diff --git a/lib/ssl/src/dtls_client_connection.erl b/lib/ssl/src/dtls_client_connection.erl index 0d2ac57b0a4..ebff84a9ddc 100644 --- a/lib/ssl/src/dtls_client_connection.erl +++ b/lib/ssl/src/dtls_client_connection.erl @@ -156,10 +156,12 @@ %%==================================================================== %% Setup %%==================================================================== -init([Role, Host, Port, Socket, Options, User, CbInfo]) -> +init([Role, Tab, Host, Port, Socket, Options, User, CbInfo]) -> process_flag(trap_exit, true), - State0 = dtls_gen_connection:initial_state(Role, Host, Port, Socket, + State0 = dtls_gen_connection:initial_state(Role, Tab, Host, Port, Socket, Options, User, CbInfo), + #state{static_env = #static_env{user_socket = UserSocket}} = State0, + User ! {self(), user_socket, UserSocket}, try State = ssl_gen_statem:init_ssl_config(State0#state.ssl_options, Role, State0), diff --git a/lib/ssl/src/dtls_gen_connection.erl b/lib/ssl/src/dtls_gen_connection.erl index 958e53ec934..90763477e50 100644 --- a/lib/ssl/src/dtls_gen_connection.erl +++ b/lib/ssl/src/dtls_gen_connection.erl @@ -24,20 +24,16 @@ -module(dtls_gen_connection). -moduledoc false. --include_lib("public_key/include/public_key.hrl"). --include_lib("kernel/include/logger.hrl"). - -include("dtls_connection.hrl"). -include("dtls_handshake.hrl"). -include("ssl_alert.hrl"). -include("dtls_record.hrl"). -include("ssl_cipher.hrl"). --include("ssl_api.hrl"). -include("ssl_internal.hrl"). %% Setup -export([start_fsm/8, - initial_state/7, + initial_state/8, pids/1]). %% Handshake handling @@ -67,7 +63,6 @@ %% Data handling -export([send/3, - socket/4, setopts/3, getopts/3, handle_info/3, @@ -91,7 +86,7 @@ %%==================================================================== %% Setup %%==================================================================== -initial_state(Role, Host, Port, Socket, +initial_state(Role, Tab, Host, Port, Socket, {SSLOptions, SocketOptions, Trackers}, User, {CbModule, DataTag, CloseTag, ErrorTag, PassiveTag}) -> put(log_level, maps:get(log_level, SSLOptions)), @@ -100,7 +95,11 @@ initial_state(Role, Host, Port, Socket, #{session_cb := SessionCacheCb} = ssl_config:pre_1_3_session_opts(Role), InternalActiveN = ssl_config:get_internal_active_n(), Monitor = erlang:monitor(process, User), + + SslSocket = dtls_socket:socket([self()], CbModule, Socket, ?MODULE, Tab), + InitStatEnv = #static_env{ + user_socket = SslSocket, role = Role, transport_cb = CbModule, protocol_cb = dtls_gen_connection, @@ -115,7 +114,9 @@ initial_state(Role, Host, Port, Socket, trackers = Trackers }, - #state{static_env = InitStatEnv, + + #state{tab = Tab, + static_env = InitStatEnv, handshake_env = #handshake_env{ tls_handshake_history = ssl_handshake:init_handshake_history(), renegotiation = {false, first}, @@ -138,14 +139,14 @@ initial_state(Role, Host, Port, Socket, } }. -start_fsm(Role, Host, Port, Socket, {_,_, Tracker} = Opts, - User, {CbModule, _, _, _, _} = CbInfo, - Timeout) -> +start_fsm(Role, Host, Port, Socket, Opts, User, CbInfo, Timeout) -> try - {ok, Pid} = dtls_connection_sup:start_child([Role, Host, Port, Socket, - Opts, User, CbInfo]), - {ok, SslSocket} = ssl_gen_statem:socket_control(?MODULE, Socket, [Pid], CbModule, Tracker), - ssl_gen_statem:handshake(SslSocket, Timeout) + {ok, Pid} = dtls_connection_sup:start_child([Role, Host, Port, Socket, + Opts, User, CbInfo]), + receive {Pid, user_socket, SslSocket} -> + {ok, SslSocket} = ssl_gen_statem:socket_control(SslSocket), + ssl_gen_statem:handshake(SslSocket, Timeout) + end catch error:{badmatch, {error, _} = Error} -> Error @@ -744,9 +745,6 @@ pack_packets([P|Rest]=Packets, SoFar, Max, Acc) -> pack_packets([], _, _, Acc) -> {lists:reverse(Acc), []}. -socket(Pid, Transport, Socket, _Tracker) -> - dtls_socket:socket(Pid, Transport, Socket, ?MODULE). - setopts(Transport, Socket, Other) -> dtls_socket:setopts(Transport, Socket, Other). diff --git a/lib/ssl/src/dtls_packet_demux.erl b/lib/ssl/src/dtls_packet_demux.erl index 573e7e0f1b8..d0fb24fd3bf 100644 --- a/lib/ssl/src/dtls_packet_demux.erl +++ b/lib/ssl/src/dtls_packet_demux.erl @@ -353,7 +353,7 @@ setup_new_connection(User, From, Client, Msg, #state{dtls_processes = Processes, case dtls_connection_sup:start_child(ConnArgs) of {ok, Pid} -> erlang:monitor(process, Pid), - gen_server:reply(From, {ok, Pid, {Client, Socket}}), + gen_server:reply(From, {ok, Pid}), Pid ! Msg, State#state{dtls_msq_queues = kv_insert(Client, {Pid, queue:new()}, MsgQueues), dtls_processes = kv_insert(Pid, Client, Processes)}; diff --git a/lib/ssl/src/dtls_server_connection.erl b/lib/ssl/src/dtls_server_connection.erl index acbd1107c8b..b3224c53737 100644 --- a/lib/ssl/src/dtls_server_connection.erl +++ b/lib/ssl/src/dtls_server_connection.erl @@ -156,13 +156,15 @@ %%==================================================================== %% Setup %%==================================================================== -init([Role, Host, Port, Socket, Options, User, CbInfo]) -> +init([Role, Tab, Host, Port, Socket, Options, User, CbInfo]) -> process_flag(trap_exit, true), - State0 = dtls_gen_connection:initial_state(Role, Host, Port, Socket, + State0 = dtls_gen_connection:initial_state(Role, Tab, Host, Port, Socket, Options, User, CbInfo), + #state{static_env = #static_env{user_socket = UserSocket}} = State0, + User ! {self(), user_socket, UserSocket}, try State = ssl_gen_statem:init_ssl_config(State0#state.ssl_options, - Role, State0), + Role, State0), gen_statem:enter_loop(?MODULE, [], initial_hello, State) catch throw:Error -> diff --git a/lib/ssl/src/dtls_socket.erl b/lib/ssl/src/dtls_socket.erl index c2f8d240920..02ef6cea3c0 100644 --- a/lib/ssl/src/dtls_socket.erl +++ b/lib/ssl/src/dtls_socket.erl @@ -27,7 +27,7 @@ listen/2, accept/3, connect/4, - socket/4, + socket/5, setopts/3, getopts/3, getstat/3, @@ -69,12 +69,13 @@ listen(Port, #config{inet_ssl = SockOpts, Error end. -accept({Listener,_}, #config{transport_info = Info, - connection_cb = ConnectionCb}, _Timeout) -> - Transport = element(1, Info), +accept({Listener,_}, #config{}, _Timeout) -> case dtls_packet_demux:accept(Listener, self()) of - {ok, Pid, Socket} -> - {ok, socket([Pid], Transport, {Listener, Socket}, ConnectionCb)}; + {ok, Pid} -> + receive + {Pid, user_socket, UserSocket} -> + {ok, UserSocket} + end; {error, Reason} -> {error, Reason} end. @@ -83,7 +84,9 @@ connect(Address, Port, #config{transport_info = {Transport, _, _, _, _} = CbInfo connection_cb = ConnectionCb, ssl = SslOpts, emulated = EmOpts, - inet_ssl = SocketOpts}, Timeout) -> + inet_ssl = SocketOpts, + tab = _Tab + }, Timeout) -> case Transport:open(0, SocketOpts ++ internal_inet_values()) of {ok, Socket} -> ssl_gen_statem:connect(ConnectionCb, Address, Port, {{Address, Port},Socket}, @@ -128,19 +131,23 @@ close(Transport, {_Client, Socket}) -> %% Note that gen_udp:send is not blocking as gen_tcp:send is. %% So normal DTLS can safely have the same connection handler %% as payload sender + socket([Pid], gen_udp = Transport, - PeerAndSock = {{_Host, _Port}, _Socket}, ConnectionCb) -> - #sslsocket{socket_handle = PeerAndSock, - connection_handler = Pid, - payload_sender = Pid, - transport_cb = Transport, - connection_cb = ConnectionCb}; -socket([Pid], Transport, Socket, ConnectionCb) -> + PeerAndSock = {{_Host, _Port}, _Socket}, ConnectionCb, Tab) when Tab =/= undefined -> + #sslsocket{socket_handle = PeerAndSock, + connection_handler = Pid, + payload_sender = Pid, + transport_cb = Transport, + connection_cb = ConnectionCb, + tab = Tab}; +socket([Pid], Transport, Socket, ConnectionCb, Tab) when Tab =/= undefined -> #sslsocket{socket_handle = Socket, connection_handler = Pid, payload_sender = Pid, transport_cb = Transport, - connection_cb = ConnectionCb}. + connection_cb = ConnectionCb, + tab = Tab}. + setopts(_, Socket = #sslsocket{socket_handle = {ListenPid, _}, listener_config = #config{}}, Options) -> SplitOpts = {_, EmOpts} = tls_socket:split_options(Options), @@ -336,6 +343,7 @@ create_dtls_socket(#config{emulated = EmOpts} = Config, Listener, Port) -> Socket = #sslsocket{ socket_handle = {Listener, Port}, - listener_config = Config}, + listener_config = Config, + tab = dtls_listen}, check_active_n(EmOpts, Socket), Socket. diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 7043c040b1a..1326e6b111f 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -2551,9 +2551,19 @@ closed. send(#sslsocket{payload_sender = Sender, connection_cb = dtls_gen_connection}, Data) when is_pid(Sender) -> ssl_gen_statem:send(Sender, Data); -send(#sslsocket{payload_sender = Sender, - connection_cb = tls_gen_connection}, Data) when is_pid(Sender) -> - tls_sender:send_data(Sender, erlang:iolist_to_iovec(Data)); +send(#sslsocket{payload_sender = Sender, tab = Tab, + connection_cb = tls_gen_connection}, Data0) when is_pid(Sender) -> + try + Packet = ets:lookup_element(Tab, {socket_options, packet}, 2), + case encode_packet(Packet, Data0) of + {error, _} = Error -> + Error; + Data -> + tls_sender:send_data(Sender, erlang:iolist_to_iovec(Data)) + end + catch error:badarg -> + {error, closed} + end; send(#sslsocket{listener_config = #config{connection_cb = dtls_gen_connection}}, _) -> {error,enotconn}; %% Emulate connection behaviour send(#sslsocket{socket_handle = ListenSocket, @@ -3130,31 +3140,21 @@ getopts(#sslsocket{}, OptionTags) -> SslSocket :: sslsocket(), Options :: [gen_tcp:option()]. %%-------------------------------------------------------------------- -setopts(#sslsocket{connection_handler = Controller}, [{active, _}] = Active) when is_pid(Controller) -> +setopts(#sslsocket{connection_handler = Controller}, [{active, _}] = Active) + when is_pid(Controller) -> ssl_gen_statem:set_opts(Controller, Active); -setopts(#sslsocket{connection_handler = Controller, payload_sender = Sender, - connection_cb = tls_gen_connection}, Options0) when is_pid(Controller), is_list(Options0) -> - try proplists:expand([{binary, [{mode, binary}]}, - {list, [{mode, list}]}], Options0) of +setopts(#sslsocket{connection_handler = Controller, connection_cb = tls_gen_connection}, Options0) + when is_pid(Controller), is_list(Options0) -> + try proplists:expand([{binary, [{mode, binary}]}, {list, [{mode, list}]}], Options0) of Options -> - case proplists:get_value(packet, Options, undefined) of - undefined -> - ssl_gen_statem:set_opts(Controller, Options); - PacketOpt -> - case tls_sender:setopts(Sender, [{packet, PacketOpt}]) of - ok -> - ssl_gen_statem:set_opts(Controller, Options); - Error -> - Error - end - end + ssl_gen_statem:set_opts(Controller, Options) catch _:_ -> {error, {options, {not_a_proplist, Options0}}} end; -setopts(#sslsocket{connection_handler = Controller}, Options0) when is_pid(Controller), is_list(Options0) -> - try proplists:expand([{binary, [{mode, binary}]}, - {list, [{mode, list}]}], Options0) of +setopts(#sslsocket{connection_handler = Controller}, Options0) + when is_pid(Controller), is_list(Options0) -> + try proplists:expand([{binary, [{mode, binary}]}, {list, [{mode, list}]}], Options0) of Options -> ssl_gen_statem:set_opts(Controller, Options) catch @@ -5229,6 +5229,20 @@ unambiguous_path(Value) -> end, validate_filename(UP, cacertfile). +-compile({inline, encode_packet/2}). +encode_packet(Packet, Data) -> + Len = iolist_size(Data), + case Packet of + 1 when Len < (1 bsl 8) -> [<>|Data]; + 2 when Len < (1 bsl 16) -> [<>|Data]; + 4 when Len < (1 bsl 32) -> [<>|Data]; + N when N =:= 1; N =:= 2; N =:= 4 -> + {error, + {badarg, {packet_to_large, Len, (1 bsl (Packet bsl 3)) - 1}}}; + _ -> + Data + end. + %%%################################################################ %%%# %%%# Tracing diff --git a/lib/ssl/src/ssl_api.hrl b/lib/ssl/src/ssl_api.hrl index 4f243a9232b..ded6dcea1be 100644 --- a/lib/ssl/src/ssl_api.hrl +++ b/lib/ssl/src/ssl_api.hrl @@ -28,6 +28,7 @@ payload_sender, %% pid() transport_cb, %% ssl:transport_option() connection_cb, %% :: tls_gen_connection | dtls_gen_connection + tab, %% ets table listener_config %% :: #config{} (listen socket) | [pid()] list of trackers }). diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl index 3e431dcc604..52ee227657c 100644 --- a/lib/ssl/src/ssl_connection.hrl +++ b/lib/ssl/src/ssl_connection.hrl @@ -31,11 +31,13 @@ -include("ssl_handshake.hrl"). -include("ssl_srp.hrl"). -include("ssl_cipher.hrl"). +-include("ssl_api.hrl"). -include("ssl_alert.hrl"). -include_lib("public_key/include/public_key.hrl"). -record(static_env, { role :: client | server, + user_socket :: #sslsocket{}, transport_cb :: atom(), % callback module protocol_cb :: tls_gen_connection | dtls_gen_connection, data_tag :: atom(), % ex tcp. @@ -126,6 +128,7 @@ }). -record(state, { + tab :: ets:table(), static_env :: #static_env{}, connection_env :: #connection_env{} | ssl_gen_statem:secret_printout(), ssl_options :: ssl_options(), diff --git a/lib/ssl/src/ssl_gen_statem.erl b/lib/ssl/src/ssl_gen_statem.erl index d269db8f588..060b202092b 100644 --- a/lib/ssl/src/ssl_gen_statem.erl +++ b/lib/ssl/src/ssl_gen_statem.erl @@ -49,8 +49,7 @@ handshake_continue/3, handshake_cancel/1, handle_sni_extension/2, - socket_control/4, - socket_control/5, + socket_control/1, prepare_connection/2]). %% User Events @@ -141,7 +140,7 @@ start_link(Role, Host, Port, Socket, {SslOpts, _, _} = Options, User, CbInfo) -> -spec init(list()) -> no_return(). %% Description: Initialization %%-------------------------------------------------------------------- -init([Role, _Sender, Host, Port, _Socket, {TLSOpts, _, _}, _User, _CbInfo] = InitArgs) -> +init([Role, Sender |[Host, Port, _Socket, {TLSOpts, _, _}, _User, _CbInfo] = InitArgs]) -> process_flag(trap_exit, true), case maps:get(erl_dist, TLSOpts, false) of @@ -149,36 +148,38 @@ init([Role, _Sender, Host, Port, _Socket, {TLSOpts, _, _}, _User, _CbInfo] = In process_flag(priority, max); _ -> ok - end, - + end, + init_label(Role, Host, Port, TLSOpts), + Tab = ets:new(tls_socket, []), - case Role of + case Role of ?CLIENT_ROLE -> case TLSOpts of #{versions := [?TLS_1_3]} -> - tls_client_connection_1_3:init(InitArgs); + tls_client_connection_1_3:init([Role, Sender, Tab|InitArgs]); _ -> - tls_client_connection:init(InitArgs) - end; + tls_client_connection:init([Role, Sender, Tab | InitArgs]) + end; ?SERVER_ROLE -> case TLSOpts of #{versions := [?TLS_1_3]} -> - tls_server_connection_1_3:init(InitArgs); + tls_server_connection_1_3:init([Role, Sender, Tab|InitArgs]); _ -> - tls_server_connection:init(InitArgs) - end + tls_server_connection:init([Role, Sender, Tab|InitArgs]) + end end; -init([Role, Host, Port, _Socket, {DTLSOpts,_,_}, _User, _CbInfo] = InitArgs) -> +init([Role | [Host, Port, _Socket, {DTLSOpts,_,_}, _User, _CbInfo] = InitArgs]) -> process_flag(trap_exit, true), init_label(Role, Host, Port, DTLSOpts), + Tab = ets:new(tls_socket, []), case Role of ?CLIENT_ROLE -> - dtls_client_connection:init(InitArgs); + dtls_client_connection:init([Role, Tab|InitArgs]); ?SERVER_ROLE -> - dtls_server_connection:init(InitArgs) + dtls_server_connection:init([Role, Tab|InitArgs]) end. init_label(?CLIENT_ROLE = Role, Host, _, Options) -> @@ -361,37 +362,33 @@ handshake_cancel(#sslsocket{connection_handler = Pid}) -> Error end. %-------------------------------------------------------------------- --spec socket_control(tls_gen_connection | dtls_gen_connection, port(), [pid()], atom()) -> - {ok, #sslsocket{}} | {error, ssl:reason()}. -%% -%% Description: Set the ssl process to own the accept socket -%%-------------------------------------------------------------------- -socket_control(Connection, Socket, Pid, Transport) -> - socket_control(Connection, Socket, Pid, Transport, undefined). -%-------------------------------------------------------------------- --spec socket_control(tls_gen_connection | dtls_gen_connection, port(), [pid()], atom(), [pid()] | atom()) -> - {ok, #sslsocket{}} | {error, ssl:reason()}. -%%-------------------------------------------------------------------- -socket_control(dtls_gen_connection, Socket, Pids, Transport, udp_listener) -> - %% dtls listener process must have the socket control - {ok, dtls_gen_connection:socket(Pids, Transport, Socket, undefined)}; +-spec socket_control(#sslsocket{}) -> + {ok, #sslsocket{}} | {error, ssl:reason()}. -socket_control(tls_gen_connection, Socket, [Pid|_] = Pids, Transport, Trackers) -> +socket_control(#sslsocket{connection_cb = dtls_gen_connection, + listener_config = Config} = SslSocket) + when Config =/= undefined -> + %% dtls listener process must have the socket control + {ok, SslSocket}; +socket_control(#sslsocket{connection_cb = dtls_gen_connection, + transport_cb = Transport, + socket_handle = {_, Socket}, + connection_handler = Pid} = SslSocket) -> case Transport:controlling_process(Socket, Pid) of - ok -> - {ok, tls_gen_connection:socket(Pids, Transport, Socket, Trackers)}; - {error, Reason} -> - {error, Reason} + ok -> + {ok, SslSocket}; + {error, Reason} -> + {error, Reason} end; -socket_control(dtls_gen_connection, {PeerAddrPort, Socket}, - [Pid|_] = Pids, Transport, Trackers) -> +socket_control(#sslsocket{transport_cb = Transport, + socket_handle = Socket, + connection_handler = Pid} = SslSocket) -> case Transport:controlling_process(Socket, Pid) of - ok -> - {ok, dtls_gen_connection:socket(Pids, Transport, {PeerAddrPort, Socket}, - Trackers)}; - {error, Reason} -> - {error, Reason} + ok -> + {ok, SslSocket}; + {error, Reason} -> + {error, Reason} end. prepare_connection(#state{handshake_env = #handshake_env{renegotiation = Renegotiate}, @@ -598,14 +595,11 @@ connection({call, From}, negotiated_protocol, connection({call, From}, {close,{_NewController, _Timeout}}, #state{static_env = #static_env{role = Role, - socket = Socket, - trackers = Trackers, - transport_cb = Transport, + user_socket = UserSocket, protocol_cb = Connection}, connection_env = #connection_env{socket_tls_closed = #alert{} = Alert} } = State) -> - Pids = Connection:pids(State), - alert_user(Pids, Transport, Trackers, Socket, From, Alert, Role, ?STATE(connection), Connection), + alert_user(UserSocket, From, Alert, Role, ?STATE(connection), Connection), {stop, {shutdown, normal}, State}; connection({call, From}, {close,{NewController, Timeout}}, @@ -842,21 +836,19 @@ handle_call({get_opts, OptTags}, From, _, OptsReply = get_socket_opts(Connection, Transport, Socket, OptTags, SockOpts, []), {keep_state_and_data, [{reply, From, OptsReply}]}; handle_call({set_opts, Opts0}, From, StateName, - #state{static_env = #static_env{protocol_cb = Connection, + #state{static_env = #static_env{user_socket = UserSocket, + protocol_cb = Connection, socket = Socket, - transport_cb = Transport, - trackers = Trackers}, + transport_cb = Transport}, connection_env = #connection_env{user_application = {_Mon, Pid}}, - socket_options = Opts1 + socket_options = Opts1, + tab = Tab } = State0) -> - {Reply, Opts} = set_socket_opts(Connection, Transport, Socket, Opts0, Opts1, []), + {Reply, Opts} = set_socket_opts(Connection, Transport, Socket, Tab, Opts0, Opts1, []), case {proplists:lookup(active, Opts0), Opts} of {{_, N}, #socket_options{active=false}} when is_integer(N) -> - send_user( - Pid, - format_passive( - Connection:pids(State0), Transport, Socket, Trackers, Connection)); + send_user(Pid,{ssl_passive,UserSocket}); _ -> ok end, @@ -874,9 +866,8 @@ handle_info({ErrorTag, Socket, econnaborted}, StateName, host = Host, port = Port, socket = Socket, - transport_cb = Transport, + user_socket = UserSocket, error_tag = ErrorTag, - trackers = Trackers, protocol_cb = Connection}, handshake_env = #handshake_env{renegotiation = Type}, connection_env = #connection_env{negotiated_version = Version}, @@ -884,9 +875,7 @@ handle_info({ErrorTag, Socket, econnaborted}, StateName, recv = #recv{from = StartFrom} } = State) when StateName =/= connection -> maybe_invalidate_session(Version, Type, Role, Host, Port, Session), - Pids = Connection:pids(State), - alert_user(Pids, Transport, Trackers, Socket, - StartFrom, ?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), Role, StateName, Connection), + alert_user(UserSocket, StartFrom, ?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), Role, StateName, Connection), {stop, {shutdown, normal}, State}; handle_info({ErrorTag, Socket, Reason}, StateName, #state{static_env = #static_env{ @@ -968,15 +957,12 @@ read_application_data(Data, end. passive_receive(#state{static_env = #static_env{role = Role, - socket = Socket, - trackers = Trackers, - transport_cb = Transport, + user_socket = UserSocket, protocol_cb = Connection}, recv = #recv{from = RecvFrom}, connection_env = #connection_env{socket_tls_closed = #alert{} = Alert}} = State, StateName, _) -> - Pids = Connection:pids(State), - alert_user(Pids, Transport, Trackers, Socket, RecvFrom, Alert, Role, StateName, Connection), + alert_user(UserSocket, RecvFrom, Alert, Role, StateName, Connection), {stop, {shutdown, normal}, State}; passive_receive(#state{user_data_buffer = {Front,BufferSize,Rear}, %% Assert! Erl distribution uses active sockets @@ -1038,29 +1024,25 @@ handle_own_alert(Alert0, StateName, end, {stop, {shutdown, own_alert}, State}. -handle_normal_shutdown(Alert, StateName, #state{static_env = #static_env{role = Role, - socket = Socket, - transport_cb = Transport, - protocol_cb = Connection, - trackers = Trackers}, - handshake_env = #handshake_env{renegotiation = {false, first}}, - recv = #recv{from = StartFrom} - } = State) -> - Pids = Connection:pids(State), - alert_user(Pids, Transport, Trackers, Socket, StartFrom, Alert, Role, StateName, Connection); - -handle_normal_shutdown(Alert, StateName, #state{static_env = #static_env{role = Role, - socket = Socket, - transport_cb = Transport, - protocol_cb = Connection, - trackers = Trackers}, - connection_env = #connection_env{user_application = {_Mon, Pid}}, - handshake_env = #handshake_env{renegotiation = Type}, - socket_options = Opts, - recv = #recv{from = RecvFrom} - } = State) -> - Pids = Connection:pids(State), - alert_user(Pids, Transport, Trackers, Socket, Type, Opts, Pid, RecvFrom, Alert, Role, StateName, Connection). +handle_normal_shutdown(Alert, StateName, + #state{static_env = #static_env{role = Role, + user_socket = UserSocket, + protocol_cb = Connection}, + handshake_env = #handshake_env{renegotiation = {false, first}}, + recv = #recv{from = StartFrom} + }) -> + alert_user(UserSocket, StartFrom, Alert, Role, StateName, Connection); + +handle_normal_shutdown(Alert, StateName, + #state{static_env = #static_env{role = Role, + user_socket = UserSocket, + protocol_cb = Connection}, + connection_env = #connection_env{user_application = {_Mon, Pid}}, + handshake_env = #handshake_env{renegotiation = Type}, + socket_options = Opts, + recv = #recv{from = RecvFrom} + }) -> + alert_user(UserSocket, Type, Opts, Pid, RecvFrom, Alert, Role, StateName, Connection). handle_alert(#alert{level = ?FATAL} = Alert, StateName, State) -> handle_fatal_alert(Alert, StateName, State); @@ -1159,11 +1141,9 @@ handle_alert(Alert, StateName, State) -> handle_fatal_alert(Alert0, StateName, #state{static_env = #static_env{role = Role, - socket = Socket, + user_socket = UserSocket, host = Host, port = Port, - trackers = Trackers, - transport_cb = Transport, protocol_cb = Connection}, connection_env = #connection_env{user_application = {_Mon, Pid}}, ssl_options = #{log_level := LogLevel}, @@ -1174,8 +1154,7 @@ handle_fatal_alert(Alert0, StateName, Alert = Alert0#alert{role = opposite_role(Role)}, log_alert(LogLevel, Role, Connection:protocol_name(), StateName, Alert), - Pids = Connection:pids(State), - alert_user(Pids, Transport, Trackers, Socket, StateName, Opts, Pid, From, Alert, Role, StateName, Connection), + alert_user(UserSocket, StateName, Opts, Pid, From, Alert, Role, StateName, Connection), {stop, {shutdown, normal}, State}. handle_trusted_certs_db(#state{ssl_options =#{cacerts := []} = Opts}) @@ -1419,15 +1398,12 @@ handle_active_option(_, connection = StateName, To, Reply, {stop_and_reply,{shutdown, peer_close}, [{reply, To, Reply}]}; handle_active_option(_, connection = StateName, To, _Reply, #state{static_env = #static_env{role = Role, - socket = Socket, - trackers = Trackers, - transport_cb = Transport, + user_socket = UserSocket, protocol_cb = Connection}, connection_env = #connection_env{socket_tls_closed = Alert = #alert{}}, user_data_buffer = {_,0,_}} = State) -> - Pids = Connection:pids(State), - alert_user(Pids, Transport, Trackers, Socket, To, Alert, Role, StateName, Connection), + alert_user(UserSocket, To, Alert, Role, StateName, Connection), {stop, {shutdown, normal}, State}; handle_active_option(_, connection = StateName0, To, Reply, #state{static_env = #static_env{protocol_cb = Connection}, @@ -1532,18 +1508,10 @@ read_application_data_bin(State, Front0, BufferSize0, Rear0, SocketOpts0, RecvFr {error,_Reason} -> %% Invalid packet in packet mode #state{ - static_env = - #static_env{ - socket = Socket, - protocol_cb = Connection, - transport_cb = Transport, - trackers = Trackers}, - connection_env = - #connection_env{user_application = {_Mon, Pid}}} = State, + static_env = #static_env{user_socket = UserSocket}, + connection_env = #connection_env{user_application = {_Mon, Pid}}} = State, Buffer = iolist_to_binary([Bin0,Front0|lists:reverse(Rear0)]), - deliver_packet_error( - Connection:pids(State), Transport, Socket, SocketOpts0, - Buffer, Pid, RecvFrom, Trackers, Connection), + deliver_packet_error(UserSocket, SocketOpts0, Buffer, Pid, RecvFrom), {stop, {shutdown, normal}, State#state{socket_options = SocketOpts0, recv = State#state.recv#recv{from = RecvFrom, @@ -1553,17 +1521,9 @@ read_application_data_bin(State, Front0, BufferSize0, Rear0, SocketOpts0, RecvFr read_application_data_deliver(State, Front, BufferSize, Rear, SocketOpts0, RecvFrom, Data) -> #state{ - static_env = - #static_env{ - socket = Socket, - protocol_cb = Connection, - transport_cb = Transport, - trackers = Trackers}, - connection_env = - #connection_env{user_application = {_Mon, Pid}}} = State, - SocketOpts = - deliver_app_data( - Connection:pids(State), Transport, Socket, SocketOpts0, Data, Pid, RecvFrom, Trackers, Connection), + static_env = #static_env{user_socket = UserSocket}, + connection_env = #connection_env{user_application = {_Mon, Pid}}} = State, + SocketOpts = deliver_app_data(UserSocket, SocketOpts0, Data, Pid, RecvFrom), if SocketOpts#socket_options.active =:= false -> %% Passive mode, wait for active once or recv @@ -1751,12 +1711,10 @@ decode_packet(Type, Buffer, PacketOpts) -> %% Note that if the user has explicitly configured the socket to expect %% HTTP headers using the {packet, httph} option, we don't do any automatic %% switching of states. -deliver_app_data(CPids, Transport, Socket, - #socket_options{active=Active, packet=Type} = SOpts, - Data, Pid, From, Trackers, Connection) -> +deliver_app_data(UserSocket, #socket_options{active=Active, packet=Type} = SOpts, + Data, Pid, From) -> send_or_reply(Active, Pid, From, - format_reply(CPids, Transport, Socket, - SOpts, Data, Trackers, Connection)), + format_reply(UserSocket, SOpts, Data)), SO = case Data of {P, _, _, _} @@ -1774,9 +1732,7 @@ deliver_app_data(CPids, Transport, Socket, once -> SO#socket_options{active=false}; 1 -> - send_user(Pid, - format_passive(CPids, Transport, - Socket, Trackers, Connection)), + send_user(Pid, {ssl_passive, UserSocket}), SO#socket_options{active=false}; N when is_integer(N) -> SO#socket_options{active=N - 1}; @@ -1784,24 +1740,20 @@ deliver_app_data(CPids, Transport, Socket, SO end. -format_reply(_, _, _,#socket_options{active = false, mode = Mode, packet = Packet, - header = Header}, Data, _, _) -> +format_reply(_UserSocket, #socket_options{active = false, mode = Mode, packet = Packet, + header = Header}, Data) -> {ok, do_format_reply(Mode, Packet, Header, Data)}; -format_reply(CPids, Transport, Socket, #socket_options{active = _, mode = Mode, packet = Packet, - header = Header}, Data, Trackers, Connection) -> - {ssl, Connection:socket(CPids, Transport, Socket, Trackers), - do_format_reply(Mode, Packet, Header, Data)}. +format_reply(UserSocket, #socket_options{active = _, mode = Mode, packet = Packet, header = Header}, + Data) -> + {ssl, UserSocket, do_format_reply(Mode, Packet, Header, Data)}. -deliver_packet_error(CPids, Transport, Socket, - SO= #socket_options{active = Active}, Data, Pid, From, Trackers, Connection) -> - send_or_reply(Active, Pid, From, format_packet_error(CPids, - Transport, Socket, SO, Data, Trackers, Connection)). +deliver_packet_error(UserSocket, SO= #socket_options{active = Active}, Data, Pid, From) -> + send_or_reply(Active, Pid, From, format_packet_error(UserSocket, SO, Data)). -format_packet_error(_, _, _,#socket_options{active = false, mode = Mode}, Data, _, _) -> +format_packet_error(_, #socket_options{active = false, mode = Mode}, Data) -> {error, {invalid_packet, do_format_reply(Mode, raw, 0, Data)}}; -format_packet_error(CPids, Transport, Socket, #socket_options{active = _, mode = Mode}, - Data, Trackers, Connection) -> - {ssl_error, Connection:socket(CPids, Transport, Socket, Trackers), +format_packet_error(UserSocket, #socket_options{active = _, mode = Mode}, Data) -> + {ssl_error, UserSocket, {invalid_packet, do_format_reply(Mode, raw, 0, Data)}}. do_format_reply(binary, _, N, Data) when N > 0 -> % Header mode @@ -1816,9 +1768,6 @@ do_format_reply(list, Packet, _, Data) do_format_reply(list, _,_, Data) -> binary_to_list(Data). -format_passive(CPids, Transport, Socket, Trackers, Connection) -> - {ssl_passive, Connection:socket(CPids, Transport, Socket, Trackers)}. - header(0, <<>>) -> <<>>; header(_, <<>>) -> @@ -1842,30 +1791,29 @@ send_user(Pid, Msg) -> Pid ! Msg, ok. -alert_user(Pids, Transport, Trackers, Socket, _, Opts, Pid, From, Alert, Role, connection = StateName, Connection) -> - alert_user(Pids, Transport, Trackers, Socket, Opts#socket_options.active, Pid, From, Alert, Role, StateName, Connection); -alert_user(Pids, Transport, Trackers, Socket, {true, internal}, Opts, Pid, From, Alert, Role, StateName, Connection) -> - alert_user(Pids, Transport, Trackers, Socket, Opts#socket_options.active, Pid, From, Alert, Role, StateName, Connection); -alert_user(Pids, Transport, Trackers, Socket, _, _, _, From, Alert, Role, StateName, Connection) -> - alert_user(Pids, Transport, Trackers, Socket, From, Alert, Role, StateName, Connection). +alert_user(UserSocket, _, Opts, Pid, From, Alert, Role, connection = StateName, Connection) -> + alert_user(UserSocket, Opts#socket_options.active, Pid, From, Alert, Role, StateName, Connection); +alert_user(UserSocket, {true, internal}, Opts, Pid, From, Alert, Role, StateName, Connection) -> + alert_user(UserSocket, Opts#socket_options.active, Pid, From, Alert, Role, StateName, Connection); +alert_user(UserSocket, _, _, _, From, Alert, Role, StateName, Connection) -> + alert_user(UserSocket, From, Alert, Role, StateName, Connection). -alert_user(Pids, Transport, Trackers, Socket, From, Alert, Role, StateName, Connection) -> - alert_user(Pids, Transport, Trackers, Socket, false, no_pid, From, Alert, Role, StateName, Connection). +alert_user(UserSocket, From, Alert, Role, StateName, Connection) -> + alert_user(UserSocket, false, no_pid, From, Alert, Role, StateName, Connection). -alert_user(_, _, _, _, false = Active, Pid, From, Alert, Role, StateName, Connection) when From =/= undefined -> +alert_user(_UserSocket, false = Active, Pid, From, Alert, Role, StateName, Connection) + when From =/= undefined -> %% If there is an outstanding handshake | recv %% From will be defined and send_or_reply will %% send the appropriate error message. ReasonCode = ssl_alert:reason_code(Alert, Role, Connection:protocol_name(), StateName), send_or_reply(Active, Pid, From, {error, ReasonCode}); -alert_user(Pids, Transport, Trackers, Socket, Active, Pid, From, Alert, Role, StateName, Connection) -> +alert_user(UserSocket, Active, Pid, From, Alert, Role, StateName, Connection) -> case ssl_alert:reason_code(Alert, Role, Connection:protocol_name(), StateName) of closed -> - send_or_reply(Active, Pid, From, - {ssl_closed, Connection:socket(Pids, Transport, Socket, Trackers)}); + send_or_reply(Active, Pid, From, {ssl_closed, UserSocket}); ReasonCode -> - send_or_reply(Active, Pid, From, - {ssl_error, Connection:socket(Pids, Transport, Socket, Trackers), ReasonCode}) + send_or_reply(Active, Pid, From, {ssl_error, UserSocket, ReasonCode}) end. log_alert(Level, Role, ProtocolName, StateName, #alert{role = Role} = Alert) -> @@ -1976,7 +1924,7 @@ security_info(#state{connection_states = ConnectionStates, server_handshake_traffic_secret := ServerHSTrafficSecret} -> [{client_handshake_traffic_secret, ClientHSTrafficSecret}, {server_handshake_traffic_secret, ServerHSTrafficSecret}]; - _ -> + _ -> [] end ++ BaseSecurityInfo end. @@ -2019,9 +1967,9 @@ get_socket_opts(Connection, Transport, Socket, [Tag | Tags], SockOpts, Acc) -> get_socket_opts(_,_, _,Opts, _,_) -> {error, {options, {socket_options, Opts, function_clause}}}. -set_socket_opts(_,_,_, [], SockOpts, []) -> +set_socket_opts(_,_,_, _Tab, [], SockOpts, []) -> {ok, SockOpts}; -set_socket_opts(ConnectionCb, Transport, Socket, [], SockOpts, Other) -> +set_socket_opts(ConnectionCb, Transport, Socket, _Tab, [], SockOpts, Other) -> %% Set non emulated options try ConnectionCb:setopts(Transport, Socket, Other) of ok -> @@ -2034,11 +1982,11 @@ set_socket_opts(ConnectionCb, Transport, Socket, [], SockOpts, Other) -> {{error, {options, {socket_options, Other, Error}}}, SockOpts} end; -set_socket_opts(ConnectionCb, Transport, Socket, [{active, Active}| Opts], SockOpts, Other) +set_socket_opts(ConnectionCb, Transport, Socket, Tab, [{active, Active}| Opts], SockOpts, Other) when Active == once; Active == true; Active == false -> - set_socket_opts(ConnectionCb, Transport, Socket, Opts, + set_socket_opts(ConnectionCb, Transport, Socket, Tab, Opts, SockOpts#socket_options{active = Active}, Other); -set_socket_opts(ConnectionCb, Transport, Socket, [{active, Active1} = Opt| Opts], +set_socket_opts(ConnectionCb, Transport, Socket, Tab, [{active, Active1} = Opt| Opts], SockOpts=#socket_options{active = Active0}, Other) when Active1 >= -32768, Active1 =< 32767 -> Active = if @@ -2059,19 +2007,19 @@ set_socket_opts(ConnectionCb, Transport, Socket, [{active, Active1} = Opt| Opts] error -> {{error, {options, {socket_options, Opt}} }, SockOpts}; _ -> - set_socket_opts(ConnectionCb, Transport, Socket, Opts, + set_socket_opts(ConnectionCb, Transport, Socket, Tab, Opts, SockOpts#socket_options{active = Active}, Other) end; -set_socket_opts(_,_, _, [{active, _} = Opt| _], SockOpts, _) -> +set_socket_opts(_,_, _, _Tab, [{active, _} = Opt| _], SockOpts, _) -> {{error, {options, {socket_options, Opt}} }, SockOpts}; -set_socket_opts(ConnectionCb, Transport,Socket, [{mode, Mode}| Opts], SockOpts, Other) +set_socket_opts(ConnectionCb, Transport, Socket, Tab, [{mode, Mode}| Opts], SockOpts, Other) when Mode == list; Mode == binary -> - set_socket_opts(ConnectionCb, Transport, Socket, Opts, + set_socket_opts(ConnectionCb, Transport, Socket, Tab, Opts, SockOpts#socket_options{mode = Mode}, Other); -set_socket_opts(_, _, _, [{mode, _} = Opt| _], SockOpts, _) -> +set_socket_opts(_, _, _, _Tab, [{mode, _} = Opt| _], SockOpts, _) -> {{error, {options, {socket_options, Opt}}}, SockOpts}; -set_socket_opts(ConnectionCb, Transport,Socket, [{packet, Packet}| Opts], SockOpts, Other) +set_socket_opts(tls_gen_connection, Transport, Socket, Tab, [{packet, Packet}| Opts], SockOpts, Other) when Packet == raw; Packet == 0; Packet == 1; @@ -2087,30 +2035,30 @@ set_socket_opts(ConnectionCb, Transport,Socket, [{packet, Packet}| Opts], SockOp Packet == httph; Packet == http_bin; Packet == httph_bin -> - set_socket_opts(ConnectionCb, Transport, Socket, Opts, + true = ets:insert(Tab, {{socket_options, packet}, Packet}), + set_socket_opts(tls_gen_connection, Transport, Socket, Tab, Opts, SockOpts#socket_options{packet = Packet}, Other); -set_socket_opts(_, _, _, [{packet, _} = Opt| _], SockOpts, _) -> +set_socket_opts(_, _, _, _Tab, [{packet, _} = Opt| _], SockOpts, _) -> {{error, {options, {socket_options, Opt}}}, SockOpts}; -set_socket_opts(ConnectionCb, Transport, Socket, [{header, Header}| Opts], SockOpts, Other) +set_socket_opts(tls_gen_connection, Transport, Socket, Tab, [{header, Header}| Opts], SockOpts, Other) when is_integer(Header) -> - set_socket_opts(ConnectionCb, Transport, Socket, Opts, + set_socket_opts(tls_gen_connection, Transport, Socket, Tab, Opts, SockOpts#socket_options{header = Header}, Other); -set_socket_opts(_, _, _, [{header, _} = Opt| _], SockOpts, _) -> +set_socket_opts(_, _, _, _Tab, [{header, _} = Opt| _], SockOpts, _) -> {{error,{options, {socket_options, Opt}}}, SockOpts}; -set_socket_opts(ConnectionCb, Transport,Socket, [{packet_size, Size}| Opts], SockOpts, Other) when is_integer(Size) -> - set_socket_opts(ConnectionCb, Transport, Socket, Opts, - SockOpts#socket_options{packet_size = Size}, Other); -set_socket_opts(_,_, _, [{packet_size, _} = Opt| _], SockOpts, _) -> +set_socket_opts(tls_gen_connection, Transport,Socket, Tab, [{packet_size, Size}| Opts], SockOpts, Other) + when is_integer(Size) -> + set_socket_opts(tls_gen_connection, Transport, Socket, Tab, Opts, + SockOpts#socket_options{packet_size = Size}, Other); +set_socket_opts(_,_, _, _Tab, [{packet_size, _} = Opt| _], SockOpts, _) -> {{error, {options, {socket_options, Opt}} }, SockOpts}; -set_socket_opts(ConnectionCb, Transport, Socket, [Opt | Opts], SockOpts, Other) -> - set_socket_opts(ConnectionCb, Transport, Socket, Opts, SockOpts, [Opt | Other]). +set_socket_opts(ConnectionCb, Transport, Socket, Tab, [Opt | Opts], SockOpts, Other) -> + set_socket_opts(ConnectionCb, Transport, Socket, Tab, Opts, SockOpts, [Opt | Other]). ssl_options_list(SslOptions) -> L = maps:to_list(SslOptions), ssl_options_list(L, []). - - ssl_options_list([], Acc) -> lists:reverse(Acc); %% Skip internal options, only return user options @@ -2124,14 +2072,14 @@ ssl_options_list([{max_fragment_length, _}|T], Acc) -> %% skip