From 0fbf813ebf7dc5337e3b0d5d690f3f6a906b0977 Mon Sep 17 00:00:00 2001 From: HuangDan Date: Tue, 28 Aug 2018 19:55:23 +0800 Subject: [PATCH] Add mqtt connect tests cases --- etc/emqx.conf | 2 +- test/emqx_client_SUITE.erl | 7 +++++-- test/emqx_ct_broker_helpers.erl | 35 +++++++++++++++++++++++++++++---- 3 files changed, 37 insertions(+), 7 deletions(-) diff --git a/etc/emqx.conf b/etc/emqx.conf index 4703f5083..31c5a11ed 100644 --- a/etc/emqx.conf +++ b/etc/emqx.conf @@ -1066,7 +1066,7 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem ## Most of it was copied from Mozilla’s Server Side TLS article ## ## Value: Ciphers -## listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA +listener.ssl.external.ciphers = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA ## SSL parameter renegotiation is a feature that allows a client and a server ## to renegotiate the parameters of the SSL connection on the fly. diff --git a/test/emqx_client_SUITE.erl b/test/emqx_client_SUITE.erl index 7b2d5aaae..458c21d68 100644 --- a/test/emqx_client_SUITE.erl +++ b/test/emqx_client_SUITE.erl @@ -23,9 +23,9 @@ -include_lib("eunit/include/eunit.hrl"). -all() -> []. +all() -> [{group, connect}]. -groups() -> []. +groups() -> [{connect, [start]}]. init_per_suite(Config) -> Config. @@ -39,3 +39,6 @@ init_per_group(_Group, Config) -> end_per_group(_Group, _Config) -> ok. +start(_Config) -> + {ok, ClientPid, _} = emqx_client:start_link(). + diff --git a/test/emqx_ct_broker_helpers.erl b/test/emqx_ct_broker_helpers.erl index a62297a49..038ac0dc6 100644 --- a/test/emqx_ct_broker_helpers.erl +++ b/test/emqx_ct_broker_helpers.erl @@ -29,6 +29,31 @@ {cacertfile, "certs/cacert.pem"}, {certfile, "certs/client-cert.pem"}]). +-define(CIPHERS, [{ciphers, + ["ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-AES256-SHA384", + "ECDHE-RSA-AES256-SHA384","ECDHE-ECDSA-DES-CBC3-SHA", + "ECDH-ECDSA-AES256-GCM-SHA384", + "ECDH-RSA-AES256-GCM-SHA384", + "ECDH-ECDSA-AES256-SHA384","ECDH-RSA-AES256-SHA384", + "DHE-DSS-AES256-GCM-SHA384","DHE-DSS-AES256-SHA256", + "AES256-GCM-SHA384","AES256-SHA256", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES128-SHA256", + "ECDHE-RSA-AES128-SHA256", + "ECDH-ECDSA-AES128-GCM-SHA256", + "ECDH-RSA-AES128-GCM-SHA256", + "ECDH-ECDSA-AES128-SHA256","ECDH-RSA-AES128-SHA256", + "DHE-DSS-AES128-GCM-SHA256","DHE-DSS-AES128-SHA256", + "AES128-GCM-SHA256","AES128-SHA256", + "ECDHE-ECDSA-AES256-SHA","ECDHE-RSA-AES256-SHA", + "DHE-DSS-AES256-SHA","ECDH-ECDSA-AES256-SHA", + "ECDH-RSA-AES256-SHA","AES256-SHA", + "ECDHE-ECDSA-AES128-SHA","ECDHE-RSA-AES128-SHA", + "DHE-DSS-AES128-SHA","ECDH-ECDSA-AES128-SHA", + "ECDH-RSA-AES128-SHA","AES128-SHA"]}]). run_setup_steps() -> NewConfig = generate_config(), @@ -71,7 +96,7 @@ change_opts(SslType) -> lists:foldl(fun({Protocol, Port, Opts} = Listener, Acc) -> case Protocol of ssl -> - SslOpts = proplists:get_value(sslopts, Opts), + SslOpts = proplists:get_value(ssl_options, Opts), Keyfile = local_path(["etc/certs", "key.pem"]), Certfile = local_path(["etc/certs", "cert.pem"]), TupleList1 = lists:keyreplace(keyfile, 1, SslOpts, {keyfile, Keyfile}), @@ -89,13 +114,15 @@ change_opts(SslType) -> (_) -> true end, TupleList2) end, - [{Protocol, Port, lists:keyreplace(sslopts, 1, Opts, {sslopts, TupleList3})} | Acc]; + [{Protocol, Port, lists:keyreplace(ssl_options, 1, Opts, {ssl_options, TupleList3})} | Acc]; _ -> [Listener | Acc] end end, [], Listeners), application:set_env(?APP, listeners, NewListeners). -client_ssl() -> - [{Key, local_path(["etc", File])} || {Key, File} <- ?MQTT_SSL_CLIENT]. +client_ssl_twoway() -> + [{Key, local_path(["etc", File])} || {Key, File} <- ?MQTT_SSL_CLIENT] ++ ?CIPHERS. +client_ssl() -> + ?CIPHERS ++ [{reuse_sessions, true}].