aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <ingela@erlang.org>2013-04-19 22:07:55 +0200
committerIngela Anderton Andin <ingela@erlang.org>2013-05-08 10:39:19 +0200
commitf5902d53588784d95674e07055fc2ef0d6fd0ed0 (patch)
treed8a8db81daea3f7f4d115c763e8b647056ed5c80
parent826ff38deec221e306b2f4a9ee529fae1dbbedf7 (diff)
downloadotp-f5902d53588784d95674e07055fc2ef0d6fd0ed0.tar.gz
otp-f5902d53588784d95674e07055fc2ef0d6fd0ed0.tar.bz2
otp-f5902d53588784d95674e07055fc2ef0d6fd0ed0.zip
ssl: Filter out ECC cipher suites when openssl is buggy
Even in "normal" (not explicitly ECC tests) cases we need to filter out ECC ciper suites as they are preferd.
-rw-r--r--lib/ssl/test/ssl_test_lib.erl12
-rw-r--r--lib/ssl/test/ssl_to_openssl_SUITE.erl3
2 files changed, 14 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 3b63886a07..6069a9da95 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -982,3 +982,15 @@ is_sane_ecc(openssl) ->
end;
is_sane_ecc(_) ->
true.
+
+cipher_restriction(Config) ->
+ case is_sane_ecc(openssl) of
+ false ->
+ Opts = proplists:get_value(server_opts, Config),
+ NewConfig = proplists:delete(server_opts, Config),
+ Restricted0 = ssl:cipher_suites() -- ecdsa_suites(),
+ Restricted = Restricted0 -- ecdh_rsa_suites(),
+ [{server_opts, [{ciphers, Restricted} | Opts]} | NewConfig];
+ true ->
+ Config
+ end.
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index fc88a8f23c..075b4b1ec4 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -107,7 +107,8 @@ init_per_suite(Config0) ->
ct:log("Make certs ~p~n", [Result]),
Config1 = ssl_test_lib:make_dsa_cert(Config0),
Config = ssl_test_lib:cert_options(Config1),
- [{watchdog, Dog} | Config]
+ NewConfig = [{watchdog, Dog} | Config],
+ ssl_test_lib:cipher_restriction(NewConfig)
catch _:_ ->
{skip, "Crypto did not start"}
end