Skip to content

Commit

Permalink
Merge pull request #15 from internetee/log-handshake-errors
Browse files Browse the repository at this point in the history
Log handshake errors
  • Loading branch information
Maciej Szlosarczyk authored Jul 29, 2019
2 parents fa9f9e0 + 0231aae commit 036c63b
Show file tree
Hide file tree
Showing 13 changed files with 182 additions and 31 deletions.
1 change: 1 addition & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ RUN apt-get update && apt-get install -y \
libc-dev \
perl=* \
procps=* \
inotify-tools=* \
libssl1.0.0=* \
perl-base=* \
&& apt-get clean \
Expand Down
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,8 @@ tests, there is a small Roda application located in `apps/epp_proxy/priv/test_ba
It has been written with Ruby 2.6.3.

There is also a number of generated ssl certificates that are used only for testing. Those are
valid until 2029 and they are located in `apps/epp_proxy/priv/test_ca`.
valid until 2029 and they are located in `apps/epp_proxy/priv/test_ca`. The password for test CA
is `password`.

You need to start the backend application before running the test suite. To start it as a deamon,
from the root folder of the project, execute:
Expand Down
35 changes: 35 additions & 0 deletions apps/epp_proxy/priv/test_ca/certs/client.crt.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
-----BEGIN CERTIFICATE-----
MIIGGjCCBAKgAwIBAgICEAgwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVF
MREwDwYDVQQIDAhIYXJqdW1hYTEQMA4GA1UEBwwHVGFsbGlubjEjMCEGA1UECgwa
RWVzdGkgSW50ZXJuZXRpIFNpaHRhc3V0dXMxGjAYBgNVBAMMEWVwcF9wcm94eSB0
ZXN0IGNhMSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BpbnRlcm5ldC5lZTAeFw0xOTA3
MjkwNzUxNTdaFw0yOTA3MjYwNzUxNTdaMH4xCzAJBgNVBAYTAkVFMREwDwYDVQQI
DAhIYXJqdW1hYTEjMCEGA1UECgwaRWVzdGkgSW50ZXJuZXRpIFNpaHRhc3V0dXMx
FTATBgNVBAMMDHJldm9rZWQgY2VydDEgMB4GCSqGSIb3DQEJARYRaGVsbG9AaW50
ZXJuZXQuZWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDaFYIwYpsK
1lCpebo8lR+hBfPg5K1OM7UkE6yNV54UYH1xPUk2iZLxoCnCYZdrfFtzwEfnU+ot
rv6x+QzNh139bTupaUhetlbHBc/YO4Dp7MEF30wjjLGOacNmlsQi9RhGbegxqoJq
PB0mEq1ZSPQqsmBs8QxYoL3FhNVJrXvPBCXF2hmf0z+0LbScXRZ8CV5e7PAji5Oe
LomIPGe9CmVMWRH0JNvLETAEJG0iUPys/zXyBxz9rx9iPAmFhLy4srtvIFQG3tMc
