MIM-2314 Fix tests to validate fast_tls config for c2s and s2s

esl · Nov 12, 2024 · db59cd7 · db59cd7
1 parent f2eccab
commit db59cd7
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 9 deletions.
diff --git a/rel/mim1.vars-toml.config b/rel/mim1.vars-toml.config
@@ -68,6 +68,7 @@
   shaper = \"c2s_shaper\"
   max_stanza_size = 65536
   tls.certfile = \"priv/ssl/fake_server.pem\"
+  tls.cacertfile = \"priv/ssl/cacert.pem\"
   tls.mode = \"tls\""}.
 {listen_service,
   "[[listen.service]]

diff --git a/test/common/config_parser_helper.erl b/test/common/config_parser_helper.erl
@@ -156,7 +156,8 @@ options("mongooseim-pgsql") ->
                 access => c2s,
                 shaper => c2s_shaper,
                 max_stanza_size => 65536,
-                tls => #{certfile => "priv/dc1.pem", dhfile => "priv/dh.pem"}
+                tls => #{certfile => "priv/dc1.pem", dhfile => "priv/dh.pem",
+                         cacertfile => "priv/ca.pem"}
                }),
        config([listen, c2s],
               #{port => 5223,

diff --git a/test/config_parser_SUITE.erl b/test/config_parser_SUITE.erl
@@ -508,11 +508,12 @@ listen_c2s_fast_tls(_Config) ->
     T = fun(Opts) -> listen_raw(c2s, #{<<"port">> => 5222,
                                        <<"tls">> => Opts}) end,
     P = [listen, 1, tls],
-    ?cfg(P, default_c2s_tls(fast_tls), T(#{})),
+    M = tls_ca_raw(),
+    ?cfg(P, maps:merge(default_c2s_tls(fast_tls), tls_ca()), T(M)),
     test_fast_tls_server(P, T),
-    ?cfg(P ++ [mode], tls, T(#{<<"mode">> => <<"tls">>})),
-    ?err(T(#{<<"mode">> => <<"stopttls">>})),
-    ?err(T(#{<<"module">> => <<"slow_tls">>})).
+    ?cfg(P ++ [mode], tls, T(M#{<<"mode">> => <<"tls">>})),
+    ?err(T(M#{<<"mode">> => <<"stopttls">>})),
+    ?err(T(M#{<<"module">> => <<"slow_tls">>})).
 
 listen_c2s_just_tls(_Config) ->
     T = fun(Opts) -> listen_raw(c2s, #{<<"port">> => 5222,
@@ -1197,12 +1198,13 @@ test_just_tls_client_sni(ParentP, ParentT) ->
 
 test_fast_tls_server(P, T) ->
     ?cfg(P ++ [verify_mode], none, T(#{<<"verify_mode">> => <<"none">>})),
-    ?cfg(P ++ [certfile], "priv/cert.pem", T(#{<<"certfile">> => <<"priv/cert.pem">>})),
+    M = tls_ca_raw(),
+    ?cfg(P ++ [certfile], "priv/cert.pem", T(M#{<<"certfile">> => <<"priv/cert.pem">>})),
     ?cfg(P ++ [cacertfile], "priv/ca.pem", T(tls_ca_raw())),
     ?cfg(P ++ [ciphers], "TLS_AES_256_GCM_SHA384",
-         T(#{<<"ciphers">> => <<"TLS_AES_256_GCM_SHA384">>})),
-    ?cfg(P ++ [dhfile], "priv/dh.pem", T(#{<<"dhfile">> => <<"priv/dh.pem">>})),
-    ?cfg(P ++ [protocol_options], ["nosslv2"], T(#{<<"protocol_options">> => [<<"nosslv2">>]})),
+         T(M#{<<"ciphers">> => <<"TLS_AES_256_GCM_SHA384">>})),
+    ?cfg(P ++ [dhfile], "priv/dh.pem", T(M#{<<"dhfile">> => <<"priv/dh.pem">>})),
+    ?cfg(P ++ [protocol_options], ["nosslv2"], T(M#{<<"protocol_options">> => [<<"nosslv2">>]})),
     ?err(T(#{<<"verify_mode">> => <<"selfsigned_peer">>})), % value only for just_tls
     ?err(T(#{<<"crl_files">> => [<<"priv/cert.pem">>]})), % option only for just_tls
     ?err(T(#{<<"certfile">> => <<"no_such_file.pem">>})),

diff --git a/test/config_parser_SUITE_data/mongooseim-pgsql.toml b/test/config_parser_SUITE_data/mongooseim-pgsql.toml
@@ -86,6 +86,7 @@
   tls.mode = "starttls"
   tls.certfile = "priv/dc1.pem"
   tls.dhfile = "priv/dh.pem"
+  tls.cacertfile = "priv/ca.pem"
 
 [[listen.c2s]]
   port = 5223