mirror of
https://github.com/ninenines/cowboy.git
synced 2025-07-14 12:20:24 +00:00
Fix TLS tests for OTP-26+
ct_helper now uses the test certificates generated by public_key. A few adjustments had to be made as a result.
This commit is contained in:
Loïc Hoguin
parent
251e70b219
commit
12108ab668
5 changed files with 70 additions and 60 deletions
|
|
@ -589,18 +589,20 @@ http_upgrade_response_half_closed(Config) ->
|
|||
|
||||
alpn_ignore_h2c(Config) ->
|
||||
doc("An h2c ALPN protocol identifier must be ignored. (RFC7540 3.3)"),
|
||||
TlsOpts = ct_helper:get_certs_from_ets(),
|
||||
{ok, Socket} = ssl:connect("localhost", config(port, Config),
|
||||
[{alpn_advertised_protocols, [<<"h2c">>, <<"http/1.1">>]},
|
||||
binary, {active, false}, {versions, ['tlsv1.2']}]),
|
||||
binary, {active, false}|TlsOpts]),
|
||||
{ok, <<"http/1.1">>} = ssl:negotiated_protocol(Socket),
|
||||
ok.
|
||||
|
||||
alpn_server_preface(Config) ->
|
||||
doc("The first frame must be a SETTINGS frame "
|
||||
"for the server connection preface. (RFC7540 3.3, RFC7540 3.5, RFC7540 6.5)"),
|
||||
TlsOpts = ct_helper:get_certs_from_ets(),
|
||||
{ok, Socket} = ssl:connect("localhost", config(port, Config),
|
||||
[{alpn_advertised_protocols, [<<"h2">>]},
|
||||
binary, {active, false}, {versions, ['tlsv1.2']}]),
|
||||
binary, {active, false}|TlsOpts]),
|
||||
{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
|
||||
%% Receive the server preface.
|
||||
{ok, << _:24, 4:8, 0:40 >>} = ssl:recv(Socket, 9, 1000),
|
||||
|
|
@ -609,9 +611,10 @@ alpn_server_preface(Config) ->
|
|||
alpn_client_preface_timeout(Config) ->
|
||||
doc("Clients negotiating HTTP/2 and not sending a preface in "
|
||||
"a timely manner must be disconnected."),
|
||||
TlsOpts = ct_helper:get_certs_from_ets(),
|
||||
{ok, Socket} = ssl:connect("localhost", config(port, Config),
|
||||
[{alpn_advertised_protocols, [<<"h2">>]},
|
||||
binary, {active, false}, {versions, ['tlsv1.2']}]),
|
||||
binary, {active, false}|TlsOpts]),
|
||||
{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
|
||||
%% Receive the server preface.
|
||||
{ok, << Len:24 >>} = ssl:recv(Socket, 3, 1000),
|
||||
|
|
@ -623,9 +626,10 @@ alpn_client_preface_timeout(Config) ->
|
|||
alpn_reject_missing_client_preface(Config) ->
|
||||
doc("Servers must treat an invalid connection preface as a "
|
||||
"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
|
||||
TlsOpts = ct_helper:get_certs_from_ets(),
|
||||
{ok, Socket} = ssl:connect("localhost", config(port, Config),
|
||||
[{alpn_advertised_protocols, [<<"h2">>]},
|
||||
binary, {active, false}, {versions, ['tlsv1.2']}]),
|
||||
binary, {active, false}|TlsOpts]),
|
||||
{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
|
||||
%% Send a SETTINGS frame directly instead of the proper preface.
|
||||
ok = ssl:send(Socket, cow_http2:settings(#{})),
|
||||
|
|
@ -639,9 +643,10 @@ alpn_reject_missing_client_preface(Config) ->
|
|||
alpn_reject_invalid_client_preface(Config) ->
|
||||
doc("Servers must treat an invalid connection preface as a "
|
||||
"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
|
||||
TlsOpts = ct_helper:get_certs_from_ets(),
|
||||
{ok, Socket} = ssl:connect("localhost", config(port, Config),
|
||||
[{alpn_advertised_protocols, [<<"h2">>]},
|
||||
binary, {active, false}, {versions, ['tlsv1.2']}]),
|
||||
binary, {active, false}|TlsOpts]),
|
||||
{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
|
||||
%% Send a slightly incorrect preface.
