From 5c25ba425d6fb94f76b08593d6182923ddbc5f7a Mon Sep 17 00:00:00 2001 From: zmstone Date: Mon, 21 Oct 2024 16:39:30 +0200 Subject: [PATCH 1/2] Do not trigger SSL CLIET ALERT when shutdown --- lib/ssl/src/ssl_gen_statem.erl | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/ssl/src/ssl_gen_statem.erl b/lib/ssl/src/ssl_gen_statem.erl index 8d4e383f2fa9..c35f34ddf69c 100644 --- a/lib/ssl/src/ssl_gen_statem.erl +++ b/lib/ssl/src/ssl_gen_statem.erl @@ -1888,11 +1888,12 @@ log_alert(Level, Role, ProtocolName, StateName, Alert) -> statename => StateName, alert => Alert, alerter => peer}, Alert#alert.where). -terminate_alert(normal) -> - ?ALERT_REC(?WARNING, ?CLOSE_NOTIFY); -terminate_alert({Reason, _}) when Reason == close; - Reason == shutdown -> +terminate_alert(Reason) when Reason == normal; + Reason == shutdown; + Reason == close -> ?ALERT_REC(?WARNING, ?CLOSE_NOTIFY); +terminate_alert({Reason, _}) -> + terminate_alert(Reason); terminate_alert(_) -> ?ALERT_REC(?FATAL, ?INTERNAL_ERROR). From f04ca2a8671d96ad39d05fdb56f63f2986c5d32a Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 23 Oct 2024 15:55:37 +0200 Subject: [PATCH 2/2] ssl: Add whitebox test for supervisor shutdown --- lib/ssl/test/ssl_trace_SUITE.erl | 7 +++++-- lib/ssl/test/tls_api_SUITE.erl | 33 ++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/lib/ssl/test/ssl_trace_SUITE.erl b/lib/ssl/test/ssl_trace_SUITE.erl index 8fbc0b8efb4b..e8294dfd9ce6 100644 --- a/lib/ssl/test/ssl_trace_SUITE.erl +++ b/lib/ssl/test/ssl_trace_SUITE.erl @@ -204,9 +204,12 @@ tc_api_profile(Config) -> check_trace_map(Ref, TracesAfterConnect, UnhandledTraceCnt1), ssl_test_lib:close(Server), ssl_test_lib:close(Client), + %% terminate_alert will get called twice by both client and + %% server to strip away Details from {shutdown::Reason, Detatils} + %% before matching the Reason UnhandledTraceCnt2 = - #{call => 0, processed => no_trace_received, exception_from => 0, - return_from => 0}, + #{call => 2, processed => no_trace_received, exception_from => 0, + return_from => 2}, check_trace_map(Ref, TracesAfterDisconnect, UnhandledTraceCnt2), ssl_trace:stop(), ok. diff --git a/lib/ssl/test/tls_api_SUITE.erl b/lib/ssl/test/tls_api_SUITE.erl index c3992bfac063..04a1151f0481 100644 --- a/lib/ssl/test/tls_api_SUITE.erl +++ b/lib/ssl/test/tls_api_SUITE.erl @@ -63,6 +63,8 @@ tls_shutdown_both/1, tls_shutdown_error/0, tls_shutdown_error/1, + tls_sup_shutdown/0, + tls_sup_shutdown/1, tls_client_closes_socket/0, tls_client_closes_socket/1, tls_closed_in_active_once/0, @@ -164,6 +166,7 @@ api_tests() -> tls_shutdown_write, tls_shutdown_both, tls_shutdown_error, + tls_sup_shutdown, tls_password_correct, tls_password_incorrect, tls_password_badarg, @@ -782,6 +785,36 @@ tls_tcp_error_propagation_in_active_mode(Config) when is_list(Config) -> ssl_test_lib:check_result(Client, {ssl_closed, SslSocket}). +%%-------------------------------------------------------------------- +tls_sup_shutdown() -> + [{doc,"Test that terminate behaves correctly for exit(shutdown) as done by supervisor at application shutdown"}]. +tls_sup_shutdown(Config) when is_list(Config) -> + ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), + ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), + + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + + Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, + {from, self()}, + {mfa, {?MODULE, receive_msg, []}}, + {options, ServerOpts}]), + Port = ssl_test_lib:inet_port(Server), + + {_, #sslsocket{pid=[Pid|_]}} = ssl_test_lib:start_client([return_socket, + {node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {ssl_test_lib, no_result, []}}, + {options, [{active, false} | ClientOpts]}]), + exit(Pid, shutdown), + + receive + {Server, {ssl_closed, _}} -> + ok; + Msg -> + ct:fail(Msg) + end. + %%-------------------------------------------------------------------- tls_reject_warning_alert_in_initial_hs() -> [{doc,"Test sending warning ALERT instead of client hello"}].