Xu2r8Vyap7BpaEs4CV36fmWHMQ5xVQgLOAhCKbD7uY2v+gKY6w6dQh1Vm1b9qD1N
Vk8isJ5WnT5Z4EFvaMq5gGGj1TaTBi4QOie6KVP8iavOKYYkdOoa60XLTtEa5s9b
cWPS1Bcnl43WR/pPonVvLY3N0VuCjXDwp60GHBGNsVpPa/bUF5wr6BsT7VScFsPM
QG3Gmc4Kc+jxKj3ysz5yVvIL1v9MzN5tdoHX5MNglP0jtNn7sTBZc8sJg5DGALds
7d64W1qTRrR41Cu78IUS7iRJRCXU4NLbyzV+BhEyDhiF8TGm+IGVXE+EAHQMXKjt
Ruzjasf5071bf/eOe50kgVrYDc/JZ2/lJJ/S4cdolz+5PcbExTzdwAeSA/oXKSm6
2ahveDRn8n6xNHSltjnAWo//9o6WCKHAEQIDAQABo4GJMIGGMAkGA1UdEwQCMAAw
CwYDVR0PBAQDAgXgMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUBbVpSL7xVkMpbVxGydzX3snO820wHwYDVR0j
BBgwFoAU/XfmSnO9pTxls7nPtRWVWQhkaBAwDQYJKoZIhvcNAQELBQADggIBAIrJ
NfPxjQBCE8sCNYRHj9wbtKb2oBFbz1w1irqi+C7kGhn+sfukmhgPA6L7T84DICon
nUhl35IX6DuKCqA+G1kGSG7WKfxK8xLxWt5oK5wH63qrrTcezYTmRnFlyIeIyIOm
Edi6HjVwl3x30aMc5DaC4eOjXJ3JReg5OubQOpBUYCswh8JTR5JCj+ircHiMfbxn
DO40D431madj/qATR/vZt8UYy53hTSQrIed4EeSD5G3OtnDWfvGwoTdwfnDiDZuO
auHpUiV0EP1E2P4N06TQWWEEA1cslKNhC9SbTLXlinM9d7QF2wJJ6fiOuUSganYg
ov9nt6hCTaVC12YTyIO3ZaRIy2KVTtUz0k0ECoiUrF03xqgZrPvixSVokBZnA3uQ
eBAt2Woi1H9ZR7dhnxG6Fbaf/upiQ3U/kHtW24YG3lmkyhAu5OKpQpqJWXabfnbl
QRt3HKcGdD1ytUsRpuMJ6Chtai9d5plPOkhcVgWPuawXBSHh4QHaEnEdqgpt3l3j
WwS2UUiewAbaLCv53LBL+6RRjlcKUInJp/zVRrpdq8hxX48sHCpSIwOckG1wANN2
68q1LzIWSaKG4LDE4E79FpWT8lnI6ccl0Xo0sbFvOaqMkIFJNXw60HWpUAbjIBTF
9iuftwIPUbl3aiHR0IQns8Rwk9YUu1lzWe5yn2Nj
-----END CERTIFICATE-----
33 changes: 17 additions & 16 deletions apps/epp_proxy/priv/test_ca/crl/crl.pem
Original file line number Diff line number Diff line change
@@ -1,21 +1,22 @@
-----BEGIN X509 CRL-----
MIIDfTCCAWUCAQEwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVFMREwDwYD
MIIDkjCCAXoCAQEwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkVFMREwDwYD
VQQIDAhIYXJqdW1hYTEQMA4GA1UEBwwHVGFsbGlubjEjMCEGA1UECgwaRWVzdGkg
SW50ZXJuZXRpIFNpaHRhc3V0dXMxGjAYBgNVBAMMEWVwcF9wcm94eSB0ZXN0IGNh
MSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BpbnRlcm5ldC5lZRcNMTkwNzExMTMxMTM0
WhcNMjkwNzA4MTMxMTM0WjBpMBMCAhACFw0xOTA1MjkwNjM5MTJaMBMCAhADFw0x
MSAwHgYJKoZIhvcNAQkBFhFoZWxsb0BpbnRlcm5ldC5lZRcNMTkwNzI5MDc1NTA5
WhcNMjkwNzI2MDc1NTA5WjB+MBMCAhACFw0xOTA1MjkwNjM5MTJaMBMCAhADFw0x
OTA1MjkwODQxMDJaMBMCAhAEFw0xOTA1MzExMTI0NTJaMBMCAhAFFw0xOTA1MzEx
MTQyMjJaMBMCAhAGFw0xOTA1MzExMjQzNDlaoDAwLjAfBgNVHSMEGDAWgBT9d+ZK
