aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2016-06-15 15:14:29 +0200
committerIngela Anderton Andin <[email protected]>2016-06-15 15:14:29 +0200
commite1b7c7732bf966b41f222b7cf5a3095cc573c83f (patch)
treec456f76d9ffb83157820635303b021196a26f947
parent59397963e4f1e32b0d11f7862374ac65771feed2 (diff)
downloadotp-e1b7c7732bf966b41f222b7cf5a3095cc573c83f.tar.gz
otp-e1b7c7732bf966b41f222b7cf5a3095cc573c83f.tar.bz2
otp-e1b7c7732bf966b41f222b7cf5a3095cc573c83f.zip
ssl: Make sure openssl client does not use sslv2 hello
This should only be used in legacy test case not in test cases testing other functionality.
-rw-r--r--lib/ssl/test/ssl_to_openssl_SUITE.erl37
1 files changed, 25 insertions, 12 deletions
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index e1710bb2c4..b3109b5de9 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -1290,13 +1290,13 @@ erlang_server_openssl_client_sni_test(Config, SNIHostname, ExpectedSNIHostname,
Port = ssl_test_lib:inet_port(Server),
Exe = "openssl",
ClientArgs = case SNIHostname of
- undefined ->
- ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port)];
- _ ->
- ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port), "-servername", SNIHostname]
- end,
+ undefined ->
+ openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname,Port);
+ _ ->
+ openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname, Port, SNIHostname)
+ end,
ClientPort = ssl_test_lib:portable_open_port(Exe, ClientArgs),
-
+
%% Client check needs to be done befor server check,
%% or server check might consume client messages
ExpectedClientOutput = ["OK", "/CN=" ++ ExpectedCN ++ "/"],
@@ -1319,13 +1319,14 @@ erlang_server_openssl_client_sni_test_sni_fun(Config, SNIHostname, ExpectedSNIHo
Port = ssl_test_lib:inet_port(Server),
Exe = "openssl",
ClientArgs = case SNIHostname of
- undefined ->
- ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port)];
- _ ->
- ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port), "-servername", SNIHostname]
- end,
+ undefined ->
+ openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname,Port);
+ _ ->
+ openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname, Port, SNIHostname)
+ end,
+
ClientPort = ssl_test_lib:portable_open_port(Exe, ClientArgs),
-
+
%% Client check needs to be done befor server check,
%% or server check might consume client messages
ExpectedClientOutput = ["OK", "/CN=" ++ ExpectedCN ++ "/"],
@@ -1787,3 +1788,15 @@ workaround_openssl_s_clinent() ->
_ ->
[]
end.
+
+openssl_client_args(false, Hostname, Port) ->
+ ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port)];
+openssl_client_args(true, Hostname, Port) ->
+ ["s_client", "-no_ssl2", "-connect", Hostname ++ ":" ++ integer_to_list(Port)].
+
+openssl_client_args(false, Hostname, Port, ServerName) ->
+ ["s_client", "-connect", Hostname ++ ":" ++
+ integer_to_list(Port), "-servername", ServerName];
+openssl_client_args(true, Hostname, Port, ServerName) ->
+ ["s_client", "-no_ssl2", "-connect", Hostname ++ ":" ++
+ integer_to_list(Port), "-servername", ServerName].