diff options
Diffstat (limited to 'lib/ssl/test/openssl_server_cert_SUITE.erl')
-rw-r--r-- | lib/ssl/test/openssl_server_cert_SUITE.erl | 82 |
1 files changed, 42 insertions, 40 deletions
diff --git a/lib/ssl/test/openssl_server_cert_SUITE.erl b/lib/ssl/test/openssl_server_cert_SUITE.erl index 7f7a9b739e..057d80b6f3 100644 --- a/lib/ssl/test/openssl_server_cert_SUITE.erl +++ b/lib/ssl/test/openssl_server_cert_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2019-2022. All Rights Reserved. +%% Copyright Ericsson AB 2019-2023. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. @@ -74,7 +74,7 @@ %%-------------------------------------------------------------------- %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- -all() -> +all() -> [ {group, openssl_server}]. @@ -103,7 +103,7 @@ groups() -> ]. protocol_groups() -> - case ssl_test_lib:openssl_sane_dtls() of + case ssl_test_lib:openssl_sane_dtls() of true -> [{group, 'tlsv1.3'}, {group, 'tlsv1.2'}, @@ -117,7 +117,7 @@ protocol_groups() -> {group, 'tlsv1.1'}, {group, 'tlsv1'} ] - end. + end. pre_tls_1_3_protocol_groups() -> [{group, rsa}, @@ -156,27 +156,27 @@ end_per_suite(Config) -> init_per_group(openssl_server, Config0) -> Config = proplists:delete(server_type, proplists:delete(client_type, Config0)), - [{client_type, erlang}, {server_type, openssl} | Config]; + [{client_type, erlang}, {server_type, openssl} | Config]; init_per_group(rsa = Group, Config0) -> Config = ssl_test_lib:make_rsa_cert(Config0), COpts = proplists:get_value(client_rsa_opts, Config), SOpts = proplists:get_value(server_rsa_opts, Config), %% Make sure _rsa* suite is chosen by ssl_test_lib:start_server Version = ssl_test_lib:protocol_version(Config), - Ciphers = ssl_cert_tests:test_ciphers(fun(dhe_rsa) -> + Ciphers = ssl_cert_tests:test_ciphers(fun(dhe_rsa) -> true; - (ecdhe_rsa) -> + (ecdhe_rsa) -> true; (_) -> - false - end, Version), + false + end, Version), case Ciphers of [_|_] -> [{cert_key_alg, rsa} | - lists:delete(cert_key_alg, - [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, - {server_cert_opts, SOpts} | - lists:delete(server_cert_opts, + lists:delete(cert_key_alg, + [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, + {server_cert_opts, SOpts} | + lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; [] -> {skip, {no_sup, Group, Version}} @@ -203,9 +203,9 @@ init_per_group(Alg, Config) when Alg == rsa_pss_rsae; Alg == rsa_pss_pss -> Supports = crypto:supports(), RSAOpts = proplists:get_value(rsa_opts, Supports), - - case lists:member(rsa_pkcs1_pss_padding, RSAOpts) - andalso lists:member(rsa_pss_saltlen, RSAOpts) + + case lists:member(rsa_pkcs1_pss_padding, RSAOpts) + andalso lists:member(rsa_pss_saltlen, RSAOpts) andalso lists:member(rsa_mgf1_md, RSAOpts) andalso ssl_test_lib:is_sane_oppenssl_pss(Alg) of @@ -223,9 +223,9 @@ init_per_group(Alg, Config) when Alg == rsa_pss_rsae; end; init_per_group(ecdsa = Group, Config0) -> PKAlg = crypto:supports(public_keys), - case lists:member(ecdsa, PKAlg) andalso (lists:member(ecdh, PKAlg) orelse - lists:member(dh, PKAlg)) - andalso (ssl_test_lib:openssl_ecdsa_suites() =/= []) + case lists:member(ecdsa, PKAlg) andalso (lists:member(ecdh, PKAlg) orelse + lists:member(dh, PKAlg)) + andalso (ssl_test_lib:openssl_ecdsa_suites() =/= []) of true -> Config = ssl_test_lib:make_ecdsa_cert(Config0), @@ -233,20 +233,20 @@ init_per_group(ecdsa = Group, Config0) -> SOpts = proplists:get_value(server_ecdsa_opts, Config), %% Make sure ecdh* suite is chosen by ssl_test_lib:start_server Version = ssl_test_lib:protocol_version(Config), - Ciphers = ssl_cert_tests:test_ciphers(fun(ecdh_ecdsa) -> + Ciphers = ssl_cert_tests:test_ciphers(fun(ecdh_ecdsa) -> true; - (ecdhe_ecdsa) -> + (ecdhe_ecdsa) -> true; (_) -> - false - end, Version), + false + end, Version), case Ciphers of [_|_] -> [{cert_key_alg, ecdsa} | lists:delete(cert_key_alg, - [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, - {server_cert_opts, SOpts} | - lists:delete(server_cert_opts, + [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, + {server_cert_opts, SOpts} | + lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))] )]; [] -> @@ -258,8 +258,8 @@ init_per_group(ecdsa = Group, Config0) -> init_per_group(ecdsa_1_3 = Group, Config0) -> PKAlg = crypto:supports(public_keys), case lists:member(ecdsa, PKAlg) andalso (lists:member(ecdh, PKAlg) orelse - lists:member(dh, PKAlg)) - andalso (ssl_test_lib:openssl_ecdsa_suites() =/= []) + lists:member(dh, PKAlg)) + andalso (ssl_test_lib:openssl_ecdsa_suites() =/= []) of true -> Config = ssl_test_lib:make_ecdsa_cert(Config0), @@ -311,35 +311,37 @@ init_per_group(eddsa_1_3, Config0) -> end; init_per_group(dsa = Group, Config0) -> PKAlg = crypto:supports(public_keys), - case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) andalso - (ssl_test_lib:openssl_dsa_suites() =/= []) of + case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) andalso + (ssl_test_lib:openssl_dsa_suites() =/= []) + andalso (ssl_test_lib:check_sane_openssl_dsa(Config0)) + of true -> - Config = ssl_test_lib:make_dsa_cert(Config0), + Config = ssl_test_lib:make_dsa_cert(Config0), COpts = proplists:get_value(client_dsa_opts, Config), SOpts = proplists:get_value(server_dsa_opts, Config), %% Make sure dhe_dss* suite is chosen by ssl_test_lib:start_server Version = ssl_test_lib:protocol_version(Config), - Ciphers = ssl_cert_tests:test_ciphers(fun(dh_dss) -> + Ciphers = ssl_cert_tests:test_ciphers(fun(dh_dss) -> true; - (dhe_dss) -> + (dhe_dss) -> true; (_) -> - false - end, Version), + false + end, Version), case Ciphers of [_|_] -> [{cert_key_alg, dsa} | lists:delete(cert_key_alg, - [{client_cert_opts, [{ciphers, Ciphers} | COpts]}, - {server_cert_opts, SOpts} | - lists:delete(server_cert_opts, + [{client_cert_opts, [{ciphers, Ciphers} | COpts] ++ ssl_test_lib:sig_algs(dsa, Version)}, + {server_cert_opts, SOpts} | + lists:delete(server_cert_opts, lists:delete(client_cert_opts, Config))])]; [] -> {skip, {no_sup, Group, Version}} end; false -> {skip, "Missing DSS crypto support"} - end; + end; init_per_group(GroupName, Config) -> case ssl_test_lib:is_protocol_version(GroupName) of true -> @@ -361,7 +363,7 @@ init_per_testcase(_TestCase, Config) -> ct:timetrap({seconds, 30}), Config. -end_per_testcase(_TestCase, Config) -> +end_per_testcase(_TestCase, Config) -> Config. %%-------------------------------------------------------------------- |