c72lPGWzuc+1FZVZCGRoEDALBgNVHRQEBAICEAgwDQYJKoZIhvcNAQELBQADggIB
ACv4opvBcQoCEkiKhVlr5bSq0vAVaTu1FloKTay0xsgDGSqQDnPR/B7ELSyoYo2A
iBuSrQREyvXOtZhlQyTHwCDnAjpgGDGdRbRJAhhbWA9/MC4oqyJLjOFxLspX2S7E
Fq4F/DbUZaW8niGGCcAUf8QnilaJLEhUT7qIJW2DpyFLd/1qLK81PBO8VW4fbKQI
z2LsrA3NijW+W192LMvHLKnE47ifW1PLM0dJimkVNrkS42ACuwnCOLfLJsIg9aRe
QsI1CY+L1F2tROedUFo6noffnm+SyMapna4SEXlQTaA1kfLtLOGVhXpBAgcewIsY
DQQCTn4oEAhZroZMPYJXYXC/pNSMUEBifXR2akO7eE5kLBgf11ZfhuEUqperviiJ
yLNzoakh3eMazIo5Qr8ZinMWP8HHZJI8GmOvJtVKAvOFmXkVm++Cnl/Ovp8skrTD
AibySMZSTgoAc+ynZYI5q6HZxJWXN/PQ/++hFyOW9aG1DTLGpV6rO+O4zNldmUIO
DTu+dUmKNamp1a6GcaY5xLSQTfV8InetxwF+gazvcmtEnqagH64EseSz4RZQLtRc
kAZLho1rPE35Ok/2eswMvQ9hOkQ7tX9dO35HYoHoVKUzdiBaPP3PCDeCC/Ei5C2n
Z1rfbtOFwF/36qyz7o+YqHaWHVc9W/koRjtrmXA1soJ2
MTQyMjJaMBMCAhAGFw0xOTA1MzExMjQzNDlaMBMCAhAHFw0xOTA3MjkwNzU0MzRa
oDAwLjAfBgNVHSMEGDAWgBT9d+ZKc72lPGWzuc+1FZVZCGRoEDALBgNVHRQEBAIC
EAkwDQYJKoZIhvcNAQELBQADggIBAEk9pyZjqyYUdnA0Sv7RyevRUQGKbbf3EXdv
JLDyvI9rpoyuWPkMT6vPsYght0cf/wO7oaEK/uustvFEYQiJss60jI0XuczWypk9
paKu3LhIy6Drm3locY2k0ESrgP9IwNzS5Xr0FiaWRIozbkcawte8M4Nqe8BO5prk
/5sLjv3eFnD7E445tZhu3vmXkD50FT3PLHVBEz4yS6Fx6nTiv+9QUu8NGf+bc6+o
YKPMy6Lh/wGC7p6sZJCOCjfzLAcqWfB2EW6XU8WeQcQCZ0au7zvZjQownCS9CeJV
KVsC4QiUt97FxR2gcEN2GJesywIF11X9o8s1K/Hz3+rrtU1ymoMLeumaRW24z35A
zVsdNwRfSPmt1qHlyaJaFhKG6jw5/nws+/wGFycIjWK0DSORiGCYdKD0cCjKJbNO
2QJnJlNOaCUUj8ULyiFOtZvdadc4JVW42NI/F+AFy/bnBK0uH6CenK5XwX3kEMme
KD8b5reUcVRhQdVJdAABFJlihIg05yENI7hlH1CKfy4vmlBKl+M2mW9cmNO8O6uS
KMH8/wLuLga9gYziNT1RmVNFbnpF0hc6CFtSnlVXXTlU/TrxheH8ykrHQhKEkQj+
3krObDFDCUMKmaGu2nxRYZwLXzUe3wVl1SAxw0eEGyON/N83sLYlcrwWTVzRG3Z7
RqRHPn+h
-----END X509 CRL-----
28 changes: 28 additions & 0 deletions apps/epp_proxy/priv/test_ca/csrs/client.csr.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIE1jCCAr4CAQAwgZAxCzAJBgNVBAYTAkVFMREwDwYDVQQIDAhIYXJqdW1hYTEQ
MA4GA1UEBwwHVGFsbGlubjEjMCEGA1UECgwaRWVzdGkgSW50ZXJuZXRpIFNpaHRh
c3V0dXMxFTATBgNVBAMMDHJldm9rZWQgY2VydDEgMB4GCSqGSIb3DQEJARYRaGVs
bG9AaW50ZXJuZXQuZWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDa
FYIwYpsK1lCpebo8lR+hBfPg5K1OM7UkE6yNV54UYH1xPUk2iZLxoCnCYZdrfFtz
wEfnU+otrv6x+QzNh139bTupaUhetlbHBc/YO4Dp7MEF30wjjLGOacNmlsQi9RhG
begxqoJqPB0mEq1ZSPQqsmBs8QxYoL3FhNVJrXvPBCXF2hmf0z+0LbScXRZ8CV5e
