From 4b850604d61ca0aaa44121c067a1630af1013a2a Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Fri, 13 Oct 2023 17:14:57 +0200 Subject: [PATCH] fix(otp26): fix SSL compatibility for OTP 26 There is no need to add appup instructions for changed modules because they are only type spec changes --- include/esockd.hrl | 8 +++++++- src/esockd.app.src | 2 +- src/esockd.erl | 4 ++-- src/esockd_generic_limiter.erl | 3 +-- src/esockd_limiter.erl | 6 +----- src/esockd_transport.erl | 2 +- test/esockd_SUITE.erl | 22 ++++++++++++++-------- test/esockd_dtls_SUITE.erl | 9 +++++++-- test/esockd_transport_SUITE.erl | 19 +++++++++++++------ 9 files changed, 47 insertions(+), 28 deletions(-) diff --git a/include/esockd.hrl b/include/esockd.hrl index a0c2f575..8a4a2f65 100644 --- a/include/esockd.hrl +++ b/include/esockd.hrl @@ -65,4 +65,10 @@ -define(IS_PROXY(Sock), is_record(Sock, proxy_socket)). --endif. +-if(?OTP_RELEASE >= 26). +-type ssl_option() :: ssl:tls_option(). +-else. +-type ssl_option() :: ssl:ssl_option(). +-endif. % OTP_RELEASE + +-endif. % ESOCKD_HRL diff --git a/src/esockd.app.src b/src/esockd.app.src index 801f9c58..2e3cdc63 100644 --- a/src/esockd.app.src +++ b/src/esockd.app.src @@ -4,7 +4,7 @@ {vsn, "5.9.7"}, {modules, []}, {registered, []}, - {applications, [kernel, stdlib, sasl, ssl]}, + {applications, [kernel, stdlib, sasl, ssl, public_key]}, {mod, {esockd_app, []}}, {env, []}, {licenses, ["Apache-2.0"]}, diff --git a/src/esockd.erl b/src/esockd.erl index af01dcc2..6bcd0acc 100644 --- a/src/esockd.erl +++ b/src/esockd.erl @@ -104,8 +104,8 @@ -type(host() :: inet:ip_address() | string()). -type(listen_on() :: inet:port_number() | {host(), inet:port_number()}). --type ssl_options() :: [{handshake_timeout, pos_integer()} | ssl:ssl_option()]. --type dtls_options() :: [{handshake_timeout, pos_integer()} | ssl:ssl_option()]. +-type ssl_options() :: [{handshake_timeout, pos_integer()} | ssl_option()]. +-type dtls_options() :: [{handshake_timeout, pos_integer()} | ssl_option()]. %%-------------------------------------------------------------------- %% APIs diff --git a/src/esockd_generic_limiter.erl b/src/esockd_generic_limiter.erl index 3cecbc6a..fe5192df 100644 --- a/src/esockd_generic_limiter.erl +++ b/src/esockd_generic_limiter.erl @@ -17,6 +17,7 @@ -module(esockd_generic_limiter). -export([create/1, consume/2, delete/1]). +-export_type([limiter/0, create_options/0, consume_result/0]). -type pause_time() :: non_neg_integer(). @@ -40,8 +41,6 @@ -callback delete(limiter()) -> ok. --export_type([limiter/0, create_options/0, consume_result/0]). - %%-------------------------------------------------------------------- %% Callbacks %%-------------------------------------------------------------------- diff --git a/src/esockd_limiter.erl b/src/esockd_limiter.erl index b5940d9d..9693c065 100644 --- a/src/esockd_limiter.erl +++ b/src/esockd_limiter.erl @@ -134,13 +134,9 @@ pause_time(Name, Now) -> max(1, LastTime + (Interval * 1000) - Now) end. -%% The dialyzer cannot support this type specification --dialyzer({nowarn_function, delete/1}). --spec