max_fragment_length from options since it is taken above from connection_states ssl_options_list(T, Acc); ssl_options_list([{ciphers = Key, Value}|T], Acc) -> - ssl_options_list(T, - [{Key, lists:map( - fun(Suite) -> - ssl_cipher_format:suite_bin_to_map(Suite) - end, Value)} + ssl_options_list(T, + [{Key, lists:map( + fun(Suite) -> + ssl_cipher_format:suite_bin_to_map(Suite) + end, Value)} | Acc]); ssl_options_list([{Key, Value}|T], Acc) -> - ssl_options_list(T, [{Key, Value} | Acc]). + ssl_options_list(T, [{Key, Value} | Acc]). %% Maybe add NSS keylog info according to %% https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format @@ -2176,7 +2124,7 @@ maybe_add_keylog({_, 'tlsv1.3'}, Info) -> {client_early_data_secret, EarlySecret} -> ClientEarlySecret = keylog_secret(EarlySecret, Prf), [io_lib:format("CLIENT_EARLY_TRAFFIC_SECRET ~64.16.0B ", [ClientRandom]) ++ ClientEarlySecret - | Keylog0]; + | Keylog0]; _ -> Keylog0 end, @@ -2213,10 +2161,10 @@ keylog_secret(SecretBin, sha512) -> %%%# Tracing %%%# handle_trace(api, - {call, {?MODULE, connect, [Connection | _]}}, Stack0) -> + {call, {?MODULE, connect, [Connection | _]}}, Stack0) -> {io_lib:format("Connection = ~w", [Connection]), Stack0}; handle_trace(rle, - {call, {?MODULE, init, Args = [[Role | _]]}}, Stack0) -> + {call, {?MODULE, init, Args = [[Role | _]]}}, Stack0) -> {io_lib:format("(*~w) Args = ~W", [Role, Args, 3]), [{role, Role} | Stack0]}; handle_trace(hbn, {call, {?MODULE, hibernate_after, diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl index 8ef2b605283..f75f78289dd 100644 --- a/lib/ssl/src/ssl_internal.hrl +++ b/lib/ssl/src/ssl_internal.hrl @@ -148,11 +148,12 @@ -record(config, {ssl, %% SSL parameters inet_user, %% User set inet options - emulated, %% Emulated option list or - trackers, + emulated, %% Emulated option list or + trackers, inet_ssl, %% inet options for internal ssl socket - transport_info, %% Callback info - connection_cb + transport_info, %% Callback info + connection_cb, + tab }). -type state_name() :: hello | abbreviated | certify | cipher | connection. diff --git a/lib/ssl/src/ssl_logger.erl b/lib/ssl/src/ssl_logger.erl index e65037012c9..ab1bf27b2c3 100644 --- a/lib/ssl/src/ssl_logger.erl +++ b/lib/ssl/src/ssl_logger.erl @@ -47,11 +47,11 @@ log(Level, LogLevel, ReportMap, Meta) -> case logger:compare_levels(LogLevel, Level) of lt -> - logger:log(Level, ReportMap, Meta#{depth => ?DEPTH, - report_cb => fun ?MODULE:format/1}); + logger:log(Level, maps:merge(ReportMap, Meta), + Meta#{depth => ?DEPTH, report_cb => fun ?MODULE:format/1}); eq -> - logger:log(Level, ReportMap, Meta#{depth => ?DEPTH, - report_cb => fun ?MODULE:format/1}); + logger:log(Level, maps:merge(ReportMap, Meta), + Meta#{depth => ?DEPTH, report_cb => fun ?MODULE:format/1}); _ -> ok end. @@ -99,11 +99,15 @@ format(#{alert := Alert, alerter := ignored} = Report) -> %% Happens in DTLS {Fmt, Args} = ssl_alert:own_alert_format(ProtocolName, Role, StateName, Alert), {"~s " ++ Fmt, ["Ignored alert to mitigate DoS attacks", Args]}; +format(#{description := Desc, reason := Reason, file := Mod, line := Line}) -> + {"~12s ~p~n" + "~12s ~p~n" + "~12s ~s:~w~n", + ["Description:", Desc, "Reason:", Reason, "Location:", Mod, Line] + }; format(#{description := Desc, reason := Reason}) -> - {"~12s ~p" - "~n" - "~12s ~p" - "~n", + {"~12s ~p~n" + "~12s ~p~n", ["Description:", Desc, "Reason:", Reason] }. diff --git a/lib/ssl/src/ssl_trace.erl b/lib/ssl/src/ssl_trace.erl index 7d5d951c98d..38650092b17 100644 --- a/lib/ssl/src/ssl_trace.erl +++ b/lib/ssl/src/ssl_trace.erl @@ -432,7 +432,7 @@ trace_profiles() -> {dtls_server_connection, [{initial_hello, 3}]}, {tls_gen_connection, - [{start_connection_tree, 5}, {socket_control, 6}]} + [{start_connection_tree, 5}, {socket_control, 2}]} ]}, {csp, %% OCSP fun(M, F, A) -> dbg:tpl(M, F, A, x) end, diff --git a/lib/ssl/src/tls_client_connection.erl b/lib/ssl/src/tls_client_connection.erl index c99226f78e0..4e3f2172c15 100644 --- a/lib/ssl/src/tls_client_connection.erl +++ b/lib/ssl/src/tls_client_connection.erl @@ -137,9 +137,11 @@ %% Internal application API %%==================================================================== -init([Role, Sender, Host, Port, Socket, Options, User, CbInfo]) -> - State0 = tls_dtls_gen_connection:initial_state(Role, Sender, Host, Port, +init([Role, Sender, Tab, Host, Port, Socket, Options, User, CbInfo]) -> + State0 = tls_dtls_gen_connection:initial_state(Role, Sender, Tab, Host, Port, Socket, Options, User, CbInfo), + #state{static_env = #static_env{user_socket = UserSocket}} = State0, + User ! {self(), user_socket, UserSocket}, try State1 = #state{static_env = #static_env{session_cache = Cache, session_cache_cb = CacheCb diff --git a/lib/ssl/src/tls_client_connection_1_3.erl b/lib/ssl/src/tls_client_connection_1_3.erl index f2d1b9e3623..15aaf155a81 100644 --- a/lib/ssl/src/tls_client_connection_1_3.erl +++ b/lib/ssl/src/tls_client_connection_1_3.erl @@ -113,11 +113,13 @@ callback_mode() -> [state_functions, state_enter]. -init([?CLIENT_ROLE, Sender, Host, Port, Socket, Options, User, CbInfo]) -> +init([?CLIENT_ROLE, Sender, Tab, Host, Port, Socket, Options, User, CbInfo]) -> State0 = #state{protocol_specific = Map} = - tls_gen_connection_1_3:initial_state(?CLIENT_ROLE, Sender, + tls_gen_connection_1_3:initial_state(?CLIENT_ROLE, Sender, Tab, Host, Port, Socket, Options, User, CbInfo), + #state{static_env = #static_env{user_socket = UserSocket}} = State0, + User ! {self(), user_socket, UserSocket}, try State = ssl_gen_statem:init_ssl_config(State0#state.ssl_options, ?CLIENT_ROLE, State0), @@ -901,19 +903,10 @@ maybe_check_early_data_indication(_, State) -> ssl_record:step_encryption_state_write(State). signal_user_early_data(#state{ - connection_env = - #connection_env{ - user_application = {_, User}}, - static_env = - #static_env{ - socket = Socket, - protocol_cb = Connection, - transport_cb = Transport, - trackers = Trackers}} = State, + connection_env = #connection_env{user_application = {_, User}}, + static_env = #static_env{user_socket = UserSocket}}, Result) -> - CPids = Connection:pids(State), - SslSocket = Connection:socket(CPids, Transport, Socket, Trackers), - User ! {ssl, SslSocket, {early_data, Result}}. + User ! {ssl, UserSocket, {early_data, Result}}. maybe_max_fragment_length(Extensions, State) -> ServerMaxFragEnum = maps:get(max_frag_enum, Extensions, undefined), diff --git a/lib/ssl/src/tls_dtls_gen_connection.erl b/lib/ssl/src/tls_dtls_gen_connection.erl index 879544d076f..0db2638ae8f 100644 --- a/lib/ssl/src/tls_dtls_gen_connection.erl +++ b/lib/ssl/src/tls_dtls_gen_connection.erl @@ -46,7 +46,7 @@ is_anonymous/1]). %% Help functions for tls|dtls*_connection.erl --export([initial_state/8, +-export([initial_state/9, negotiated_hashsign/4, finalize_handshake/3, make_premaster_secret/2, @@ -135,7 +135,9 @@ handle_peer_cert_key(_, _, _, State) -> %% Help functions for tls|dtls_connection.erl %%==================================================================== -initial_state(Role, Sender, Host, Port, Socket, {SSLOptions, SocketOptions, Trackers}, User, + +%% Only called by TLS tls_gen_server and tls_gen_client (no dtls) +initial_state(Role, Sender, Tab, Host, Port, Socket, {SSLOptions, SocketOptions, Trackers}, User, {CbModule, DataTag, CloseTag, ErrorTag, PassiveTag}) -> put(log_level, maps:get(log_level, SSLOptions)), %% Use highest supported version for client/server random nonce generation @@ -146,8 +148,14 @@ initial_state(Role, Sender, Host, Port, Socket, {SSLOptions, SocketOptions, Trac BeastMitigation), #{session_cb := SessionCacheCb} = ssl_config:pre_1_3_session_opts(Role), UserMonitor = erlang:monitor(process, User), + + SslSocket = tls_socket:socket([self(),Sender], CbModule, Socket, tls_gen_connection, Tab, Trackers), + + true = ets:insert(Tab, {{socket_options, packet}, SocketOptions#socket_options.packet}), + InitStatEnv = #static_env{ role = Role, + user_socket = SslSocket, transport_cb = CbModule, protocol_cb = tls_gen_connection, data_tag = DataTag, @@ -161,6 +169,7 @@ initial_state(Role, Sender, Host, Port, Socket, {SSLOptions, SocketOptions, Trac trackers = Trackers }, #state{ + tab = Tab, static_env = InitStatEnv, handshake_env = #handshake_env{ tls_handshake_history = ssl_handshake:init_handshake_history(), diff --git a/lib/ssl/src/tls_gen_connection.erl b/lib/ssl/src/tls_gen_connection.erl index d55a941cdd1..ea9760e82db 100644 --- a/lib/ssl/src/tls_gen_connection.erl +++ b/lib/ssl/src/tls_gen_connection.erl @@ -25,14 +25,10 @@ -module(tls_gen_connection). -moduledoc false. --include_lib("public_key/include/public_key.hrl"). --include_lib("kernel/include/logger.hrl"). - -include("tls_connection.hrl"). -include("tls_handshake.hrl"). -include("tls_record.hrl"). -include("ssl_alert.hrl"). --include("ssl_api.hrl"). -include("ssl_internal.hrl"). -include("tls_record_1_3.hrl"). @@ -58,8 +54,7 @@ handle_protocol_record/3]). %% Data handling --export([socket/4, - setopts/3, +-export([setopts/3, getopts/3, handle_info/3, gen_info/3]). @@ -77,18 +72,18 @@ %%==================================================================== %% Setup %%==================================================================== -start_fsm(Role, Host, Port, Socket, - {SSLOpts, _, Trackers} = Opts, - User, {CbModule, _, _, _, _} = CbInfo, - Timeout) -> +start_fsm(Role, Host, Port, Socket, {SSLOpts, _, _Trackers} = Opts, + User, CbInfo, Timeout) -> ErlDist = maps:get(erl_dist, SSLOpts, false), SenderSpawnOpts = maps:get(sender_spawn_opts, SSLOpts, []), SenderOptions = handle_sender_options(ErlDist, SenderSpawnOpts), Starter = start_connection_tree(User, ErlDist, SenderOptions, Role, [Host, Port, Socket, Opts, User, CbInfo]), receive - {Starter, SockReceiver, SockSender} -> - socket_control(Socket, SockReceiver, SockSender, CbModule, Trackers, Timeout); + {Starter, {ok, SockReceiver}} -> + receive {SockReceiver, user_socket, UserSocket} -> + socket_control(UserSocket, Timeout) + end; {Starter, Error} -> Error end. @@ -108,20 +103,19 @@ start_connection_tree(User, IsErlDist, SenderOpts, Role, ReceiverOpts) -> {ok, DynSup} -> case tls_dyn_connection_sup:start_child(DynSup, sender, SenderOpts) of {ok, Sender} -> - case tls_dyn_connection_sup:start_child(DynSup, receiver, - [Role, Sender | - ReceiverOpts]) of + Args = [Role, Sender | ReceiverOpts], + case tls_dyn_connection_sup:start_child(DynSup, receiver, Args) of {ok, Receiver} -> - User ! {self(), Receiver, Sender}; - {error, Error} -> + User ! {self(), {ok, Receiver}}; + {error, _} = Error -> User ! {self(), Error}, exit(DynSup, shutdown) end; - {error, Error} -> + {error, _} = Error -> User ! {self(), Error}, exit(DynSup, shutdown) end; - {error, Error} -> + {error, _Error} = Error -> User ! {self(), Error} catch exit:{noproc, _} -> User ! {self(), {error, ssl_not_started}}; @@ -137,9 +131,8 @@ start_dyn_connection_sup(true) -> start_dyn_connection_sup(false) -> tls_connection_sup:start_child([]). -socket_control(Socket, SockReceiver, SockSender, CbModule, Trackers, Timeout) -> - case ssl_gen_statem:socket_control(?MODULE, Socket, [SockReceiver, SockSender], - CbModule, Trackers) of +socket_control(SslSocket, Timeout) -> + case ssl_gen_statem:socket_control(SslSocket) of {ok, SslSocket} -> ssl_gen_statem:handshake(SslSocket, Timeout); Error -> @@ -253,9 +246,6 @@ empty_connection_state(ConnectionEnd) -> %% Data handling %%==================================================================== -socket(Pids, Transport, Socket, Trackers) -> - tls_socket:socket(Pids, Transport, Socket, ?MODULE, Trackers). - setopts(Transport, Socket, Other) -> tls_socket:setopts(Transport, Socket, Other). diff --git a/lib/ssl/src/tls_gen_connection_1_3.erl b/lib/ssl/src/tls_gen_connection_1_3.erl index e6e680ab8cf..d787240ebe6 100644 --- a/lib/ssl/src/tls_gen_connection_1_3.erl +++ b/lib/ssl/src/tls_gen_connection_1_3.erl @@ -31,7 +31,7 @@ % gen_statem state help functions --export([initial_state/8, +-export([initial_state/9, user_hello/3, wait_cert/3, wait_cv/3, @@ -52,7 +52,7 @@ %%-------------------------------------------------------------------- %% Internal API %%-------------------------------------------------------------------- -initial_state(Role, Sender, Host, Port, Socket, +initial_state(Role, Sender, Tab, Host, Port, Socket, {SSLOptions, SocketOptions, Trackers}, User, {CbModule, DataTag, CloseTag, ErrorTag, PassiveTag}) -> put(log_level, maps:get(log_level, SSLOptions)), @@ -64,8 +64,13 @@ initial_state(Role, Sender, Host, Port, Socket, disabled, MaxEarlyDataSize), UserMonitor = erlang:monitor(process, User), + SslSocket = tls_socket:socket([self(),Sender], CbModule, Socket, tls_gen_connection, Tab, Trackers), + + true = ets:insert(Tab, {{socket_options, packet}, SocketOptions#socket_options.packet}), + InitStatEnv = #static_env{ role = Role, + user_socket = SslSocket, transport_cb = CbModule, protocol_cb = tls_gen_connection, data_tag = DataTag, @@ -78,6 +83,7 @@ initial_state(Role, Sender, Host, Port, Socket, trackers = Trackers }, #state{ + tab = Tab, static_env = InitStatEnv, handshake_env = #handshake_env{ tls_handshake_history = diff --git a/lib/ssl/src/tls_sender.erl b/lib/ssl/src/tls_sender.erl index e9fcc6dbcd0..ed0c5215dc9 100644 --- a/lib/ssl/src/tls_sender.erl +++ b/lib/ssl/src/tls_sender.erl @@ -43,7 +43,6 @@ peer_renegotiate/1, downgrade/2, update_connection_state/3, - dist_tls_socket/1, dist_handshake_complete/3]). %% gen_statem callbacks @@ -192,11 +191,7 @@ downgrade(Pid, Timeout) -> dist_handshake_complete(ConnectionPid, Node, DHandle) -> gen_statem:call(ConnectionPid, {dist_handshake_complete, Node, DHandle}). %%-------------------------------------------------------------------- --spec dist_tls_socket(pid()) -> {ok, #sslsocket{}}. -%% Description: To enable distribution startup to get a proper "#sslsocket{}" -%%-------------------------------------------------------------------- -dist_tls_socket(Pid) -> - gen_statem:call(Pid, dist_get_tls_socket). + %%%=================================================================== %%% gen_statem callbacks @@ -275,15 +270,8 @@ init(_, _, _) -> StateData :: term()) -> gen_statem:event_handler_result(atom()). %%-------------------------------------------------------------------- -connection({call, From}, {application_data, AppData}, - #data{static = #static{socket_options = #socket_options{packet = Packet}}} = - StateData) -> - case encode_packet(Packet, AppData) of - {error, _} = Error -> - {next_state, connection, StateData, [{reply, From, Error}]}; - Data -> - send_application_data(Data, From, connection, StateData) - end; +connection({call, From}, {application_data, Data}, StateData) -> + send_application_data(Data, From, connection, StateData); connection({call, From}, {post_handshake_data, HSData}, StateData) -> send_post_handshake_data(HSData, From, connection, StateData); connection({call, From}, {ack_alert, #alert{} = Alert}, StateData0) -> @@ -298,13 +286,6 @@ connection({call, From}, downgrade, #data{connection_states = {next_state, death_row, StateData, [{reply,From, {ok, Write}}]}; connection({call, From}, {set_opts, Opts}, StateData) -> handle_set_opts(connection, From, Opts, StateData); -connection({call, From}, dist_get_tls_socket, - #data{static = #static{transport_cb = Transport, - socket = Socket, - connection_pid = Pid, - trackers = Trackers}} = StateData) -> - TLSSocket = tls_gen_connection:socket([Pid, self()], Transport, Socket, Trackers), - hibernate_after(connection, StateData, [{reply, From, {ok, TLSSocket}}]); connection({call, From}, {dist_handshake_complete, _Node, DHandle}, #data{static = #static{connection_pid = Pid} = Static} = StateData) -> false = erlang:dist_ctrl_set_opt(DHandle, get_size, true), @@ -611,20 +592,6 @@ key_update_at(?TLS_1_3, _, KeyUpdateAt) -> key_update_at(_, _, KeyUpdateAt) -> KeyUpdateAt. --compile({inline, encode_packet/2}). -encode_packet(Packet, Data) -> - Len = iolist_size(Data), - case Packet of - 1 when Len < (1 bsl 8) -> [<>|Data]; - 2 when Len < (1 bsl 16) -> [<>|Data]; - 4 when Len < (1 bsl 32) -> [<>|Data]; - N when N =:= 1; N =:= 2; N =:= 4 -> - {error, - {badarg, {packet_to_large, Len, (1 bsl (Packet bsl 3)) - 1}}}; - _ -> - Data - end. - set_opts(SocketOptions, [{packet, N}]) -> SocketOptions#socket_options{packet = N}. diff --git a/lib/ssl/src/tls_server_connection.erl b/lib/ssl/src/tls_server_connection.erl index 2572824a079..5f3d80081af 100644 --- a/lib/ssl/src/tls_server_connection.erl +++ b/lib/ssl/src/tls_server_connection.erl @@ -136,9 +136,11 @@ %% Internal application API %%==================================================================== -init([Role, Sender, Host, Port, Socket, Options, User, CbInfo]) -> - State0 = tls_dtls_gen_connection:initial_state(Role, Sender, Host, Port, Socket, +init([Role, Sender, Tab, Host, Port, Socket, Options, User, CbInfo]) -> + State0 = tls_dtls_gen_connection:initial_state(Role, Sender, Tab, Host, Port, Socket, Options, User, CbInfo), + #state{static_env = #static_env{user_socket = UserSocket}} = State0, + User ! {self(), user_socket, UserSocket}, try State = ssl_gen_statem:init_ssl_config(State0#state.ssl_options, Role, State0), tls_gen_connection:initialize_tls_sender(State), diff --git a/lib/ssl/src/tls_server_connection_1_3.erl b/lib/ssl/src/tls_server_connection_1_3.erl index 8801f00b678..0acc97e2dd7 100644 --- a/lib/ssl/src/tls_server_connection_1_3.erl +++ b/lib/ssl/src/tls_server_connection_1_3.erl @@ -105,10 +105,12 @@ callback_mode() -> [state_functions, state_enter]. -init([?SERVER_ROLE, Sender, Host, Port, Socket, Options, User, CbInfo]) -> +init([?SERVER_ROLE, Sender, Tab, Host, Port, Socket, Options, User, CbInfo]) -> State0 = #state{protocol_specific = Map} = - tls_gen_connection_1_3:initial_state(?SERVER_ROLE, Sender, + tls_gen_connection_1_3:initial_state(?SERVER_ROLE, Sender, Tab, Host, Port, Socket, Options, User, CbInfo), + #state{static_env = #static_env{user_socket = UserSocket}} = State0, + User ! {self(), user_socket, UserSocket}, try State = ssl_gen_statem:init_ssl_config(State0#state.ssl_options, ?SERVER_ROLE, State0), tls_gen_connection:initialize_tls_sender(State), diff --git a/lib/ssl/src/tls_socket.erl b/lib/ssl/src/tls_socket.erl index 8c9ad573616..18f4ea28818 100644 --- a/lib/ssl/src/tls_socket.erl +++ b/lib/ssl/src/tls_socket.erl @@ -29,7 +29,7 @@ -export([send/3, listen/3, accept/3, - socket/5, + socket/6, connect/4, upgrade/3, setopts/3, @@ -91,7 +91,7 @@ listen(Transport, Port, #config{transport_info = {Transport, _, _, _, _}, {ok, SessionIdHandle} = session_id_tracker(ListenSocket, SslOpts), Trackers = [{option_tracker, Tracker}, {session_tickets_tracker, SessionHandler}, {session_id_tracker, SessionIdHandle}], - Socket = #sslsocket{socket_handle = ListenSocket, + Socket = #sslsocket{socket_handle = ListenSocket, listener_config = Config#config{trackers = Trackers}}, check_active_n(EmOpts, Socket), {ok, Socket}; @@ -100,7 +100,6 @@ listen(Transport, Port, #config{transport_info = {Transport, _, _, _, _}, end. accept(ListenSocket, #config{transport_info = {Transport,_,_,_,_} = CbInfo, - connection_cb = ConnectionCb, ssl = SslOpts, trackers = Trackers}, Timeout) -> case Transport:accept(ListenSocket, Timeout) of @@ -108,7 +107,7 @@ accept(ListenSocket, #config{transport_info = {Transport,_,_,_,_} = CbInfo, Tracker = proplists:get_value(option_tracker, Trackers), {ok, EmOpts} = get_emulated_opts(Tracker), {ok, Port} = tls_socket:port(Transport, Socket), - start_tls_server_connection(SslOpts, ConnectionCb, Transport, Port, Socket, EmOpts, Trackers, CbInfo); + start_tls_server_connection(SslOpts, Port, Socket, EmOpts, Trackers, CbInfo); {error, Reason} -> {error, Reason} end. @@ -149,13 +148,15 @@ connect(Address, Port, {error, {options, {socket_options, UserOpts}}} end. -socket([Receiver, Sender], Transport, Socket, ConnectionCb, Trackers) -> +socket([Receiver, Sender], Transport, Socket, ConnectionCb, Tab, Trackers) -> #sslsocket{socket_handle = Socket, connection_handler = Receiver, payload_sender = Sender, transport_cb = Transport, connection_cb = ConnectionCb, + tab = Tab, listener_config = Trackers}. + setopts(gen_tcp, Socket = #sslsocket{socket_handle = ListenSocket, listener_config = #config{trackers = Trackers}}, Options) -> Tracker = proplists:get_value(option_tracker, Trackers), @@ -406,7 +407,7 @@ code_change(_OldVsn, State, _Extra) -> call(Pid, Msg) -> gen_server:call(Pid, Msg, infinity). -start_tls_server_connection(SslOpts, ConnectionCb, Transport, Port, Socket, EmOpts, Trackers, CbInfo) -> +start_tls_server_connection(SslOpts, Port, Socket, EmOpts, Trackers, CbInfo) -> try {ok, DynSup} = tls_connection_sup:start_child([]), SenderOpts = maps:get(sender_spawn_opts, SslOpts, []), @@ -414,7 +415,9 @@ start_tls_server_connection(SslOpts, ConnectionCb, Transport, Port, Socket, EmOp ConnArgs = [server, Sender, "localhost", Port, Socket, {SslOpts, emulated_socket_options(EmOpts, #socket_options{}), Trackers}, self(), CbInfo], {ok, Pid} = tls_dyn_connection_sup:start_child(DynSup, receiver, ConnArgs), - ssl_gen_statem:socket_control(ConnectionCb, Socket, [Pid, Sender], Transport, Trackers) + receive {Pid, user_socket, UserSocket} -> + ssl_gen_statem:socket_control(UserSocket) + end catch error:{badmatch, {error, _} = Error} -> Error diff --git a/lib/ssl/test/dtls_api_SUITE.erl b/lib/ssl/test/dtls_api_SUITE.erl index c66d919017e..aecea455c82 100644 --- a/lib/ssl/test/dtls_api_SUITE.erl +++ b/lib/ssl/test/dtls_api_SUITE.erl @@ -170,6 +170,10 @@ dtls_listen_owner_dies(Config) when is_list(Config) -> {ssl, Socket, "from client"} -> ssl:send(Socket, "from server"), ssl:close(Socket) + after 2000 -> + ct:log("GOT WRONG MSG ~p~n", [flush()]), + ct:log("Expected ~p~n", [ {ssl, Socket, "from client"}]), + ct:fail(wrong_msg) end end), {ok, Client} = ssl:connect(Hostname, Port, ClientOpts), @@ -178,6 +182,9 @@ dtls_listen_owner_dies(Config) when is_list(Config) -> receive {ssl, Client, "from server"} -> ssl:close(Client) + after 5000 -> + ct:log("GOT WRONG MSG ~p~n", [flush()]), + ct:fail(wrong_msg) end. dtls_listen_close() -> diff --git a/lib/ssl/test/openssl_alpn_SUITE.erl b/lib/ssl/test/openssl_alpn_SUITE.erl index 1d0bc82c4e9..838ee8d5a74 100644 --- a/lib/ssl/test/openssl_alpn_SUITE.erl +++ b/lib/ssl/test/openssl_alpn_SUITE.erl @@ -165,8 +165,8 @@ end_per_testcase(_, Config) -> %%-------------------------------------------------------------------- erlang_client_alpn_openssl_server_alpn(Config) when is_list(Config) -> - ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), - ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), AlpnProtocol = <<"spdy/2">>, {Server, OpenSSLPort} = @@ -193,7 +193,7 @@ erlang_client_alpn_openssl_server_alpn(Config) when is_list(Config) -> %%-------------------------------------------------------------------- erlang_server_alpn_openssl_client_alpn(Config) when is_list(Config) -> - ClientOpts = proplists:get_value(client_rsa_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), Protocol = <<"spdy/2">>, Server = ssl_test_lib:start_server(erlang, [{from, self()}], @@ -222,7 +222,7 @@ erlang_server_alpn_openssl_client_alpn(Config) when is_list(Config) -> %%-------------------------------------------------------------------------- erlang_client_alpn_openssl_server(Config) when is_list(Config) -> - ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), Protocol = <<"spdy/2">>, @@ -248,7 +248,7 @@ erlang_client_alpn_openssl_server(Config) when is_list(Config) -> %%-------------------------------------------------------------------------- erlang_client_openssl_server_alpn(Config) when is_list(Config) -> - ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), {Server, OpenSSLPort} = ssl_test_lib:start_server(openssl, [{alpn,"spdy/2"}, return_port], @@ -269,7 +269,7 @@ erlang_client_openssl_server_alpn(Config) when is_list(Config) -> %%-------------------------------------------------------------------------- erlang_server_alpn_openssl_client(Config) when is_list(Config) -> - ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), Server = ssl_test_lib:start_server(erlang, [{from, self()}], [{server_opts, [{alpn_preferred_protocols, @@ -296,7 +296,7 @@ erlang_server_alpn_openssl_client(Config) when is_list(Config) -> %%-------------------------------------------------------------------------- erlang_server_openssl_client_alpn(Config) when is_list(Config) -> - ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), Server = ssl_test_lib:start_server(erlang, [{from, self()}], [{server_opts, [ServerOpts]} | Config]), @@ -324,7 +324,7 @@ erlang_server_openssl_client_alpn(Config) when is_list(Config) -> erlang_client_alpn_openssl_server_alpn_renegotiate(Config) when is_list(Config) -> - ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), AlpnProtocol = <<"spdy/2">>, @@ -361,7 +361,7 @@ erlang_client_alpn_openssl_server_alpn_renegotiate(Config) when is_list(Config) %%-------------------------------------------------------------------- erlang_server_alpn_openssl_client_alpn_renegotiate(Config) when is_list(Config) -> - ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), AlpnProtocol = <<"spdy/2">>, Server = ssl_test_lib:start_server(erlang, [{from, self()}], @@ -398,7 +398,7 @@ erlang_server_alpn_openssl_client_alpn_renegotiate(Config) when is_list(Config) %%-------------------------------------------------------------------- erlang_client_alpn_npn_openssl_server_alpn_npn(Config) when