diff options
author | Ingela Anderton Andin <[email protected]> | 2013-03-21 11:32:45 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2013-05-08 10:39:17 +0200 |
commit | 2976421b28202961b470c9450c5b98429a8a19f1 (patch) | |
tree | df678c3d2627097c603faaf0e95a967f1fb083c9 | |
parent | 3aba3fb6ddca49f37c592c86f838423e0698c6f6 (diff) | |
download | otp-2976421b28202961b470c9450c5b98429a8a19f1.tar.gz otp-2976421b28202961b470c9450c5b98429a8a19f1.tar.bz2 otp-2976421b28202961b470c9450c5b98429a8a19f1.zip |
ssl: Skip ECC cipher tests on versions of openssl pre 0.9.9
EEC is not fully supported before 0.9.9. Also skip tests on opensslversions
with known bugs in ECC support
-rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 2 | ||||
-rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 23 | ||||
-rw-r--r-- | lib/ssl/test/ssl_to_openssl_SUITE.erl | 2 |
3 files changed, 23 insertions, 4 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index aa87224305..2e820299c5 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -1549,7 +1549,7 @@ ciphers_rsa_signed_certs(Config) when is_list(Config) -> Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])), - Ciphers = ssl_test_lib:rsa_suites(), + Ciphers = ssl_test_lib:rsa_suites(erlang), ct:print("~p erlang cipher suites ~p~n", [Version, Ciphers]), run_suites(Ciphers, Version, Config, rsa). %%------------------------------------------------------------------- diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index fc1817ec49..1dfaf099f1 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -709,12 +709,13 @@ send_selected_port(Pid, 0, Socket) -> send_selected_port(_,_,_) -> ok. -rsa_suites() -> +rsa_suites(CounterPart) -> + ECC = is_sane_ecc(CounterPart), lists:filter(fun({rsa, _, _}) -> true; ({dhe_rsa, _, _}) -> true; - ({ecdhe_rsa, _, _}) -> + ({ecdhe_rsa, _, _}) when ECC == true -> true; (_) -> false @@ -963,3 +964,21 @@ send_recv_result_active_once(Socket) -> {ssl, Socket, "Hello world"} -> ok end. + +is_sane_ecc(openssl) -> + case os:cmd("openssl version") of + "OpenSSL 1.0.0a" ++ _ -> % Known bug in openssl + %% manifests as SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list + false; + "OpenSSL 1.0.0" ++ _ -> % Known bug in openssl + %% manifests as SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list + false; + "OpenSSL 0.9.8" ++ _ -> % Does not support ECC + false; + "OpenSSL 0.9.7" ++ _ -> % Does not support ECC + false; + _ -> + true + end; +is_sane_ecc(_) -> + true. diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl index a3d382f837..1324ffdf9c 100644 --- a/lib/ssl/test/ssl_to_openssl_SUITE.erl +++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl @@ -749,7 +749,7 @@ ciphers_rsa_signed_certs(Config) when is_list(Config) -> Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])), - Ciphers = ssl_test_lib:rsa_suites(), + Ciphers = ssl_test_lib:rsa_suites(openssl), run_suites(Ciphers, Version, Config, rsa). %%-------------------------------------------------------------------- |