delete(esockd_generic_limiter:limter()) -> ok; - (bucket_name()) -> ok. +-spec delete(esockd_generic_limiter:limiter() | bucket_name()) -> ok. delete(#{name := Name}) -> delete(Name); - delete(Name) -> gen_server:cast(?SERVER, {delete, Name}). diff --git a/src/esockd_transport.erl b/src/esockd_transport.erl index 723f5d6d..3452fc7e 100644 --- a/src/esockd_transport.erl +++ b/src/esockd_transport.erl @@ -378,7 +378,7 @@ shutdown(#proxy_socket{socket = Sock}, How) -> shutdown(Sock, How). %% @doc TCP/DTLS socket -> #ssl_socket{} --spec(ssl_upgrade_fun([ssl:ssl_option()]) -> esockd:sock_fun()). +-spec(ssl_upgrade_fun([ssl_option()]) -> esockd:sock_fun()). ssl_upgrade_fun(SslOpts) -> {Timeout, SslOpts1} = take_handshake_timeout(SslOpts), {GCAfterHandshake, SslOpts2} = take_gc_after_handshake(SslOpts1), diff --git a/test/esockd_SUITE.erl b/test/esockd_SUITE.erl index 39786404..f1b0065c 100644 --- a/test/esockd_SUITE.erl +++ b/test/esockd_SUITE.erl @@ -91,13 +91,15 @@ t_open_dtls(Config) -> DtlsOpts = [{mode, binary}, {reuseaddr, true}, {certfile, esockd_ct:certfile(Config)}, - {keyfile, esockd_ct:keyfile(Config)} + {keyfile, esockd_ct:keyfile(Config)}, + {verify, verify_none} ], {ok, _} = esockd:open_dtls(echo, 5000, [{dtls_options, DtlsOpts}], {dtls_echo_server, start_link, []}), {ok, Sock} = ssl:connect({127,0,0,1}, 5000, [binary, {protocol, dtls}, - {active, false} + {active, false}, + {verify, verify_none} ], 5000), ok = ssl:send(Sock, <<"Hi">>), {ok, <<"Hi">>} = ssl:recv(Sock, 0, 3000), @@ -242,11 +244,13 @@ t_get_current_connections(Config) -> DtlsOpts = [{mode, binary}, {reuseaddr, true}, {certfile, esockd_ct:certfile(Config)}, - {keyfile, esockd_ct:keyfile(Config)} + {keyfile, esockd_ct:keyfile(Config)}, + {verify, verify_none} ], + ClientOpts = [binary, {protocol, dtls}, {verify, verify_none}], {ok, _LSup1} = esockd:open_dtls(dtls_echo, 7000, [{dtls_options, DtlsOpts}], {dtls_echo_server, start_link, []}), - {ok, DtlsSock1} = ssl:connect({127,0,0,1}, 7000, [binary, {protocol, dtls}], 5000), - {ok, DtlsSock2} = ssl:connect({127,0,0,1}, 7000, [binary, {protocol, dtls}], 5000), + {ok, DtlsSock1} = ssl:connect({127,0,0,1}, 7000, ClientOpts, 5000), + {ok, DtlsSock2} = ssl:connect({127,0,0,1}, 7000, ClientOpts, 5000), timer:sleep(10), ?assertEqual(2, esockd:get_current_connections({dtls_echo, 7000})), ok = ssl:close(DtlsSock1), @@ -277,11 +281,13 @@ t_get_shutdown_count(Config) -> DtlsOpts = [{mode, binary}, {reuseaddr, true}, {certfile, esockd_ct:certfile(Config)}, - {keyfile, esockd_ct:keyfile(Config)} + {keyfile, esockd_ct:keyfile(Config)}, + {verify, verify_none} ], + ClientOpts = [binary, {protocol, dtls}, {verify, verify_none}], {ok, _LSup1} = esockd:open_dtls(dtls_echo, 7000, [{dtls_options, DtlsOpts}], {dtls_echo_server, start_link, []}), - {ok, DtlsSock1} = ssl:connect({127,0,0,1}, 7000, [binary, {protocol, dtls}], 5000), - {ok, DtlsSock2} = ssl:connect({127,0,0,1}, 7000, [binary, {protocol, dtls}], 5000), + {ok, DtlsSock1} = ssl:connect({127,0,0,1}, 7000, ClientOpts, 5000), + {ok, DtlsSock2} = ssl:connect({127,0,0,1}, 7000, ClientOpts, 5000), ok = ssl:close(DtlsSock1), ok = ssl:close(DtlsSock2), timer:sleep(200), diff --git a/test/esockd_dtls_SUITE.erl b/test/esockd_dtls_SUITE.erl index 71d60b38..fd4834d3 100644 --- a/test/esockd_dtls_SUITE.erl +++ b/test/esockd_dtls_SUITE.erl @@ -38,15 +38,20 @@ t_dtls_server(Config) -> DtlsOpts = [{mode, binary}, {reuseaddr, true}, {certfile, esockd_ct:certfile(Config)}, - {keyfile, esockd_ct:keyfile(Config)} + {keyfile, esockd_ct:keyfile(Config)}, + {verify, verify_none} ], Options = [{acceptors, 4}, {max_connections, 1000}, {max_conn_rate, 10}, {dtls_options, DtlsOpts}], + ClientOpts = [binary, + {protocol, dtls}, + {active, false}, + {verify, verify_none}], {ok, _} = esockd:open_dtls('echo/dtls', 9876, Options, {?MODULE, dtls_echo_init, []}), - {ok, Sock} = ssl:connect({127,0,0,1}, 9876, [binary, {protocol, dtls}, {active, false}], 5000), + {ok, Sock} = ssl:connect({127,0,0,1}, 9876, ClientOpts, 5000), ok = ssl:send(Sock, <<"hello">>), {ok, <<"hello">>} = ssl:recv(Sock, 5, 3000), ok = ssl:send(Sock, <<"world">>), diff --git a/test/esockd_transport_SUITE.erl b/test/esockd_transport_SUITE.erl index 5de558ef..cbd57e71 100644 --- a/test/esockd_transport_SUITE.erl +++ b/test/esockd_transport_SUITE.erl @@ -90,9 +90,11 @@ t_send_recv_tcp(_) -> t_send_ssl(Config) -> ssl:start(), SslOpts = [{certfile, esockd_ct:certfile(Config)}, - {keyfile, esockd_ct:keyfile(Config)}], + {keyfile, esockd_ct:keyfile(Config)}, + {verify, verify_none} + ], {ok, _} = esockd:open(echo, 8883, [{ssl_options, SslOpts}], {echo_server, start_link, []}), - {ok, SslSock} = ssl:connect({127,0,0,1}, 8883, [], 3000), + {ok, SslSock} = ssl:connect({127,0,0,1}, 8883, [{verify, verify_none}], 3000), ok = esockd_transport:send(#ssl_socket{ssl = SslSock}, <<"Hello">>), ok = esockd_transport:close(#ssl_socket{ssl = SslSock}), ok = esockd:close(echo, 8883). @@ -101,9 +103,11 @@ t_send_ssl_gc_after_handshake(Config) -> ssl:start(), SslOpts = [{certfile, esockd_ct:certfile(Config)}, {keyfile, esockd_ct:keyfile(Config)}, - {gc_after_handshake, true}], + {gc_after_handshake, true}, + {verify, verify_none} + ], {ok, _} = esockd:open(echo, 8883, [{ssl_options, SslOpts}], {echo_server, start_link, []}), - {ok, SslSock} = ssl:connect({127,0,0,1}, 8883, [], 3000), + {ok, SslSock} = ssl:connect({127,0,0,1}, 8883, [{verify, verify_none}], 3000), ok = esockd_transport:send(#ssl_socket{ssl = SslSock}, <<"Hello">>), ok = esockd_transport:close(#ssl_socket{ssl = SslSock}), ok = esockd:close(echo, 8883). @@ -220,9 +224,12 @@ t_peersni_ssl_disabled_sni(Config) -> ssl:start(), SslOpts = [{certfile, esockd_ct:certfile(Config)}, {keyfile, esockd_ct:keyfile(Config)}, - {gc_after_handshake, true}], + {gc_after_handshake, true}, + {verify, verify_none} + ], + ClientSslOpts = [{server_name_indication, disable}, {verify, verify_none}], {ok, _} = esockd:open(echo, 8883, [{ssl_options, SslOpts}], {?MODULE, start_link_peersni, [disable]}), - {ok, SslSock} = ssl:connect("localhost", 8883, [{server_name_indication, disable}], 3000), + {ok, SslSock} = ssl:connect("localhost", 8883, ClientSslOpts, 3000), ok = ssl:send(SslSock, <<"Hello">>), receive {ssl, _, "Hello"} -> ok