[erlang-questions] SSL inconsistencies in expected return values of 'ssl:connect/2'

Andre Graf andre.graf@REDACTED
Wed Oct 8 00:22:27 CEST 2014


Hi there,

today I wrote a EUnit test suite that should check the SSL connection
setup to an Erlang SSL server. Although the test cases are pretty simple
and standard I stumbled upon various inconsistencies when testing
against different OTP versions (R15B02, R16B03-1,OTP-17.3.1). I thought
I share my findings.

The different test cases are:

1. Connect No Client Auth (SUCCESS)
2. Connect No Client Auth (FAIL: wrong CA)
3. Connect Client Auth (SUCCESS)
4. Connect Client Auth (FAIL: no Client Cert provided)
5. Connect Client Auth (FAIL: Client Cert expired)
6. Connect Client Auth (FAIL: CRL check, Client Cert revoked)
7. Connect Client Auth (SUCCESS, CRL check)

Inconsistencies in expected return of 'ssl:connect/2' in test case 2:
- R15B02: {error,"unknown ca"}}
- R16B03-1: {error,{tls_alert,"unknown ca"}}
- OTP-17.3.1: {error,{tls_alert,"unknown ca"}}

Inconsistencies in expected return of 'ssl:connect/2' in test case 3:
- R15B02: {ok, Sock}
- R16B03-1: {ok, Sock}
- OTP-17.3.1: {error,closed}

Inconsistencies in expected return of 'ssl:connect/2' in test case 4:
- R15B02: {error,esslconnect}
- R16B03-1: {error,{tls_alert,"handshake failure"}}
- OTP-17.3.1: {error,{tls_alert,"handshake failure"}}

Inconsistencies in expected return of 'ssl:connect/2' in test case 5:
- R15B02: {error,"certificate expired"}
- R16B03-1: {error,{tls_alert,"certificate expired"}}
- OTP-17.3.1: {error,{tls_alert,"unknown ca"}}

Inconsistencies in expected return of 'ssl:connect/2' in test case 6:
- R15B02: SSL handshake process crashes
- R16B03-1: {error,{tls_alert,"certificate revoked"}}
- OTP-17.3.1: {error,closed}

Inconsistencies in expected return of 'ssl:connect/2' in test case 7:
- R15B02: {ok, Socket}
- R16B03-1: {ok, Socket}
- OTP-17.3.1: {error,{tls_alert,"unknown ca"}}

No inconsistencies in test case 1. :)

The code is available on https://github.com/dergraf/erlang_ssl_tester.

Cheers,
André



More information about the erlang-questions mailing list