Simplify tests and fix option depenency bug

Author: sindrip

lib/ssl/src/ssl.erl

@@ -1605,6 +1605,9 @@ handle_option(anti_replay = Option, Value0,
         stateless ->
             Value = validate_option(Option, Value0),
             OptionsMap#{Option => Value};
+        stateless_with_cert ->
+            Value = validate_option(Option, Value0),
+            OptionsMap#{Option => Value};
         _ ->
             OptionsMap#{Option => default_value(Option, Rules)}
     end;

lib/ssl/test/ssl_session_ticket_SUITE.erl

@@ -1,6 +1,4 @@
 %%
-%% %CopyrightBegin%
-%%
 %% Copyright Ericsson AB 2007-2022. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
@@ -82,11 +80,7 @@
          early_data_basic_auth/0,
          early_data_basic_auth/1,
          stateless_multiple_servers/0,
-         stateless_multiple_servers/1,
-         peercert_stateless_stateful_without_cert/0,
-         peercert_stateless_stateful_without_cert/1,
-         peercert_stateless_stateful_with_cert/0,
-         peercert_stateless_stateful_with_cert/1]).
+         stateless_multiple_servers/1]).
 
 -include("tls_handshake.hrl").
 
@@ -109,20 +103,10 @@ groups() ->
                       {group, stateful_with_cert},
                       {group, stateless_with_cert},
                       {group, mixed}]},
-     {stateful, [], session_tests() ++
-          [peercert_stateless_stateful_without_cert]},
-     {stateless, [], session_tests() ++
-          [ticketage_smaller_than_windowsize_anti_replay,
-           ticketage_bigger_than_windowsize_anti_replay,
-           ticketage_out_of_lifetime_anti_replay, ticket_reuse_anti_replay,
-           ticket_reuse_anti_replay_server_restart,
-           ticket_reuse_anti_replay_server_restart_reused_seed,
-           stateless_multiple_servers,
-           peercert_stateless_stateful_without_cert]},
-     {stateful_with_cert, [], session_tests() ++
-          [peercert_stateless_stateful_with_cert]},
-     {stateless_with_cert, [], session_tests() ++
-          [peercert_stateless_stateful_with_cert]},
+     {stateful, [], session_tests()},
+     {stateless, [], session_tests() ++ anti_replay_tests()},
+     {stateful_with_cert, [], session_tests()},
+     {stateless_with_cert, [], session_tests() ++ anti_replay_tests()},
      {mixed, [], mixed_tests()}].
 
 session_tests() ->
@@ -139,6 +123,16 @@ session_tests() ->
      early_data_basic,
      early_data_basic_auth].
 
+anti_replay_tests() ->
+    [
+     ticketage_smaller_than_windowsize_anti_replay,
+     ticketage_bigger_than_windowsize_anti_replay,
+     ticketage_out_of_lifetime_anti_replay, ticket_reuse_anti_replay,
+     ticket_reuse_anti_replay_server_restart,
+     ticket_reuse_anti_replay_server_restart_reused_seed,
+     stateless_multiple_servers
+    ].
+
 mixed_tests() ->
     [
      basic_stateful_stateless,
@@ -186,6 +180,7 @@ init_per_testcase(_, Config)  ->
 
 end_per_testcase(_TestCase, Config) ->
     application:unset_env(ssl, server_session_ticket_max_early_data),
+    application:unset_env(ssl, server_session_ticket_lifetime),
     Config.
 
 %%--------------------------------------------------------------------
@@ -224,6 +219,15 @@ basic(Config) when is_list(Config) ->
                                          {from, self()}, {options, ClientOpts}]),
     ssl_test_lib:check_result(Server0, ok, Client0, ok),
 
+    Server0 ! get_socket,
+    SSocket0 =
+        receive
+            {Server0, {socket, Socket0}} ->
+                Socket0
+        end,
+
+    {ok, ClientCert} = ssl:peercert(SSocket0),
+
     Server0 ! {listen, {mfa, {ssl_test_lib,
                               verify_active_session_resumption,
                               [true]}}},
@@ -242,6 +246,21 @@ basic(Config) when is_list(Config) ->
                                          {from, self()}, {options, ClientOpts}]),
     ssl_test_lib:check_result(Server0, ok, Client1, ok),
 
+    Server0 ! get_socket,
+    SSocket1 =
+        receive
+            {Server0, {socket, Socket1}} ->
+                Socket1
+        end,
+
+    ExpectedPeercert = case ServerTicketMode of
+        stateful_with_cert -> {ok, ClientCert};
+        stateless_with_cert -> {ok, ClientCert};
+        _ -> {error, no_peercert}
+    end,
+
+    ExpectedPeercert = ssl:peercert(SSocket1),
+
     process_flag(trap_exit, false),
     ssl_test_lib:close(Server0),
     ssl_test_lib:close(Client1).
@@ -1351,152 +1370,6 @@ stateless_multiple_servers(Config) when is_list(Config) ->
     ssl_test_lib:close(Server1),
     ssl_test_lib:close(Client1).
 