|
||||
ok = ssl:send(Socket, "PRI * HTTP/2.0\r\n\r\nSM: Value\r\n\r\n"),
|
||||
|
|
@ -655,9 +660,10 @@ alpn_reject_invalid_client_preface(Config) ->
|
|||
alpn_reject_missing_client_preface_settings(Config) ->
|
||||
doc("Servers must treat an invalid connection preface as a "
|
||||
"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
|
||||
TlsOpts = ct_helper:get_certs_from_ets(),
|
||||
{ok, Socket} = ssl:connect("localhost", config(port, Config),
|
||||
[{alpn_advertised_protocols, [<<"h2">>]},
|
||||
binary, {active, false}, {versions, ['tlsv1.2']}]),
|
||||
binary, {active, false}|TlsOpts]),
|
||||
{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
|
||||
%% Send a valid preface sequence except followed by a PING instead of a SETTINGS frame.
|
||||
ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:ping(0)]),
|
||||
|
|
@ -671,9 +677,10 @@ alpn_reject_missing_client_preface_settings(Config) ->
|
|||
alpn_reject_invalid_client_preface_settings(Config) ->
|
||||
doc("Servers must treat an invalid connection preface as a "
|
||||
"connection error of type PROTOCOL_ERROR. (RFC7540 3.3, RFC7540 3.5)"),
|
||||
TlsOpts = ct_helper:get_certs_from_ets(),
|
||||
{ok, Socket} = ssl:connect("localhost", config(port, Config),
|
||||
[{alpn_advertised_protocols, [<<"h2">>]},
|
||||
binary, {active, false}, {versions, ['tlsv1.2']}]),
|
||||
binary, {active, false}|TlsOpts]),
|
||||
{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
|
||||
%% Send a valid preface sequence except followed by a badly formed SETTINGS frame.
|
||||
ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", << 0:24, 4:8, 0:9, 1:31 >>]),
|
||||
|
|
@ -686,9 +693,10 @@ alpn_reject_invalid_client_preface_settings(Config) ->
|
|||
|
||||
alpn_accept_client_preface_empty_settings(Config) ->
|
||||
doc("The SETTINGS frame in the client preface may be empty. (RFC7540 3.3, RFC7540 3.5)"),
|
||||
TlsOpts = ct_helper:get_certs_from_ets(),
|
||||
{ok, Socket} = ssl:connect("localhost", config(port, Config),
|
||||
[{alpn_advertised_protocols, [<<"h2">>]},
|
||||
binary, {active, false}, {versions, ['tlsv1.2']}]),
|
||||
binary, {active, false}|TlsOpts]),
|
||||
{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
|
||||
%% Send a valid preface sequence except followed by an empty SETTINGS frame.
|
||||
ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
|
||||
|
|
@ -702,9 +710,10 @@ alpn_accept_client_preface_empty_settings(Config) ->
|
|||
alpn_client_preface_settings_ack_timeout(Config) ->
|
||||
doc("Failure to acknowledge the server's SETTINGS frame "
|
||||
"results in a SETTINGS_TIMEOUT connection error. (RFC7540 3.5, RFC7540 6.5.3)"),
|
||||
TlsOpts = ct_helper:get_certs_from_ets(),
|
||||
{ok, Socket} = ssl:connect("localhost", config(port, Config),
|
||||
[{alpn_advertised_protocols, [<<"h2">>]},
|
||||
binary, {active, false}, {versions, ['tlsv1.2']}]),
|
||||
binary, {active, false}|TlsOpts]),
|
||||
{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
|
||||
%% Send a valid preface.
|
||||
ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
|
||||
|
|
@ -719,9 +728,10 @@ alpn_client_preface_settings_ack_timeout(Config) ->
|
|||
|
||||
alpn(Config) ->
|
||||
doc("Successful ALPN negotiation. (RFC7540 3.3)"),
|
||||
TlsOpts = ct_helper:get_certs_from_ets(),
|
||||
{ok, Socket} = ssl:connect("localhost", config(port, Config),
|
||||
[{alpn_advertised_protocols, [<<"h2">>]},
|
||||
binary, {active, false}, {versions, ['tlsv1.2']}]),
|
||||
binary, {active, false}|TlsOpts]),
|
||||
{ok, <<"h2">>} = ssl:negotiated_protocol(Socket),
|
||||
%% Send a valid preface.
|
||||
%% @todo Use non-empty SETTINGS here. Just because.
|
||||
|
|
@ -745,8 +755,9 @@ alpn(Config) ->
|
|||
|
||||
prior_knowledge_reject_tls(Config) ->
|
||||
doc("Implementations that support HTTP/2 over TLS must use ALPN. (RFC7540 3.4)"),
|
||||
TlsOpts = ct_helper:get_certs_from_ets(),
|
||||
{ok, Socket} = ssl:connect("localhost", config(port, Config),
|
||||
[binary, {active, false}, {versions, ['tlsv1.2']}]),
|
||||
[binary, {active, false}|TlsOpts]),
|
||||
%% Send a valid preface.
|
||||
ok = ssl:send(Socket, ["PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n", cow_http2:settings(#{})]),
|
||||
%% We expect the server to send an HTTP 400 error
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue