diff options
author | Ingela Anderton Andin <ingela@erlang.org> | 2021-01-25 15:54:53 +0100 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2021-01-25 15:54:53 +0100 |
commit | b5d51412c74c13a74e3fd21f4bcd4b23c4a7afa9 (patch) | |
tree | a2b7e1cff093273e1e585b945a938622b851e61e /lib/ssl/test | |
parent | c343065b28c646cf61d6f52de70d82e17f833003 (diff) | |
parent | 1036f0799e01d8cb068b5a23153e0b434d4d3832 (diff) | |
download | erlang-b5d51412c74c13a74e3fd21f4bcd4b23c4a7afa9.tar.gz |
Merge branch 'ingela/ssl/openssl-cipher-cuddle' into maint
* ingela/ssl/openssl-cipher-cuddle:
ssl: Interop fixes
Diffstat (limited to 'lib/ssl/test')
-rw-r--r-- | lib/ssl/test/openssl_cipher_suite_SUITE.erl | 15 | ||||
-rw-r--r-- | lib/ssl/test/openssl_client_cert_SUITE.erl | 15 | ||||
-rw-r--r-- | lib/ssl/test/ssl_api_SUITE.erl | 2 | ||||
-rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 25 |
4 files changed, 42 insertions, 15 deletions
diff --git a/lib/ssl/test/openssl_cipher_suite_SUITE.erl b/lib/ssl/test/openssl_cipher_suite_SUITE.erl index 61297a5f18..fc17827a1b 100644 --- a/lib/ssl/test/openssl_cipher_suite_SUITE.erl +++ b/lib/ssl/test/openssl_cipher_suite_SUITE.erl @@ -95,10 +95,13 @@ %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- all() -> - [ - {group, openssl_server}, - {group, openssl_client} - ]. + case ssl_test_lib:working_openssl_client() of + true -> + [{group, openssl_server}, + {group, openssl_client}]; + false -> + [{group, openssl_server}] + end. all_protocol_groups() -> [ @@ -955,7 +958,7 @@ cipher_suite_test(CipherSuite, Version, Config) -> [{ciphers, [CipherSuite]} | SOpts], Config); _ -> ssl_test_lib:basic_test([{versions, [Version]}, {ciphers, [CipherSuite]} | COpts], - [{ciphers, ssl:cipher_suites(all, Version)} | SOpts], Config) + [{ciphers, ssl_test_lib:openssl_ciphers()} | SOpts], Config) end. test_ciphers(Kex, Cipher, Version) -> @@ -978,3 +981,5 @@ test_ciphers(Kex, Cipher, Version) -> end, Ciphers). +openssl_suitestr_to_map(OpenSSLSuiteStrs) -> + [ssl_cipher_format:suite_openssl_str_to_map(SuiteStr) || SuiteStr <- OpenSSLSuiteStrs]. diff --git a/lib/ssl/test/openssl_client_cert_SUITE.erl b/lib/ssl/test/openssl_client_cert_SUITE.erl index 7e8d842f14..0248956056 100644 --- a/lib/ssl/test/openssl_client_cert_SUITE.erl +++ b/lib/ssl/test/openssl_client_cert_SUITE.erl @@ -156,10 +156,15 @@ init_per_suite(Config) -> catch crypto:stop(), try crypto:start() of ok -> - ssl_test_lib:clean_start(), - Config + case ssl_test_lib:working_openssl_client() of + true -> + ssl_test_lib:clean_start(), + Config; + false -> + {skip, "Broken OpenSSL s_client"} + end catch _:_ -> - {skip, "Crypto did not start"} + {skip, "Crypto did not start"} end. end_per_suite(_Config) -> @@ -167,9 +172,9 @@ end_per_suite(_Config) -> application:unload(ssl), application:stop(crypto). -init_per_group(openssl_client, Config0) -> - Config = proplists:delete(server_type, proplists:delete(client_type, Config0)), +init_per_group(openssl_client, Config) -> [{client_type, openssl}, {server_type, erlang} | Config]; + init_per_group(Group, Config0) when Group == rsa; Group == rsa_1_3 -> Config = ssl_test_lib:make_rsa_cert(Config0), diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl index 0bacec9073..52477fe98f 100644 --- a/lib/ssl/test/ssl_api_SUITE.erl +++ b/lib/ssl/test/ssl_api_SUITE.erl @@ -1877,7 +1877,7 @@ new_options_in_handshake(Config) when is_list(Config) -> (ecdh_rsa) -> true; (rsa) -> - true; + false; (_) -> false end diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index f7dc04823b..1268a14eb0 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -120,7 +120,8 @@ server_msg/2, hardcode_rsa_key/1, bigger_buffers/0, - stop/2 + stop/2, + working_openssl_client/0 ]). -export([basic_test/3, @@ -285,6 +286,20 @@ init_per_group(GroupName, Config0) -> end end. +working_openssl_client() -> + case portable_cmd("openssl", ["version"]) of + %% Theses versions of OpenSSL has a client that + %% can not handle hello extensions. And will + %% fail with bad packet length if they are present + %% in ServerHello + "OpenSSL 0.9.8h" ++ _ -> + false; + "OpenSSL 0.9.8k" ++ _ -> + false; + _ -> + true + end. + init_per_group_openssl(GroupName, Config0) -> case is_tls_version(GroupName) andalso sufficient_crypto_support(GroupName) of true -> @@ -2075,9 +2090,11 @@ cipher_flag('tlsv1.3') -> cipher_flag(_) -> "-cipher". -ciphers(Ciphers, Version) -> +ciphers([#{}| _] = Ciphers, Version) -> Strs = [ssl_cipher_format:suite_map_to_openssl_str(Cipher) || Cipher <- Ciphers], - ciphers_concat(Version, Strs, ""). + ciphers_concat(Version, Strs, ""); +ciphers(Ciphers, Version) -> + ciphers_concat(Version, Ciphers, ""). ciphers_concat(_, [], [":" | Acc]) -> lists:append(lists:reverse(Acc)); @@ -2887,7 +2904,7 @@ check_sane_openssl_renegotiate(Config) -> {skip, "Known renegotiation bug in OpenSSL"}; "LibreSSL 2." ++ _ -> {skip, "Known renegotiation bug in LibreSSL"}; - "LibreSSL 3.1" ++ _ -> + "LibreSSL 3." ++ _ -> {skip, "Known renegotiation bug in LibreSSL"}; _ -> Config |