7PAji5OeLomIPGe9CmVMWRH0JNvLETAEJG0iUPys/zXyBxz9rx9iPAmFhLy4srtv
IFQG3tMcXu2r8Vyap7BpaEs4CV36fmWHMQ5xVQgLOAhCKbD7uY2v+gKY6w6dQh1V
m1b9qD1NVk8isJ5WnT5Z4EFvaMq5gGGj1TaTBi4QOie6KVP8iavOKYYkdOoa60XL
TtEa5s9bcWPS1Bcnl43WR/pPonVvLY3N0VuCjXDwp60GHBGNsVpPa/bUF5wr6BsT
7VScFsPMQG3Gmc4Kc+jxKj3ysz5yVvIL1v9MzN5tdoHX5MNglP0jtNn7sTBZc8sJ
g5DGALds7d64W1qTRrR41Cu78IUS7iRJRCXU4NLbyzV+BhEyDhiF8TGm+IGVXE+E
AHQMXKjtRuzjasf5071bf/eOe50kgVrYDc/JZ2/lJJ/S4cdolz+5PcbExTzdwAeS
A/oXKSm62ahveDRn8n6xNHSltjnAWo//9o6WCKHAEQIDAQABoAAwDQYJKoZIhvcN
AQELBQADggIBAM+rpYhoVrsgkItnaLoE5ZFqOsaW+nGyy7IVe8KeTi+sfDo/OOMH
KoZebwFkKa+5MpR7iGdGhwMsEvQBNwAAElLfVAW2NZQmC8DGwLyRA1yPTWNNvYi9
oGaLPAvIROnSdd5WImV749zxv9W23pjozYSyFWVRxjhZd6Wj3XLRJFkAtikZZW02
jnzLGLamILIuGj51d/ukR+uN4hVxnMKKhRpiRJFsjGJj3aai2ptJmvRhp1vrclJg
Bix1JsLzKbuvPP00EuZXUZ9bRDUW8bpNhvuWUhtS5iFME6mTyqL7PveivLX7Sxuy
VQ58FNeU68BIrdCSavxHtmgB/vjyMcfcEm7K9C7YPGSedK5evzKbVpkNk2SP5Cl4
0pLDeLjYRGnf6sDjGK1FVJYAX9AG+8ZiCtSkWfMY/5ClcK5SCeO5QY1Ad3bY1Ez8
l3IdzKwZK4zq9NZN20r0ZzSZ8kzEqeKotKXIPDjKBDHFk3wu4tkHZf9pyu9PkQjZ
RpoVmhNFVQ2BRdZANudrMiWgUhxUpQgmRQPnpGbDmdWdvqEoHsTPkHrxgNdb+PxP
D3NWN28hj9MRve+lSStnN/GXb9DPKyA6vmUHcd9p8EnnmLTy9sqy/smE3zYwDmz2
QSGz4UhMOAD6/6/9mCLf1qiRpD2JAcYOz7LcVTrqpo3UtHAW/XD9XNPp
-----END CERTIFICATE REQUEST-----
14 changes: 10 additions & 4 deletions apps/epp_proxy/priv/test_ca/generate_certificates.sh
Original file line number Diff line number Diff line change
@@ -1,9 +1,15 @@
# !/bin/sh
# Use localhost as common name.
openssl genrsa -out private/webclient.key.pem 4096
openssl req -sha256 -config openssl.cnf -new -days 3650 -key private/webclient.key.pem -out csrs/webclient.csr.pem
openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -extensions usr_cert -notext -md sha256 -in csrs/webclient.csr.pem -days 3650 -out certs/webclient.crt.pem
openssl ca -keyfile private/ca.key.pem -cert certs/ca.crt.pem -gencrl -out crl/crl.pem
openssl genrsa -out private/client.key.pem 4096
openssl req -sha256 -config openssl.cnf -new -days 3650 -key private/client.key.pem -out csrs/client.csr.pem
openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -extensions usr_cert -notext -md sha256 -in csrs/client.csr.pem -days 3650 -out certs/client.crt.pem