is_list(Config) -> - ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), AlpnProtocol = <<"spdy/2">>, @@ -426,7 +426,7 @@ erlang_client_alpn_npn_openssl_server_alpn_npn(Config) when is_list(Config) -> %%-------------------------------------------------------------------- erlang_server_alpn_npn_openssl_client_alpn_npn(Config) when is_list(Config) -> - ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), AlpnProtocol = <<"spdy/2">>, Server = ssl_test_lib:start_server(erlang, diff --git a/lib/ssl/test/openssl_client_cert_SUITE.erl b/lib/ssl/test/openssl_client_cert_SUITE.erl index 0b60e5d58a7..9a692067aa2 100644 --- a/lib/ssl/test/openssl_client_cert_SUITE.erl +++ b/lib/ssl/test/openssl_client_cert_SUITE.erl @@ -164,8 +164,8 @@ init_per_group(openssl_client, Config) -> init_per_group(Group, Config0) when Group == rsa; Group == rsa_1_3 -> Config = ssl_test_lib:make_rsa_cert(Config0), - COpts = proplists:get_value(client_rsa_opts, Config), - SOpts = proplists:get_value(server_rsa_opts, Config), + COpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), + SOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), %% Make sure _rsa* suite is chosen by ssl_test_lib:start_server Version = ssl_test_lib:protocol_version(Config), Ciphers = ssl_cert_tests:test_ciphers(fun(dhe_rsa) -> @@ -179,8 +179,8 @@ init_per_group(Group, Config0) when Group == rsa; [_|_] -> [{cert_key_alg, rsa} | lists:delete(cert_key_alg, - [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> [{ciphers, Ciphers} | COpts] end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; [] -> @@ -205,8 +205,8 @@ init_per_group(Alg, Config) when server_config := SOpts} = ssl_test_lib:make_rsa_pss_pem(rsa_alg(Alg), [], Config, ""), [{cert_key_alg, rsa_alg(Alg)} | lists:delete(cert_key_alg, - [{client_cert_opts, openssl_sig_algs(rsa_alg(Alg)) ++ COpts}, - {server_cert_opts, ssl_test_lib:sig_algs(Alg, Version) ++ SOpts} | + [{client_cert_opts, fun() -> openssl_sig_algs(rsa_alg(Alg)) ++ COpts end}, + {server_cert_opts, fun() -> ssl_test_lib:sig_algs(Alg, Version) ++ SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; false -> @@ -221,8 +221,8 @@ init_per_group(Group, Config0) when Group == ecdsa; of true -> Config = ssl_test_lib:make_ecdsa_cert(Config0), - COpts = proplists:get_value(client_ecdsa_opts, Config), - SOpts = proplists:get_value(server_ecdsa_opts, Config), + COpts = ssl_test_lib:ssl_options(client_ecdsa_opts, Config), + SOpts = ssl_test_lib:ssl_options(server_ecdsa_opts, Config), %% Make sure ecdh* suite is chosen by ssl_test_lib:start_server Version = ssl_test_lib:protocol_version(Config), Ciphers = ssl_cert_tests:test_ciphers(fun(ecdh_ecdsa) -> @@ -236,8 +236,8 @@ init_per_group(Group, Config0) when Group == ecdsa; [_|_] -> [{cert_key_alg, ecdsa} | lists:delete(cert_key_alg, - [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> [{ciphers, Ciphers} | COpts] end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))] )]; @@ -268,8 +268,8 @@ init_per_group(eddsa_1_3, Config0) -> [{cert_key_alg, eddsa} | lists:delete(cert_key_alg, - [{client_cert_opts, COpts}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> COpts end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config0))] )]; @@ -286,8 +286,8 @@ init_per_group(Group, Config0) when Group == dsa -> of true -> Config = ssl_test_lib:make_dsa_cert(Config0), - COpts = SigAlgs ++ proplists:get_value(client_dsa_opts, Config), - SOpts = SigAlgs ++ proplists:get_value(server_dsa_opts, Config), + COpts = SigAlgs ++ ssl_test_lib:ssl_options(client_dsa_opts, Config), + SOpts = SigAlgs ++ ssl_test_lib:ssl_options(server_dsa_opts, Config), %% Make sure dhe_dss* suite is chosen by ssl_test_lib:start_server Version = ssl_test_lib:protocol_version(Config), Ciphers = ssl_cert_tests:test_ciphers(fun(dh_dss) -> @@ -301,8 +301,8 @@ init_per_group(Group, Config0) when Group == dsa -> [_|_] -> [{cert_key_alg, dsa} | lists:delete(cert_key_alg, - [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, - {server_cert_opts, [{ciphers, Ciphers} | SOpts]} | + [{client_cert_opts, fun() -> [{ciphers, Ciphers} | COpts] end}, + {server_cert_opts, fun() -> [{ciphers, Ciphers} | SOpts] end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; [] -> diff --git a/lib/ssl/test/openssl_server_cert_SUITE.erl b/lib/ssl/test/openssl_server_cert_SUITE.erl index 057d80b6f32..53bc990e4bc 100644 --- a/lib/ssl/test/openssl_server_cert_SUITE.erl +++ b/lib/ssl/test/openssl_server_cert_SUITE.erl @@ -159,8 +159,8 @@ init_per_group(openssl_server, Config0) -> [{client_type, erlang}, {server_type, openssl} | Config]; init_per_group(rsa = Group, Config0) -> Config = ssl_test_lib:make_rsa_cert(Config0), - COpts = proplists:get_value(client_rsa_opts, Config), - SOpts = proplists:get_value(server_rsa_opts, Config), + COpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), + SOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), %% Make sure _rsa* suite is chosen by ssl_test_lib:start_server Version = ssl_test_lib:protocol_version(Config), Ciphers = ssl_cert_tests:test_ciphers(fun(dhe_rsa) -> @@ -174,8 +174,8 @@ init_per_group(rsa = Group, Config0) -> [_|_] -> [{cert_key_alg, rsa} | lists:delete(cert_key_alg, - [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> [{ciphers, Ciphers} | COpts] end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; [] -> @@ -183,8 +183,8 @@ init_per_group(rsa = Group, Config0) -> end; init_per_group(rsa_1_3 = Group, Config0) -> Config = ssl_test_lib:make_rsa_cert(Config0), - COpts = proplists:get_value(client_rsa_opts, Config), - SOpts = proplists:get_value(server_rsa_opts, Config), + COpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), + SOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), %% Make sure _rsa* suite is chosen by ssl_test_lib:start_server Version = ssl_test_lib:protocol_version(Config), Ciphers = ssl_cert_tests:test_ciphers(undefined, Version), @@ -192,8 +192,8 @@ init_per_group(rsa_1_3 = Group, Config0) -> [_|_] -> [{cert_key_alg, rsa} | lists:delete(cert_key_alg, - [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> [{ciphers, Ciphers} | COpts] end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; [] -> @@ -202,7 +202,7 @@ init_per_group(rsa_1_3 = Group, Config0) -> init_per_group(Alg, Config) when Alg == rsa_pss_rsae; Alg == rsa_pss_pss -> Supports = crypto:supports(), - RSAOpts = proplists:get_value(rsa_opts, Supports), + RSAOpts = ssl_test_lib:ssl_options(rsa_opts, Supports), case lists:member(rsa_pkcs1_pss_padding, RSAOpts) andalso lists:member(rsa_pss_saltlen, RSAOpts) @@ -214,8 +214,8 @@ init_per_group(Alg, Config) when Alg == rsa_pss_rsae; server_config := SOpts} = ssl_test_lib:make_rsa_pss_pem(Alg, [], Config, ""), [{cert_key_alg, Alg} | lists:delete(cert_key_alg, - [{client_cert_opts, COpts}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> COpts end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; false -> @@ -229,8 +229,8 @@ init_per_group(ecdsa = Group, Config0) -> of true -> Config = ssl_test_lib:make_ecdsa_cert(Config0), - COpts = proplists:get_value(client_ecdsa_opts, Config), - SOpts = proplists:get_value(server_ecdsa_opts, Config), + COpts = ssl_test_lib:ssl_options(client_ecdsa_opts, Config), + SOpts = ssl_test_lib:ssl_options(server_ecdsa_opts, Config), %% Make sure ecdh* suite is chosen by ssl_test_lib:start_server Version = ssl_test_lib:protocol_version(Config), Ciphers = ssl_cert_tests:test_ciphers(fun(ecdh_ecdsa) -> @@ -244,8 +244,8 @@ init_per_group(ecdsa = Group, Config0) -> [_|_] -> [{cert_key_alg, ecdsa} | lists:delete(cert_key_alg, - [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> [{ciphers, Ciphers} | COpts] end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))] )]; @@ -263,8 +263,8 @@ init_per_group(ecdsa_1_3 = Group, Config0) -> of true -> Config = ssl_test_lib:make_ecdsa_cert(Config0), - COpts = proplists:get_value(client_ecdsa_opts, Config), - SOpts = proplists:get_value(server_ecdsa_opts, Config), + COpts = ssl_test_lib:ssl_options(client_ecdsa_opts, Config), + SOpts = ssl_test_lib:ssl_options(server_ecdsa_opts, Config), %% Make sure ecdh* suite is chosen by ssl_test_lib:start_server Version = ssl_test_lib:protocol_version(Config), Ciphers = ssl_cert_tests:test_ciphers(undefined, Version), @@ -272,8 +272,8 @@ init_per_group(ecdsa_1_3 = Group, Config0) -> [_|_] -> [{cert_key_alg, ecdsa} | lists:delete(cert_key_alg, - [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> [{ciphers, Ciphers} | COpts] end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))] )]; @@ -301,8 +301,8 @@ init_per_group(eddsa_1_3, Config0) -> [{cert_key_alg, eddsa} | lists:delete(cert_key_alg, - [{client_cert_opts, COpts}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> COpts end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config0))] )]; @@ -317,8 +317,8 @@ init_per_group(dsa = Group, Config0) -> of true -> Config = ssl_test_lib:make_dsa_cert(Config0), - COpts = proplists:get_value(client_dsa_opts, Config), - SOpts = proplists:get_value(server_dsa_opts, Config), + COpts = ssl_test_lib:ssl_options(client_dsa_opts, Config), + SOpts = ssl_test_lib:ssl_options(server_dsa_opts, Config), %% Make sure dhe_dss* suite is chosen by ssl_test_lib:start_server Version = ssl_test_lib:protocol_version(Config), Ciphers = ssl_cert_tests:test_ciphers(fun(dh_dss) -> @@ -332,8 +332,10 @@ init_per_group(dsa = Group, Config0) -> [_|_] -> [{cert_key_alg, dsa} | lists:delete(cert_key_alg, - [{client_cert_opts, [{ciphers, Ciphers} | COpts] ++ ssl_test_lib:sig_algs(dsa, Version)}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> [{ciphers, Ciphers} | COpts] ++ + ssl_test_lib:sig_algs(dsa, Version) + end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; [] -> diff --git a/lib/ssl/test/openssl_session_ticket_SUITE.erl b/lib/ssl/test/openssl_session_ticket_SUITE.erl index 991f290dc78..e0732257c9a 100644 --- a/lib/ssl/test/openssl_session_ticket_SUITE.erl +++ b/lib/ssl/test/openssl_session_ticket_SUITE.erl @@ -168,7 +168,7 @@ openssl_client_basic() -> [{doc,"Test session resumption with session tickets (openssl client - erlang server)"}]. openssl_client_basic(Config) when is_list(Config) -> ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), - ClientOpts = proplists:get_value(client_rsa_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), {_, ServerNode, _Hostname} = ssl_test_lib:run_where(Config), TicketFile0 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket0"]), @@ -264,7 +264,7 @@ openssl_client_hrr() -> [{doc,"Test session resumption with session tickets and hello_retry_request (openssl client - erlang server)"}]. openssl_client_hrr(Config) when is_list(Config) -> ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), - ClientOpts = proplists:get_value(client_rsa_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), {_, ServerNode, _Hostname} = ssl_test_lib:run_where(Config), TicketFile0 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket0"]), TicketFile1 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket1"]), @@ -650,7 +650,7 @@ openssl_client_early_data_basic() -> [{doc,"Test early data (openssl client - erlang server)"}]. openssl_client_early_data_basic(Config) when is_list(Config) -> ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), - ClientOpts = proplists:get_value(client_rsa_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), {_, ServerNode, _Hostname} = ssl_test_lib:run_where(Config), TicketFile0 = filename:join([proplists:get_value(priv_dir, Config), "session_ticket0"]), diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl index b294daf53d7..09cc27b96db 100644 --- a/lib/ssl/test/ssl_api_SUITE.erl +++ b/lib/ssl/test/ssl_api_SUITE.erl @@ -3857,8 +3857,8 @@ export_key_materials(Config) when is_list(Config) -> {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Version = ssl_test_lib:protocol_version(Config, atom), BaseOpts = [{active, true}, {versions, [Version]}, {protocol, tls_or_dtls(Version)}], - ServerOpts = BaseOpts ++ proplists:get_value(server_rsa_opts, Config, []), - ClientOpts = BaseOpts ++ proplists:get_value(client_rsa_opts, Config, []), + ServerOpts = BaseOpts ++ ssl_test_lib:ssl_options(server_rsa_opts, Config), + ClientOpts = BaseOpts ++ ssl_test_lib:ssl_options(client_rsa_opts, Config), Label = <<"EXPERIMENTAL-otp">>, @@ -3894,8 +3894,8 @@ exporter_master_secret_consumed(Config) when is_list(Config) -> {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Version = ssl_test_lib:protocol_version(Config, atom), BaseOpts = [{active, true}, {versions, [Version]}, {protocol, tls_or_dtls(Version)}], - ServerOpts = BaseOpts ++ proplists:get_value(server_rsa_opts, Config, []), - ClientOpts = BaseOpts ++ proplists:get_value(client_rsa_opts, Config, []), + ServerOpts = BaseOpts ++ ssl_test_lib:ssl_options(server_rsa_opts, Config), + ClientOpts = BaseOpts ++ ssl_test_lib:ssl_options(client_rsa_opts, Config), Label1 = <<"EXPERIMENTAL-otp1">>, Label2 = <<"EXPERIMENTAL-otp2">>, @@ -3927,14 +3927,14 @@ legacy_prf(Config) when is_list(Config) -> {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Version = ssl_test_lib:protocol_version(Config, atom), BaseOpts = [{active, true}, {versions, [Version]}, {protocol, tls_or_dtls(Version)}], - ServerOpts = BaseOpts ++ proplists:get_value(server_rsa_opts, Config, []), - ClientOpts = BaseOpts ++ proplists:get_value(client_rsa_opts, Config, []), + ServerOpts = BaseOpts ++ ssl_test_lib:ssl_options(server_rsa_opts, Config), + ClientOpts = BaseOpts ++ ssl_test_lib:ssl_options(client_rsa_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Version = ssl_test_lib:protocol_version(Config, atom), BaseOpts = [{active, true}, {versions, [Version]}, {protocol, tls_or_dtls(Version)}], - ServerOpts = BaseOpts ++ proplists:get_value(server_rsa_opts, Config, []), - ClientOpts = BaseOpts ++ proplists:get_value(client_rsa_opts, Config, []), + ServerOpts = BaseOpts ++ ssl_test_lib:ssl_options(server_rsa_opts, Config), + ClientOpts = BaseOpts ++ ssl_test_lib:ssl_options(client_rsa_opts, Config), Label = <<"EXPERIMENTAL-otp">>, @@ -4157,7 +4157,7 @@ active_n_common(S, N) -> {ssl_passive, S} -> ok after 1000 -> - error({error,ssl_passive_failure}) + error({error,ssl_passive_failure, flush()}) end, [{active,false}] = ok(ssl:getopts(S, [active])), ok = ssl:setopts(S, [{active,0}]), @@ -4165,7 +4165,7 @@ active_n_common(S, N) -> {ssl_passive, S} -> ok after 1000 -> - error({error,ssl_passive_failure}) + error({error,ssl_passive_failure, flush()}) end, ok = ssl:setopts(S, [{active,32767}]), {error,{options,_}} = ssl:setopts(S, [{active,1}]), @@ -4175,25 +4175,25 @@ active_n_common(S, N) -> {ssl_passive, S} -> ok after 1000 -> - error({error,ssl_passive_failure}) + error({error,ssl_passive_failure, flush()}) end, [{active,false}] = ok(ssl:getopts(S, [active])), ok = ssl:setopts(S, [{active,N}]), ok = ssl:setopts(S, [{active,true}]), [{active,true}] = ok(ssl:getopts(S, [active])), receive - _ -> error({error,active_n}) + _Msg -> error({error,active_n, _Msg}) after - 0 -> + 100 -> ok end, ok = ssl:setopts(S, [{active,N}]), ok = ssl:setopts(S, [{active,once}]), [{active,once}] = ok(ssl:getopts(S, [active])), receive - _ -> error({error,active_n}) + _Msg2 -> error({error,active_n, _Msg2}) after - 0 -> + 100 -> ok end, {error,{options,_}} = ssl:setopts(S, [{active,32768}]), @@ -4201,6 +4201,14 @@ active_n_common(S, N) -> [{active,false}] = ok(ssl:getopts(S, [active])), ok. +flush() -> + receive Msg -> + [Msg|flush()] + after 0 -> + [] + end. + + ok({ok,V}) -> V. repeat(N, Fun) -> @@ -4562,12 +4570,12 @@ test_config('dtlsv1.2', Config) -> ]; test_config(_, Config) -> RSAConf1 = ssl_test_lib:make_rsa_cert(Config), - SRSA1Opts = proplists:get_value(server_rsa_opts, RSAConf1), - CRSA1Opts = proplists:get_value(client_rsa_opts, RSAConf1), + SRSA1Opts = ssl_test_lib:ssl_options(server_rsa_opts, RSAConf1), + CRSA1Opts = ssl_test_lib:ssl_options(client_rsa_opts, RSAConf1), RSAConf2 = ssl_test_lib:make_rsa_1024_cert(Config), - SRSA2Opts = proplists:get_value(server_rsa_1024_opts, RSAConf2), - CRSA2Opts = proplists:get_value(client_rsa_1024_opts, RSAConf2), + SRSA2Opts = ssl_test_lib:ssl_options(server_rsa_1024_opts, RSAConf2), + CRSA2Opts = ssl_test_lib:ssl_options(client_rsa_1024_opts, RSAConf2), {SRSA1Cert, SRSA1Key, _SRSA1CACerts} = get_single_options(certfile, keyfile, cacertfile, SRSA1Opts), {CRSA1Cert, CRSA1Key, _CRSA1CACerts} = get_single_options(certfile, keyfile, cacertfile, CRSA1Opts), diff --git a/lib/ssl/test/ssl_cert_SUITE.erl b/lib/ssl/test/ssl_cert_SUITE.erl index 39f163f6f5b..9be561e5e75 100644 --- a/lib/ssl/test/ssl_cert_SUITE.erl +++ b/lib/ssl/test/ssl_cert_SUITE.erl @@ -295,15 +295,15 @@ do_init_per_group(Group, Config0) when Group == rsa; Group == rsa_1_3 -> Config1 = ssl_test_lib:make_rsa_cert(Config0), Config = ssl_test_lib:make_rsa_1024_cert(Config1), - COpts = proplists:get_value(client_rsa_verify_opts, Config), - SOpts = proplists:get_value(server_rsa_opts, Config), + COpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + SOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), Version = proplists:get_value(version, Config), [{cert_key_alg, rsa}, {extra_client, ssl_test_lib:sig_algs(rsa, Version)}, {extra_server, ssl_test_lib:sig_algs(rsa, Version)} | lists:delete(cert_key_alg, - [{client_cert_opts, COpts}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> COpts end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; do_init_per_group(Alg, Config) when Alg == rsa_pss_rsae; @@ -322,8 +322,8 @@ do_init_per_group(Alg, Config) when Alg == rsa_pss_rsae; {extra_client, ssl_test_lib:sig_algs(Alg, Version)}, {extra_server, ssl_test_lib:sig_algs(Alg, Version)} | lists:delete(cert_key_alg, - [{client_cert_opts, COpts}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> COpts end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; false -> @@ -343,8 +343,8 @@ do_init_per_group(Alg, Config) when Alg == rsa_pss_rsae_1_3; server_config := SOpts} = ssl_test_lib:make_rsa_pss_pem(rsa_alg(Alg), [], Config, ""), [{cert_key_alg, rsa_alg(Alg)} | lists:delete(cert_key_alg, - [{client_cert_opts, COpts}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> COpts end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; false -> @@ -357,12 +357,12 @@ do_init_per_group(Group, Config0) when Group == ecdsa; case lists:member(ecdsa, PKAlg) andalso (lists:member(ecdh, PKAlg) orelse lists:member(dh, PKAlg)) of true -> Config = ssl_test_lib:make_ecdsa_cert(Config0), - COpts = proplists:get_value(client_ecdsa_verify_opts, Config), - SOpts = proplists:get_value(server_ecdsa_opts, Config), + COpts = ssl_test_lib:ssl_options(client_ecdsa_verify_opts, Config), + SOpts = ssl_test_lib:ssl_options(server_ecdsa_opts, Config), [{cert_key_alg, ecdsa} | lists:delete(cert_key_alg, - [{client_cert_opts, COpts}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> COpts end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))] )]; @@ -386,8 +386,8 @@ do_init_per_group(eddsa_1_3, Config0) -> [{cert_key_alg, eddsa} | lists:delete(cert_key_alg, - [{client_cert_opts, COpts}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> COpts end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config0))] )]; @@ -400,8 +400,8 @@ do_init_per_group(dsa = Alg, Config0) -> case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) of true -> Config = ssl_test_lib:make_dsa_cert(Config0), - COpts = proplists:get_value(client_dsa_opts, Config), - SOpts = proplists:get_value(server_dsa_opts, Config), + COpts = ssl_test_lib:ssl_options(client_dsa_opts, Config), + SOpts = ssl_test_lib:ssl_options(server_dsa_opts, Config), ShaDSA = case Version of {3, 3} -> [{signature_algs, [{sha, dsa}]}]; @@ -414,8 +414,8 @@ do_init_per_group(dsa = Alg, Config0) -> {extra_server, ssl_test_lib:sig_algs(Alg, Version) ++ [{ciphers, ssl_test_lib:dsa_suites(Version)}] ++ ShaDSA} | lists:delete(cert_key_alg, - [{client_cert_opts, COpts}, - {server_cert_opts, SOpts} | + [{client_cert_opts, fun() -> COpts end}, + {server_cert_opts, fun() -> SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; false -> @@ -447,12 +447,12 @@ init_ecdsa_opts(Config0, Curve) -> case lists:member(ecdsa, PKAlg) andalso (lists:member(ecdh, PKAlg) orelse lists:member(dh, PKAlg)) of true -> Config = ssl_test_lib:make_rsa_ecdsa_cert(Config0, Curve), - COpts = proplists:get_value(client_ecdsa_verify_opts, Config), - SOpts = proplists:get_value(server_ecdsa_opts, Config), + COpts = ssl_test_lib:ssl_options(client_ecdsa_verify_opts, Config), + SOpts = ssl_test_lib:ssl_options(server_ecdsa_opts, Config), [{cert_key_alg, ecdsa} | lists:delete(cert_key_alg, - [{client_cert_opts, ssl_test_lib:sig_algs(ecdsa, Version) ++ COpts}, - {server_cert_opts, ssl_test_lib:sig_algs(ecdsa, Version) ++ SOpts} | + [{client_cert_opts, fun() -> ssl_test_lib:sig_algs(ecdsa, Version) ++ COpts end}, + {server_cert_opts, fun() -> ssl_test_lib:sig_algs(ecdsa, Version) ++ SOpts end} | lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))] )]; diff --git a/lib/ssl/test/ssl_dist_bench_SUITE.erl b/lib/ssl/test/ssl_dist_bench_SUITE.erl index b516b6988ab..ef7eb6b9e5c 100644 --- a/lib/ssl/test/ssl_dist_bench_SUITE.erl +++ b/lib/ssl/test/ssl_dist_bench_SUITE.erl @@ -211,6 +211,8 @@ init_per_suite(Config) -> catch throw : {Skip, Reason} -> {skip, Reason}; + throw : {skipped, Reason} -> + {skip, Reason}; Class : Reason : Stacktrace -> {fail, {Class, Reason, Stacktrace}} end. diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl index 9eb87700f81..ca923503899 100644 --- a/lib/ssl/test/ssl_packet_SUITE.erl +++ b/lib/ssl/test/ssl_packet_SUITE.erl @@ -2546,18 +2546,25 @@ client_reject_packet_opt(Config, PacketOpt) -> Server = ssl_test_lib:start_server([{node, ClientNode}, {port, 0}, {from, self()}, - {mfa, {ssl_test_lib, no_result_msg ,[]}}, + {mfa, {ssl_test_lib, no_result, []}}, {options, ServerOpts}]), Port = ssl_test_lib:inet_port(Server), Client = ssl_test_lib:start_client_error([{node, ServerNode}, {port, Port}, {host, Hostname}, {from, self()}, - {mfa, {ssl_test_lib, no_result_msg, []}}, - {options, [PacketOpt | - ClientOpts]}]), - - ssl_test_lib:check_result(Client, {error, {options, {not_supported, PacketOpt}}}). + {mfa, {ssl_test_lib, no_result, []}}, + {options, [PacketOpt | ClientOpts]}]), + + ok = ssl_test_lib:check_result(Client, {error, {options, {not_supported, PacketOpt}}}), + Client2 = ssl_test_lib:start_client([{node, ServerNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {ssl, setopts, [[PacketOpt]]}}, + {options, ClientOpts}]), + ssl_test_lib:check_result(Client2, {error, {options, {socket_options, PacketOpt}}}), + ssl_test_lib:close(Server), + ssl_test_lib:close(Client2). send_switch_packet(SslSocket, Data, NextPacket) -> spawn(fun() -> ssl:send(SslSocket, Data) end), diff --git a/lib/ssl/test/ssl_pem_cache_SUITE.erl b/lib/ssl/test/ssl_pem_cache_SUITE.erl index 4d2a370c31a..865ef7957be 100644 --- a/lib/ssl/test/ssl_pem_cache_SUITE.erl +++ b/lib/ssl/test/ssl_pem_cache_SUITE.erl @@ -243,8 +243,8 @@ invalid_insert() -> invalid_insert(Config) when is_list(Config) -> process_flag(trap_exit, true), [0, 0, 0, 0] = get_table_sizes(), %% Initialy all tables are empty - ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), - ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), BadClientOpts = [{cacertfile, "tmp/does_not_exist.pem"} | proplists:delete(cacertfile, ClientOpts)], @@ -614,8 +614,8 @@ alternative_path_helper(Config, GetAlternative, %% Init - represents initial state %% ConnectedN - state after establishing Nth connection %% Disconnected - state after closing connections - ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), - CACertFilePath0 = proplists:get_value(cacertfile, ClientOpts), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + CACertFilePath0 = ssl_test_lib:ssl_options(cacertfile, ClientOpts), {ok, CACertFilename} = strip_path(CACertFilePath0), {ok, Cwd} = file:get_cwd(), @@ -705,8 +705,8 @@ create_initial_config(Config) -> ClientBase = filename:join(PrivDir, "client_test"), ServerBase = filename:join(PrivDir, "server_test"), PemConfig = x509_test:gen_pem_config_files(DerConfig, ClientBase, ServerBase), - ClientConf = proplists:get_value(client_config, PemConfig), - ServerConf = proplists:get_value(server_config, PemConfig), + ClientConf = ssl_test_lib:ssl_options(client_config, PemConfig), + ServerConf = ssl_test_lib:ssl_options(server_config, PemConfig), {proplists:get_value(cacertfile, ServerConf), ClientConf, ServerConf, ServerRootCert0, ClientBase, ServerBase}. @@ -752,7 +752,7 @@ pem_periodical_cleanup(Config, FileIds, ct:sleep(4 * ?SLEEP_AMOUNT), Init = get_table_sizes(), - ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), {Server, Client} = basic_verify_test_no_close(Config), diff --git a/lib/ssl/test/ssl_session_cache_SUITE.erl b/lib/ssl/test/ssl_session_cache_SUITE.erl index e2559b156eb..bc0250318cc 100644 --- a/lib/ssl/test/ssl_session_cache_SUITE.erl +++ b/lib/ssl/test/ssl_session_cache_SUITE.erl @@ -360,8 +360,8 @@ max_table_size() -> [{doc,"Test max limit on session table"}]. max_table_size(Config) when is_list(Config) -> process_flag(trap_exit, true), - ClientOpts = proplists:get_value(client_rsa_verify_opts, Config), - ServerOpts = proplists:get_value(server_rsa_verify_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, diff --git a/lib/ssl/test/ssl_socket_SUITE.erl