-peercert_stateless_stateful_without_cert() ->
-    [{doc, "Test peercert not returning client certificate after resumption"}].
-peercert_stateless_stateful_without_cert(Config) when is_list(Config) ->
-    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
-    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
-    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-    ServerTicketMode = proplists:get_value(server_ticket_mode, Config),
-
-    %% Configure session tickets
-    ClientOpts = [{session_tickets, auto},
-                  {versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
-    ServerOpts = [{session_tickets, ServerTicketMode},
-                  {versions, ['tlsv1.2','tlsv1.3']}|ServerOpts0],
-
-    Server0 =
-	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
-                               {from, self()},
-                               {mfa, {ssl_test_lib,
-                                     verify_active_session_resumption,
-                                     [false]}},
-                               {options, ServerOpts}]),
-    Port0 = ssl_test_lib:inet_port(Server0),
-
-    %% Store ticket from first connection
-    Client0 = ssl_test_lib:start_client([{node, ClientNode},
-                                         {port, Port0}, {host, Hostname},
-                                         {mfa, {ssl_test_lib,  %% Full handshake
-                                                verify_active_session_resumption,
-                                                [false]}},
-                                         {from, self()}, {options, ClientOpts}]),
-    ssl_test_lib:check_result(Server0, ok, Client0, ok),
-
-    Server0 ! get_socket,
-    SSocket0 =
-        receive
-            {Server0, {socket, Socket0}} ->
-                Socket0
-        end,
-
-    {ok, _ClientCert} = ssl:peercert(SSocket0),
-
-    Server0 ! {listen, {mfa, {ssl_test_lib,
-                              verify_active_session_resumption,
-                              [true]}}},
-
-    %% Wait for session ticket
-    ct:sleep(100),
-
-    ssl_test_lib:close(Client0),
-
-    %% Use ticket
-    Client1 = ssl_test_lib:start_client([{node, ClientNode},
-                                         {port, Port0}, {host, Hostname},
-                                         {mfa, {ssl_test_lib,  %% Short handshake
-                                                verify_active_session_resumption,
-                                                [true]}},
-                                         {from, self()}, {options, ClientOpts}]),
-
-    ssl_test_lib:check_result(Server0, ok, Client1, ok),
-
-    Server0 ! get_socket,
-    SSocket1 =
-        receive
-            {Server0, {socket, Socket1}} ->
-                Socket1
-        end,
-
-    {error, no_peercert} = ssl:peercert(SSocket1),
-
-    process_flag(trap_exit, false),
-    ssl_test_lib:close(Server0),
-    ssl_test_lib:close(Client1).
-
-peercert_stateless_stateful_with_cert() ->
-    [{doc, "Test peercert returning client certificate after resumption"}].
-peercert_stateless_stateful_with_cert(Config) when is_list(Config) ->
-    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
-    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
-    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-    ServerTicketMode = proplists:get_value(server_ticket_mode, Config),
-
-    %% Configure session tickets
-    ClientOpts = [{session_tickets, auto},
-                  {versions, ['tlsv1.2','tlsv1.3']}|ClientOpts0],
-    ServerOpts = [{session_tickets, ServerTicketMode},
-                  {versions, ['tlsv1.2','tlsv1.3']}|ServerOpts0],
-
-    Server0 =
-	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
-                               {from, self()},
-                               {mfa, {ssl_test_lib,
-                                     verify_active_session_resumption,
-                                     [false]}},
-                               {options, ServerOpts}]),
-    Port0 = ssl_test_lib:inet_port(Server0),
-
-    %% Store ticket from first connection
-    Client0 = ssl_test_lib:start_client([{node, ClientNode},
-                                         {port, Port0}, {host, Hostname},
-                                         {mfa, {ssl_test_lib,  %% Full handshake
-                                                verify_active_session_resumption,
-                                                [false]}},
-                                         {from, self()}, {options, ClientOpts}]),
-    ssl_test_lib:check_result(Server0, ok, Client0, ok),
-
-    Server0 ! get_socket,
-    SSocket0 =
-        receive
-            {Server0, {socket, Socket0}} ->
-                Socket0
-        end,
-
-    {ok, ClientCert} = ssl:peercert(SSocket0),
-
-    Server0 ! {listen, {mfa, {ssl_test_lib,
-                              verify_active_session_resumption,
-                              [true]}}},
-
-    %% Wait for session ticket
-    ct:sleep(100),
-
-    ssl_test_lib:close(Client0),
-
-    %% Use ticket
-    Client1 = ssl_test_lib:start_client([{node, ClientNode},
-                                         {port, Port0}, {host, Hostname},
-                                         {mfa, {ssl_test_lib,  %% Short handshake
-                                                verify_active_session_resumption,
-                                                [true]}},
-                                         {from, self()}, {options, ClientOpts}]),
-
-    ssl_test_lib:check_result(Server0, ok, Client1, ok),
-
-    Server0 ! get_socket,
-    SSocket1 =
-        receive
-            {Server0, {socket, Socket1}} ->
-                Socket1
-        end,
-
-    {ok, ClientCert} = ssl:peercert(SSocket1),
-
-    process_flag(trap_exit, false),
-    ssl_test_lib:close(Server0),
-    ssl_test_lib:close(Client1).
-
 %%--------------------------------------------------------------------
 %% Internal functions ------------------------------------------------
 %%--------------------------------------------------------------------