diff options
| author | Ingela Anderton Andin <ingela@erlang.org> | 2023-03-29 13:53:46 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <ingela@erlang.org> | 2023-04-04 09:25:29 +0200 |
| commit | c832926095334ed95c49ce9c36afdee77600d6f6 (patch) | |
| tree | 5ca65772d1820d918c1175078d172e48f1e6d4e6 /lib/ssl/test | |
| parent | be6aafc019634997ff34ee405a29d1a35014d83c (diff) | |
| download | erlang-c832926095334ed95c49ce9c36afdee77600d6f6.tar.gz | |
ssl: Avoid OpenSSL versions that will not interop with {dsa,sha}
These are versions that pass normal interop test but still do not work.
Diffstat (limited to 'lib/ssl/test')
| -rw-r--r-- | lib/ssl/test/openssl_client_cert_SUITE.erl | 4 | ||||
| -rw-r--r-- | lib/ssl/test/openssl_server_cert_SUITE.erl | 4 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 17 |
3 files changed, 23 insertions, 2 deletions
diff --git a/lib/ssl/test/openssl_client_cert_SUITE.erl b/lib/ssl/test/openssl_client_cert_SUITE.erl index 6348f4d110..36b098bd49 100644 --- a/lib/ssl/test/openssl_client_cert_SUITE.erl +++ b/lib/ssl/test/openssl_client_cert_SUITE.erl @@ -280,7 +280,9 @@ init_per_group(Group, Config0) when Group == dsa -> NVersion = ssl_test_lib:n_version(proplists:get_value(version, Config0)), SigAlgs = ssl_test_lib:sig_algs(dsa, NVersion), case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) - andalso (ssl_test_lib:openssl_dsa_suites() =/= []) of + andalso (ssl_test_lib:openssl_dsa_suites() =/= []) + andalso (ssl_test_lib:check_sane_openssl_dsa(Config0)) + of true -> Config = ssl_test_lib:make_dsa_cert(Config0), COpts = SigAlgs ++ proplists:get_value(client_dsa_opts, Config), diff --git a/lib/ssl/test/openssl_server_cert_SUITE.erl b/lib/ssl/test/openssl_server_cert_SUITE.erl index c4b09dbb37..03653ab0d6 100644 --- a/lib/ssl/test/openssl_server_cert_SUITE.erl +++ b/lib/ssl/test/openssl_server_cert_SUITE.erl @@ -312,7 +312,9 @@ init_per_group(eddsa_1_3, Config0) -> init_per_group(dsa = Group, Config0) -> PKAlg = crypto:supports(public_keys), case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) andalso - (ssl_test_lib:openssl_dsa_suites() =/= []) of + (ssl_test_lib:openssl_dsa_suites() =/= []) + andalso (ssl_test_lib:check_sane_openssl_dsa(Config0)) + of true -> Config = ssl_test_lib:make_dsa_cert(Config0), COpts = proplists:get_value(client_dsa_opts, Config), diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index eda86fe936..2c8827effe 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -44,6 +44,7 @@ default_tls_version/1, check_sane_openssl_renegotiate/2, check_openssl_npn_support/1, + check_sane_openssl_dsa/1, start_server/1, start_server/2, start_client/1, @@ -3357,6 +3358,22 @@ check_sane_openssl_version(Version, Config) -> false -> false end. + + +%% If other DSA checks have passed also check the following +check_sane_openssl_dsa(Config) -> + case not is_fips(openssl, Config) of + true -> + case proplists:get_value(openssl_version, Config) of + "OpenSSL 1.0." ++ _ -> + false; + _ -> + true + end; + false -> + false + end. + check_sane_openssl_renegotiate(Config, Version) when Version == 'tlsv1'; Version == 'tlsv1.1'; Version == 'tlsv1.2' -> |