openssl genrsa -out private/revoked.key.pem 4096
openssl req -sha256 -config openssl.cnf -new -days 3650 -key private/revoked.key.pem -out csrs/revoked.csr.pem
openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -extensions usr_cert -notext -md sha256 -in csrs/revoked.csr.pem -days 3650 -out certs/revoked.crt.pem
openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -revoke certs/revoked.crt.pem

openssl ca -config openssl.cnf -keyfile private/ca.key.pem -cert certs/ca.crt.pem -crldays 3650 -gencrl -out crl/crl.pem

openssl req -config openssl.cnf -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout private/apache.key -config server.csr.cnf
openssl x509 -req -in server.csr -CA certs/ca.crt.pem -CAkey private/ca.key.pem -CAcreateserial -out certs/apache.crt -days 3650 -sha256 -extfile v3.ext
51 changes: 51 additions & 0 deletions apps/epp_proxy/priv/test_ca/private/client.key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA2hWCMGKbCtZQqXm6PJUfoQXz4OStTjO1JBOsjVeeFGB9cT1J
NomS8aApwmGXa3xbc8BH51PqLa7+sfkMzYdd/W07qWlIXrZWxwXP2DuA6ezBBd9M
I4yxjmnDZpbEIvUYRm3oMaqCajwdJhKtWUj0KrJgbPEMWKC9xYTVSa17zwQlxdoZ
n9M/tC20nF0WfAleXuzwI4uTni6JiDxnvQplTFkR9CTbyxEwBCRtIlD8rP818gcc
/a8fYjwJhYS8uLK7byBUBt7THF7tq/FcmqewaWhLOAld+n5lhzEOcVUICzgIQimw
+7mNr/oCmOsOnUIdVZtW/ag9TVZPIrCeVp0+WeBBb2jKuYBho9U2kwYuEDonuilT
/ImrzimGJHTqGutFy07RGubPW3Fj0tQXJ5eN1kf6T6J1by2NzdFbgo1w8KetBhwR
jbFaT2v21BecK+gbE+1UnBbDzEBtxpnOCnPo8So98rM+clbyC9b/TMzebXaB1+TD
YJT9I7TZ+7EwWXPLCYOQxgC3bO3euFtak0a0eNQru/CFEu4kSUQl1ODS28s1fgYR
Mg4YhfExpviBlVxPhAB0DFyo7Ubs42rH+dO9W3/3jnudJIFa2A3PyWdv5SSf0uHH
aJc/uT3GxMU83cAHkgP6Fykputmob3g0Z/J+sTR0pbY5wFqP//aOlgihwBECAwEA
AQKCAgBPJsNLoF45PrOj7wRC/LSwEqMDGrwzx9yUrXdRDV3Yc3TT5rRt0Ny+Sa0e
WaFFZ6shhcYTFYfG8N6L5aJZ7imU01J2GDol9fPk5B0dk+sj+8PKx9KwjF3dHFHJ
KCsjrOUUmstNS19uA0dpDBpSb4H/BSKuJ4adnCmESMPIq+hlqFG1T4VBVsCmOnh0
z+xbNGNF/KTjocMABE/yXEoieGVvolw7yizjtOdCeZ4KeG5cs3v2zdId2LOBSd0C
0rxUJLqWiJs2qyTgBSwp3b4Ie5gxiaLTQcMUKU/cE1f0ljIHMFz+9na/xgbAufK7
YYS6WsaezXRzN96X9R1fr86oDQYVmREnBU5ouUWDMop17M3TRH70mAdaczb2zML3
cg+uQXjuw45hyD322RySZgz4+nnLcSFJBHzfbfFBnGtwiAfVqc68n5+wVLzJvwji
zV6MCs7FfvR1+ex/MY9woggkQTHfDX2311N83uD11K6pO5FbRQUSHgNo+/tEYwAq
niY6fsXPxOPC8udEIbCEOFOGd/xMF9ihvbMWbSVB/ZZFIedrzbk8SPG/rUx+k5wP
rCte69i/b2yQyfDs9ULYletevHb+CuhIyAvIIkhb1zfM4rmoa6MdHmhJAKb3lzLO
lAyYmnepFbVek6vqpn+6oJzHCejCAhUoSr1oytBlNUDdvjacYQKCAQEA83t3d+EH
jgqEZiH9DvZnhrgiX5qtTPieVyl6bpbw8XM4ULmy3fy3ZdFEN/zGJlRYMVA0P4I8
