Config) when is_list(Config) ->
+    ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
+    ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server =
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+				   {from, self()},
+				   {mfa, {ssl_test_lib, no_result, []}},
+				   {options, [{client_renegotiation, false} | ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    {ok, Client} = ssl:connect(Hostname, Port, [{renegotiate_at, 1}, {active, true} | ClientOpts]),
+
+    {error, closed} = ssl:send(Client, crypto:strong_rand_bytes(20)),
+
+    receive
+        {ssl_error, Client, _} ->
+            ok
+    end.
+
 %%--------------------------------------------------------------------
 %% Internal functions ------------------------------------------------
 %%--------------------------------------------------------------------