yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test: fix mtls options

This commit is contained in:
Zaiming (Stone) Shi 2023-12-12 20:48:31 +01:00
parent 8ee83ae05b
commit dca72e0052
4 changed files with 33 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx/test/emqx_broker_SUITE.erl
View File

@ -94,7 +94,7 @@ init_per_group(quic, Config) ->
[ [
{conn_fun, quic_connect}, {conn_fun, quic_connect},
{port, emqx_config:get([listeners, quic, test, bind])}, {port, emqx_config:get([listeners, quic, test, bind])},
{ssl_opts, emqx_common_test_helpers:client_ssl_twoway()}, {ssl_opts, emqx_common_test_helpers:client_mtls()},
{ssl, true}, {ssl, true},
{group_apps, Apps} {group_apps, Apps}
| Config | Config

4
apps/emqx/test/emqx_client_SUITE.erl
View File

@ -395,7 +395,7 @@ t_peercert_preserved_before_connected(_) ->
?HP_HIGHEST ?HP_HIGHEST
), ),
ClientId = atom_to_binary(?FUNCTION_NAME), ClientId = atom_to_binary(?FUNCTION_NAME),
SslConf = emqx_common_test_helpers:client_ssl_twoway(default), SslConf = emqx_common_test_helpers:client_mtls(default),
{ok, Client} = emqtt:start_link([ {ok, Client} = emqtt:start_link([
{port, 8883}, {port, 8883},
{clientid, ClientId}, {clientid, ClientId},
@ -455,7 +455,7 @@ tls_certcn_as_clientid(TLSVsn) ->
tls_certcn_as_clientid(TLSVsn, RequiredTLSVsn) -> tls_certcn_as_clientid(TLSVsn, RequiredTLSVsn) ->
CN = <<"Client">>, CN = <<"Client">>,
emqx_config:put_zone_conf(default, [mqtt, peer_cert_as_clientid], cn), emqx_config:put_zone_conf(default, [mqtt, peer_cert_as_clientid], cn),
SslConf = emqx_common_test_helpers:client_ssl_twoway(TLSVsn), SslConf = emqx_common_test_helpers:client_mtls(TLSVsn),
{ok, Client} = emqtt:start_link([{port, 8883}, {ssl, true}, {ssl_opts, SslConf}]), {ok, Client} = emqtt:start_link([{port, 8883}, {ssl, true}, {ssl_opts, SslConf}]),
{ok, _} = emqtt:connect(Client), {ok, _} = emqtt:connect(Client),
#{clientinfo := #{clientid := CN}} = emqx_cm:get_chan_info(CN), #{clientinfo := #{clientid := CN}} = emqx_cm:get_chan_info(CN),

35
apps/emqx/test/emqx_common_test_helpers.erl
View File

@ -48,8 +48,10 @@
-export([ -export([
client_ssl/0, client_ssl/0,
client_ssl/1, client_ssl/1,
client_ssl_twoway/0, client_mtls/0,
client_ssl_twoway/1, client_mtls/1,
ssl_verify_fun_allow_any_host/0,
ssl_verify_fun_allow_any_host_impl/3,
ensure_mnesia_stopped/0, ensure_mnesia_stopped/0,
ensure_quic_listener/2, ensure_quic_listener/2,
ensure_quic_listener/3, ensure_quic_listener/3,
@ -430,11 +432,11 @@ flush(Msgs) ->
after 0 -> lists:reverse(Msgs) after 0 -> lists:reverse(Msgs)
end. end.
client_ssl_twoway() -> client_mtls() ->
client_ssl_twoway(default). client_mtls(default).
client_ssl_twoway(TLSVsn) -> client_mtls(TLSVsn) ->
client_certs() ++ ciphers(TLSVsn). ssl_verify_fun_allow_any_host() ++ client_certs() ++ ciphers(TLSVsn).
%% Paths prepended to cert filenames %% Paths prepended to cert filenames
client_certs() -> client_certs() ->
@ -1421,3 +1423,24 @@ group_path(Config) ->
_:_ -> _:_ ->
[] []
end. end.
%% almost verify_none equivalent, but only ignores 'hostname_check_failed'
ssl_verify_fun_allow_any_host_impl(_Cert, Event, State) ->
case Event of
valid ->
{valid, State};
valid_peer ->
{valid, State};
{bad_cert, hostname_check_failed} ->
{valid, State};
{bad_cert, _} ->
{fail, Event};
{extension, _} ->
{unknown, State}
end.
ssl_verify_fun_allow_any_host() ->
[
{verify, verify_peer},
{verify_fun, {fun ?MODULE:ssl_verify_fun_allow_any_host_impl/3, _State = #{}}}
].

2
apps/emqx/test/emqx_persistent_session_SUITE.erl
View File

@ -115,7 +115,7 @@ init_per_group(quic, Config) ->
[ [
{port, get_listener_port(quic, test)}, {port, get_listener_port(quic, test)},
{conn_fun, quic_connect}, {conn_fun, quic_connect},
{ssl_opts, emqx_common_test_helpers:client_ssl_twoway()}, {ssl_opts, emqx_common_test_helpers:client_mtls()},
{ssl, true}, {ssl, true},
{group_apps, Apps} {group_apps, Apps}
| Config | Config