4GJaULYtDlaPuH1xqhuFrF/gv1aOGChq4M33nNtdjVgWvWKJK6rkPXCYwD8QRK/H
vz3DQUqn7XEqLEknFWt6SeIseSajrXWLF0F+hy6HmW+eRONHf5HT8EMx3zqMgoE1
eNyCeJ8Xkja+T7t1xcYKW5zUeDs9nYXPiuk9Mq2zQzqfiIJKnow4HThrd2WKcKKC
60C7YTGEvEHbUTAzz9C4BaVjEXu7bCfb5ryVfnJH8LHpQ1PgEIVBdJ7OjfXDnAf2
FqoMiHFAximvPQKCAQEA5UvExUQJTLNrB7K/mn0/2Q9G8zQgpns+EwxD2s9nhpXD
RLmbPIH5URV1Hf5HchlKp5uY7KB0SgUIjAV6I2FDv/oFNk+pu/PXI2rOcZuPgX3M
KD5MTw+Gm5NtoYgDemcJUMgAk9ilh7v7YKP8ASwNxikHkQ3oEKPXSW1/mJxiSzpH
8tpmSFisBAFtBJlMEzt8FGH7a8+DpvbOyxfP4aocF6cgqKtSwgtKJm2EwSyaEMYB
1cK6wQeY0mpcmtrdSeJaEWnq5deFhEYWOKTaliTQMFgWC6RBGdCp7RGyE0jVQi7F
iAXFsfkNjVmmSF8PAA/CKOIW0Z1QV/10zP9F5ofhZQKCAQEAuT41TZJ6Ufn0c1Pm
mSyk5R1QoZYnxYjdxwi6qkrSc5CqxtgRmsy7p45ILaR2CRFgq9wOdEcdE8YgWonP
y7nVzJI8GSSpVdT4Q/qRTxXpArIRclh/W5sqadn+7Kcu0QPKY3FXajqmaPyPgixP
iNnxMRJS1vwXZQDbvyzDmKP2N7JPln+zEOyX6GdWrVsAeSpWVjTQVDYDvble1nCL
2WUm87h2yQp8NOkjyXmgzijRFymOsvDukvaWC6C9LtUVmD2lnYg2hK1Pl7Z/GVo4
V5ZvSty2fqSYbUtADTwrAwVsS6cswbAmxZxGEUBOF6OagiSUl/LkaOCxvNqRgHlR
w7JRLQKCAQEA15S6R0HlgHC783vyu1yBGCJN8cET5ZK/1QbWETapPhc2hToAow4M
i1iiSXXWVIdE8nrPd8KQMzuyQnuvzu3W1ftKxTp2+hiTMGBuAtBgRz4wIbIY6shN
JZ6iF5oasw2G66VvLZImZ4ytFrp25980gBf5Xj717hctBYNm0ORPYi1EkicWvXRp
Hkb86bL7nKVzznIlAcMUI3mvCbG0qJXYXcCrawnRAFG/AIw9oaW+oICaHxE7ptru
qv6HXKzkG2AukGrGCBzvEmMW52DPhxTLjHh1GbLv5kaSTSszAwCaSORSocXTjrX7
MOeV+Dsvjj5CrU+MZr4CWQgatdZYMRuWJQKCAQB7BGo5ajhebHd9UD1+X+plXBWb
LxMhvK9f4Z/Q7PUDcQwesyF4/iyLFxdihixPspBpY4YuRAXzXtFrGtzKxfTdBz8O
pBk++GI8OBA0+qviIYkqg3Yojb05nupAL+by8HHMc2kQwbiZQ0oH1AKZgGcAxe9i
dI+nSMDWM088bwTDmmUHVE4hdEiYvRza3OefDH4/EQhNhJHvWqgGsaHL0nhmfPVa
O4ovmZoRqLsCdxuUao2Q2klIFQicKWsnl2J96rIlzgjZGzHUgqkAKnnrYGTdu7oG
tiQRzzDF0C24sbH2mrX6Q+sjN7KKW1fCIQEufMCbT8nF/gv7SD7Do/H0SFp1
-----END RSA PRIVATE KEY-----
6 changes: 4 additions & 2 deletions apps/epp_proxy/src/epp_http_client.erl
Original file line number Diff line number Diff line change
Expand Up @@ -82,10 +82,12 @@ request_from_map(#{command := Command,
%% Return form data or an empty list.
request_body(?helloCommand, _, _) -> "";
request_body(_Command, RawFrame, nomatch) ->
{multipart, [{<<"raw_frame">>, RawFrame}, {<<"frame">>, RawFrame}]};
{multipart,
[{<<"raw_frame">>, RawFrame}, {<<"frame">>, RawFrame}]};
request_body(_Command, RawFrame, ClTRID) ->
{multipart,
[{<<"raw_frame">>, RawFrame}, {<<"frame">>, RawFrame}, {<<"clTRID">>, ClTRID}]}.
[{<<"raw_frame">>, RawFrame}, {<<"frame">>, RawFrame},
{<<"clTRID">>, ClTRID}]}.

