diff options
author | Andreas Schultz <aschultz@tpip.net> | 2013-02-27 08:14:20 +0000 |
---|---|---|
committer | Andreas Schultz <aschultz@tpip.net> | 2013-02-27 19:24:14 +0100 |
commit | bd5d5cd8496d7021eed01ab6f9f0a7776d335e7c (patch) | |
tree | f962634c03924452d84c66ee07b4847ddd885334 | |
parent | 31a028230651063ba056e9a3c78744c30cc6a8a0 (diff) | |
download | erlang-bd5d5cd8496d7021eed01ab6f9f0a7776d335e7c.tar.gz |
SSL: run OpenSSL tests only on cipher suites supported in OpenSSL
Erlangs SSL app can in some cases support more TLS cipher suites
that the underlying openssl version itself. So when running the
openssl connection tests we need to consider not only our own
capabilites, but openssl's as well.
-rw-r--r-- | lib/ssl/test/ssl_to_openssl_SUITE.erl | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl index 4f53132d5d..a3e2d5e6e0 100644 --- a/lib/ssl/test/ssl_to_openssl_SUITE.erl +++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl @@ -1002,7 +1002,7 @@ erlang_server_openssl_client_npn_only_client(Config) when is_list(Config) -> %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- -run_suites(Ciphers, Version, Config, Type) -> +run_suites(Ciphers0, Version, Config, Type) -> {ClientOpts, ServerOpts} = case Type of rsa -> @@ -1013,6 +1013,7 @@ run_suites(Ciphers, Version, Config, Type) -> ?config(server_dsa_opts, Config)} end, + Ciphers = filter_suites(Ciphers0), Result = lists:map(fun(Cipher) -> cipher(Cipher, Version, Config, ClientOpts, ServerOpts) end, Ciphers), @@ -1380,3 +1381,18 @@ check_sane_openssl_version(Version) -> {_, _} -> true end. + +filter_suites(Suites) -> + OpenSSLSuites = gb_sets:from_list(string:tokens(os:cmd("openssl ciphers"), ":\n")), + + lists:filter(fun(Suite) -> + try + OpenSSLSuite = ssl_cipher:openssl_suite_name(ssl_cipher:suite(Suite)), + gb_sets:is_member(OpenSSLSuite, OpenSSLSuites) + catch + _:_ -> + %% no OpenSSL name known + false + end + end, Suites). + |