b/lib/ssl/test/ssl_socket_SUITE.erl index 6cfd111f358..5dd1e097897 100644 --- a/lib/ssl/test/ssl_socket_SUITE.erl +++ b/lib/ssl/test/ssl_socket_SUITE.erl @@ -151,8 +151,8 @@ getstat() -> [{doc,"Test API function getstat/2"}]. getstat(Config) when is_list(Config) -> - ClientOpts = ?config(client_rsa_opts, Config), - ServerOpts = ?config(server_rsa_opts, Config), + ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Server1 = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index 931fb1602e1..67970b537d1 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -730,7 +730,7 @@ connect(_, _, 0, AcceptSocket, _, _, _) -> connect(ListenSocket, Node, _N, _, Timeout, SslOpts, cancel) -> ?CT_LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]), {ok, AcceptSocket} = ssl:transport_accept(ListenSocket), - ?CT_LOG("~nssl:handshake(~p,~p,~p)~n", [AcceptSocket, format_options(SslOpts),Timeout]), + ?CT_LOG("~nssl:handshake(~p,~0.p,~0.p)~n", [AcceptSocket, format_options(SslOpts),Timeout]), case ssl:handshake(AcceptSocket, SslOpts, Timeout) of {ok, Socket0, Ext} -> @@ -742,9 +742,9 @@ connect(ListenSocket, Node, _N, _, Timeout, SslOpts, cancel) -> Result end; connect(ListenSocket, Node, N, _, Timeout, SslOpts, [_|_] =ContOpts0) -> - ?CT_LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]), + ?CT_LOG("ssl:transport_accept(~0.P)~n", [ListenSocket, ?PRINT_DEPTH]), {ok, AcceptSocket} = ssl:transport_accept(ListenSocket), - ?CT_LOG("~nssl:handshake(~p,~p,~p)~n", [AcceptSocket, SslOpts,Timeout]), + ?CT_LOG("~nssl:handshake(~p,~0.p,~0.p)~n", [AcceptSocket, SslOpts,Timeout]), case ssl:handshake(AcceptSocket, SslOpts, Timeout) of {ok, Socket0, Ext} -> @@ -761,7 +761,7 @@ connect(ListenSocket, Node, N, _, Timeout, SslOpts, [_|_] =ContOpts0) -> _ -> ContOpts0 end, - ?CT_LOG("~nssl:handshake_continue(~p,~p,~p)~n", [Socket0, ContOpts,Timeout]), + ?CT_LOG("~nssl:handshake_continue(~p,~0.p,~0.p)~n", [Socket0, ContOpts,Timeout]), case ssl:handshake_continue(Socket0, ContOpts, Timeout) of {ok, Socket} -> connect(ListenSocket, Node, N-1, Socket, Timeout, SslOpts, ContOpts0); @@ -774,7 +774,7 @@ connect(ListenSocket, Node, N, _, Timeout, SslOpts, [_|_] =ContOpts0) -> Result end; connect(ListenSocket, Node, N, _, Timeout, [], ContOpts) -> - ?CT_LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]), + ?CT_LOG("ssl:transport_accept(~0.P)~n", [ListenSocket, ?PRINT_DEPTH]), {ok, AcceptSocket} = ssl:transport_accept(ListenSocket), ?CT_LOG("~nssl:handshake(~p, ~p)~n", [AcceptSocket, Timeout]), @@ -786,9 +786,9 @@ connect(ListenSocket, Node, N, _, Timeout, [], ContOpts) -> Result end; connect(ListenSocket, _Node, _, _, Timeout, Opts, _) -> - ?CT_LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]), - {ok, AcceptSocket} = ssl:transport_accept(ListenSocket), - ?CT_LOG("ssl:handshake(~p,~p, ~p)~n", [AcceptSocket, Opts, Timeout]), + ?CT_LOG("ssl:transport_accept(~0.P)~n", [ListenSocket, ?PRINT_DEPTH]), + {ok, AcceptSocket} = ssl:transport_accept(ListenSocket), + ?CT_LOG("ssl:handshake(~p,~0.p, ~0.p)~n", [AcceptSocket, Opts, Timeout]), ssl:handshake(AcceptSocket, Opts, Timeout), AcceptSocket. @@ -1891,12 +1891,11 @@ make_ecdsa_cert(Config) -> [{server_config, ServerConf}, {client_config, ClientConf}] = x509_test:gen_pem_config_files(GenCertData, ClientFileBase, ServerFileBase), - [{server_ecdsa_opts, [{reuseaddr, true} | ServerConf]}, - - {server_ecdsa_verify_opts, [{reuseaddr, true}, - {verify, verify_peer} | ServerConf]}, - {client_ecdsa_opts, [{verify, verify_none} | ClientConf]}, - {client_ecdsa_verify_opts, [{verify, verify_peer} | ClientConf]} + [{server_ecdsa_opts, fun() -> [{reuseaddr, true} | ServerConf] end}, + {server_ecdsa_verify_opts, + fun() -> [{reuseaddr, true}, {verify, verify_peer} | ServerConf] end}, + {client_ecdsa_opts, fun() -> [{verify, verify_none} | ClientConf] end}, + {client_ecdsa_verify_opts, fun() -> [{verify, verify_peer} | ClientConf] end} | Config]; false -> Config @@ -1913,17 +1912,18 @@ make_rsa_cert(Config) -> GenCertData = public_key:pkix_test_data(CertChainConf), #{client_config := ClientDerConf, server_config := ServerDerConf} = GenCertData, - [{server_config, ServerConf}, - {client_config, ClientConf}] = - x509_test:gen_pem_config_files(GenCertData, ClientFileBase, ServerFileBase), - [{server_rsa_opts, [{reuseaddr, true} | ServerConf]}, - {server_rsa_verify_opts, [{reuseaddr, true}, {verify, verify_peer} | ServerConf]}, - {client_rsa_opts, [{verify, verify_none} | ClientConf]}, - {client_rsa_verify_opts, [{verify, verify_peer} | ClientConf]}, - {server_rsa_der_opts, [{reuseaddr, true}, {verify, verify_none} | ServerDerConf]}, - {server_rsa_der_verify_opts, [{reuseaddr, true}, {verify, verify_peer} | ServerDerConf]}, - {client_rsa_der_opts, [{verify, verify_none} | ClientDerConf]}, - {client_rsa_der_verify_opts, [{verify, verify_peer} |ClientDerConf]} + [{server_config, ServerConf}, + {client_config, ClientConf}] = + x509_test:gen_pem_config_files(GenCertData, ClientFileBase, ServerFileBase), + + [{server_rsa_opts, fun() -> [{reuseaddr, true} | ServerConf] end}, + {server_rsa_verify_opts, fun() -> [{reuseaddr, true}, {verify, verify_peer} | ServerConf] end}, + {client_rsa_opts, fun() -> [{verify, verify_none} | ClientConf] end}, + {client_rsa_verify_opts, fun() -> [{verify, verify_peer} | ClientConf] end}, + {server_rsa_der_opts, fun() -> [{reuseaddr, true}, {verify, verify_none} | ServerDerConf] end}, + {server_rsa_der_verify_opts, fun() -> [{reuseaddr, true}, {verify, verify_peer} | ServerDerConf] end}, + {client_rsa_der_opts, fun() -> [{verify, verify_none} | ClientDerConf] end}, + {client_rsa_der_verify_opts, fun() -> [{verify, verify_peer} |ClientDerConf] end} | Config]; false -> Config @@ -1955,7 +1955,8 @@ make_rsa_cert_with_protected_keyfile(Config0, Password) -> "tls_password_client.pem"), der_to_pem(ProtectedClientKeyFile, [ProtectedPemEntry]), ProtectedClientOpts = [{keyfile,ProtectedClientKeyFile} | proplists:delete(keyfile, ClientOpts)], - [{client_protected_rsa_opts, ProtectedClientOpts} | Config1]. + [{client_protected_rsa_opts, fun() -> ProtectedClientOpts end} + | Config1]. make_rsa_1024_cert(Config) -> CryptoSupport = crypto:supports(), @@ -1971,14 +1972,14 @@ make_rsa_1024_cert(Config) -> [{server_config, ServerConf}, {client_config, ClientConf}] = x509_test:gen_pem_config_files(GenCertData, ClientFileBase, ServerFileBase), - [{server_rsa_1024_opts, [{ssl_imp, new},{reuseaddr, true} | ServerConf]}, - {server_rsa_1024_verify_opts, [{reuseaddr, true}, {verify, verify_peer} | ServerConf]}, - {client_rsa_1024_opts, [{verify, verify_none} | ClientConf]}, - {client_rsa_1024_verify_opts, [{verify, verify_peer} |ClientConf]}, - {server_rsa_1024_der_opts, [{reuseaddr, true} | ServerDerConf]}, - {server_rsa_1024_der_verify_opts, [{reuseaddr, true}, {verify, verify_peer} | ServerDerConf]}, - {client_rsa_1024_der_opts, [{verify, verify_none} | ClientDerConf]}, - {client_rsa_1024_der_verify_opts, [{verify, verify_peer} |ClientDerConf]} + [{server_rsa_1024_opts, fun() -> [{ssl_imp, new},{reuseaddr, true} | ServerConf] end}, + {server_rsa_1024_verify_opts, fun() -> [{reuseaddr, true}, {verify, verify_peer} | ServerConf] end}, + {client_rsa_1024_opts, fun() -> [{verify, verify_none} | ClientConf] end}, + {client_rsa_1024_verify_opts, fun() -> [{verify, verify_peer} |ClientConf] end}, + {server_rsa_1024_der_opts, fun() -> [{reuseaddr, true} | ServerDerConf] end}, + {server_rsa_1024_der_verify_opts, fun() -> [{reuseaddr, true}, {verify, verify_peer} | ServerDerConf] end}, + {client_rsa_1024_der_opts, fun() -> [{verify, verify_none} | ClientDerConf] end}, + {client_rsa_1024_der_verify_opts, fun() -> [{verify, verify_peer} |ClientDerConf] end} | Config]; false -> Config @@ -2016,13 +2017,10 @@ make_ecdh_rsa_cert(Config) -> {client_config, ClientConf}] = x509_test:gen_pem_config_files(GenCertData, ClientFileBase, ServerFileBase), - [{server_ecdh_rsa_opts, [{ssl_imp, new},{reuseaddr, true} | ServerConf]}, - - {server_ecdh_rsa_verify_opts, [{ssl_imp, new},{reuseaddr, true}, - {verify, verify_peer} | ServerConf]}, - - {client_ecdh_rsa_opts, ClientConf} - + [{server_ecdh_rsa_opts, fun() -> [{ssl_imp, new},{reuseaddr, true} | ServerConf] end}, + {server_ecdh_rsa_verify_opts, + fun() ->[{ssl_imp, new},{reuseaddr, true}, {verify, verify_peer} | ServerConf] end}, + {client_ecdh_rsa_opts, fun() -> ClientConf end} | Config]; _ -> Config @@ -2044,10 +2042,11 @@ make_rsa_ecdsa_cert(Config, Curve) -> {client_config, ClientConf}] = x509_test:gen_pem_config_files(GenCertData, ClientFileBase, ServerFileBase), - [{server_rsa_ecdsa_opts, [{reuseaddr, true} | ServerConf]}, - {server_rsa_ecdsa_verify_opts, [{ssl_imp, new},{reuseaddr, true}, - {verify, verify_peer} | ServerConf]}, - {client_rsa_ecdsa_opts, [{verify, verify_none} | ClientConf]} | Config]; + [{server_rsa_ecdsa_opts, fun() -> [{reuseaddr, true} | ServerConf] end}, + {server_rsa_ecdsa_verify_opts, + fun() -> [{ssl_imp, new},{reuseaddr, true},{verify, verify_peer} | ServerConf] end}, + {client_rsa_ecdsa_opts, fun() -> [{verify, verify_none} | ClientConf] end} + | Config]; _ -> Config end. @@ -2833,7 +2832,7 @@ is_dtls_version(_) -> openssl_tls_version_support(Version, Config0) -> Config = make_rsa_cert(Config0), - ServerOpts = proplists:get_value(server_rsa_opts, Config), + ServerOpts = ssl_options(server_rsa_opts, Config), Port = inet_port(node()), CaCertFile = proplists:get_value(cacertfile, ServerOpts), CertFile = proplists:get_value(certfile, ServerOpts), @@ -3667,16 +3666,27 @@ ubuntu_legacy_support() -> end. ssl_options(Extra, Option, Config) -> - ExtraOpts = proplists:get_value(Extra, Config, []), + ExtraOpts = case proplists:get_value(Extra, Config, []) of + Settings when is_list(Settings) -> Settings; + Fun when is_function(Fun, 0) -> Fun(); + Other -> Other + end, ExtraOpts ++ ssl_options(Option, Config). ssl_options(Option, Config) when is_atom(Option) -> ProtocolOpts = proplists:get_value(protocol_opts, Config, []), - Opts = proplists:get_value(Option, Config, []), + Opts = case proplists:get_value(Option, Config, []) of + Settings when is_list(Settings) -> Settings; + Fun when is_function(Fun, 0) -> Fun(); + Other -> Other + end, Opts ++ ProtocolOpts; -ssl_options(Options, Config) -> +ssl_options(Options, Config) when is_list(Options) -> + ProtocolOpts = proplists:get_value(protocol_opts, Config, []), + Options ++ ProtocolOpts; +ssl_options(OptionFun, Config) when is_function(OptionFun, 0) -> ProtocolOpts = proplists:get_value(protocol_opts, Config, []), - Options ++ ProtocolOpts. + OptionFun() ++ ProtocolOpts. protocol_version(Config) -> case proplists:get_value(version, Config, undefined) of diff --git a/lib/ssl/test/tls_api_SUITE.erl b/lib/ssl/test/tls_api_SUITE.erl index 467a56871b0..af33c4d3f44 100644 --- a/lib/ssl/test/tls_api_SUITE.erl +++ b/lib/ssl/test/tls_api_SUITE.erl @@ -27,7 +27,7 @@ -include_lib("ssl/src/ssl_record.hrl"). -include_lib("ssl/src/ssl_internal.hrl"). -include_lib("ssl/src/ssl_api.hrl"). --include_lib("ssl/src/tls_handshake.hrl"). +-include_lib("ssl/src/ssl_connection.hrl"). -include_lib("ssl/src/ssl_alert.hrl"). -include_lib("ssl/src/ssl_cipher.hrl"). @@ -793,8 +793,8 @@ tls_tcp_error_propagation_in_active_mode(Config) when is_list(Config) -> {status, _, _, StatusInfo} = sys:get_status(Pid), [_, _,_, _, Prop] = StatusInfo, State = ssl_test_lib:state(Prop), - StaticEnv = element(2, State), - Socket = element(11, StaticEnv), + StaticEnv = State#state.static_env, + Socket = StaticEnv#static_env.socket, %% Fake tcp error Pid ! {tcp_error, Socket, etimedout}, @@ -1259,7 +1259,7 @@ tls_password_correct() -> [{doc, "Test that connection is possible with a correct password"}]. tls_password_correct(Config) when is_list(Config) -> F = fun (P) -> - ProtectedClientOpts = ?config(client_protected_rsa_opts, Config), + ProtectedClientOpts = ssl_test_lib:ssl_options(client_protected_rsa_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), @@ -1289,7 +1289,7 @@ tls_password_incorrect() -> [{doc, "Test that connection is not possible with wrong password"}]. tls_password_incorrect(Config) when is_list(Config) -> F = fun (P) -> - ProtectedClientOpts = ?config(client_protected_rsa_opts, Config), + ProtectedClientOpts = ssl_test_lib:ssl_options(client_protected_rsa_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), @@ -1323,7 +1323,7 @@ tls_password_badarg() -> [{doc, "Test that connection is not possible with badarg password"}]. tls_password_badarg(Config) when is_list(Config) -> F = fun (P, ServerError, ClientError) -> - ProtectedClientOpts = ?config(client_protected_rsa_opts, Config), + ProtectedClientOpts = ssl_test_lib:ssl_options(client_protected_rsa_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},