%% Return a list of properties that each represent a query part in a query string.
%% [{"user", "eis"}]} becomes later https://example.com?user=eis
Expand Down
18 changes: 15 additions & 3 deletions apps/epp_proxy/src/epp_tls_worker.erl
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,14 @@ start_link(Socket) ->
%% If certificate is revoked, this will fail right away here.
%% mod_epp does exactly the same thing.
handle_cast(serve, State = #state{socket = Socket}) ->
{ok, SecureSocket} = ssl:handshake(Socket),
NewState = state_from_socket(SecureSocket, State),
{noreply, NewState};
{ok, {PeerIp, _PeerPort}} = ssl:peername(Socket),
case ssl:handshake(Socket) of
{ok, SecureSocket} ->
NewState = state_from_socket(SecureSocket, State),
{noreply, NewState};
{error, Error} ->
log_on_invalid_handshake(PeerIp, Error)
end;
%% Step two: Using the state of the connection, get the hello route
%% from http server. Send the response from HTTP server back to EPP
%% client. When this succeeds, send "process_command" to self and
Expand Down Expand Up @@ -160,6 +165,13 @@ log_on_timeout(State) ->
lager:info("Client timed out: [~p]~n", [State]),
exit(normal).

log_on_invalid_handshake(Ip, Error) ->
ReadableIp = epp_util:readable_ip(Ip),
lager:info("Failed SSL handshake. IP: ~s, Error: "
"[~p]~n",
[ReadableIp, Error]),
exit(normal).

%% Extract state info from socket. Fail if you must.
state_from_socket(Socket, State) ->
{ok, PeerCert} = ssl:peercert(Socket),
Expand Down
24 changes: 19 additions & 5 deletions apps/epp_proxy/test/tls_client_SUITE.erl
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@
valid_command_test_case/1,
long_message_test_case/1,
invalid_command_test_case/1,
error_test_case/1]).
error_test_case/1,
revoked_cert_test_case/1]).

all() ->
[frame_size_test_case,
Expand All @@ -20,17 +21,22 @@ all() ->
valid_command_test_case,
long_message_test_case,
invalid_command_test_case,
error_test_case].
error_test_case,
revoked_cert_test_case].

init_per_suite(Config) ->
application:ensure_all_started(epp_proxy),
application:ensure_all_started(hackney),
CWD = code:priv_dir(epp_proxy),
Options = [binary,
{certfile, filename:join(CWD, "test_ca/certs/webclient.crt.pem")},
{keyfile, filename:join(CWD, "test_ca/private/webclient.key.pem")},
{certfile, filename:join(CWD, "test_ca/certs/client.crt.pem")},
{keyfile, filename:join(CWD, "test_ca/private/client.key.pem")},
{active, false}],
[{ssl_options, Options} | Config].
RevokedOptions = [binary,
{certfile, filename:join(CWD, "test_ca/certs/revoked.crt.pem")},
{keyfile, filename:join(CWD, "test_ca/private/revoked.key.pem")},
{active, false}],
[{ssl_options, Options}, {revoked_options, RevokedOptions} | Config].

end_per_suite(Config) ->
application:stop(epp_proxy),
Expand Down Expand Up @@ -170,6 +176,14 @@ error_test_case(Config) ->
"Command syntax error."),
ok.

revoked_cert_test_case(Config) ->
Options = proplists:get_value(revoked_options, Config),
{error, Error} = ssl:connect("localhost", 1443, Options, 2000),
{tls_alert,
{certificate_revoked,
"received CLIENT ALERT: Fatal - Certificate Revoked"}} = Error,
ok.

%% Helper functions:
length_of_data(Data) ->
EPPEnvelope = binary:part(Data, {0, 4}),
Expand Down

0 comments on commit 036c63b

Please sign in to comment.