aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2019-07-29 15:11:53 +0200
committerIngela Anderton Andin <[email protected]>2019-07-31 09:44:49 +0200
commitad8c607df66aac55ca6133281635513a34ef5a88 (patch)
treecab49ef28b6635d096c3063381ad83b4fc67de37
parentb3244adc38777adbb4474a1e34e098eecda370af (diff)
downloadotp-ad8c607df66aac55ca6133281635513a34ef5a88.tar.gz
otp-ad8c607df66aac55ca6133281635513a34ef5a88.tar.bz2
otp-ad8c607df66aac55ca6133281635513a34ef5a88.zip
ssl: Avoid broken ALPN/NPN renegotiation in OpenSSL
All these test work fine with current OpenSSL master
-rw-r--r--lib/ssl/test/openssl_alpn_SUITE.erl14
-rw-r--r--lib/ssl/test/openssl_npn_SUITE.erl17
-rw-r--r--lib/ssl/test/ssl_test_lib.erl22
3 files changed, 43 insertions, 10 deletions
diff --git a/lib/ssl/test/openssl_alpn_SUITE.erl b/lib/ssl/test/openssl_alpn_SUITE.erl
index 1e8912be7d..5008dba922 100644
--- a/lib/ssl/test/openssl_alpn_SUITE.erl
+++ b/lib/ssl/test/openssl_alpn_SUITE.erl
@@ -36,7 +36,7 @@
all() ->
%% Note: ALPN not supported in sslv3
- case ssl_test_lib:openssl_sane_dtls() of
+ case ssl_test_lib:openssl_sane_dtls_alpn() of
true ->
[
{group, 'tlsv1.3'},
@@ -52,7 +52,7 @@ all() ->
end.
groups() ->
- case ssl_test_lib:openssl_sane_dtls() of
+ case ssl_test_lib:openssl_sane_dtls_alpn() of
true ->
[
{'tlsv1.3', [], alpn_tests()},
@@ -85,9 +85,13 @@ alpn_npn_coexist() ->
erlang_server_alpn_npn_openssl_client_alpn_npn
].
rengotiation_tests() ->
- [erlang_client_alpn_openssl_server_alpn_renegotiate,
- erlang_server_alpn_openssl_client_alpn_renegotiate].
-
+ case ssl_test_lib:sane_openssl_alpn_npn_renegotiate() of
+ true ->
+ [erlang_client_alpn_openssl_server_alpn_renegotiate,
+ erlang_server_alpn_openssl_client_alpn_renegotiate];
+ false ->
+ []
+ end.
init_per_suite(Config0) ->
case os:find_executable("openssl") of
false ->
diff --git a/lib/ssl/test/openssl_npn_SUITE.erl b/lib/ssl/test/openssl_npn_SUITE.erl
index f249ba47c2..0294f4997f 100644
--- a/lib/ssl/test/openssl_npn_SUITE.erl
+++ b/lib/ssl/test/openssl_npn_SUITE.erl
@@ -41,21 +41,28 @@ all() ->
{group, 'tlsv1'}].
groups() ->
- [{'tlsv1.2', [], npn_tests()},
- {'tlsv1.1', [], npn_tests()},
- {'tlsv1', [], npn_tests()}
+ [{'tlsv1.2', [], npn_tests() ++ npn_renegotiate_tests()},
+ {'tlsv1.1', [], npn_tests() ++ npn_renegotiate_tests()},
+ {'tlsv1', [], npn_tests() ++ npn_renegotiate_tests()}
].
npn_tests() ->
[erlang_client_openssl_server_npn,
erlang_server_openssl_client_npn,
- erlang_server_openssl_client_npn_renegotiate,
- erlang_client_openssl_server_npn_renegotiate,
erlang_server_openssl_client_npn_only_client,
erlang_server_openssl_client_npn_only_server,
erlang_client_openssl_server_npn_only_client,
erlang_client_openssl_server_npn_only_server].
+npn_renegotiate_tests() ->
+ case ssl_test_lib:sane_openssl_alpn_npn_renegotiate() of
+ true ->
+ [erlang_server_openssl_client_npn_renegotiate,
+ erlang_client_openssl_server_npn_renegotiate];
+ false ->
+ []
+ end.
+
init_per_suite(Config0) ->
case os:find_executable("openssl") of
false ->
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 7009a628f1..9bf2393897 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -2716,3 +2716,25 @@ new_config(PrivDir, ServerOpts0) ->
[{cacertfile, NewCaCertFile}, {certfile, NewCertFile},
{keyfile, NewKeyFile} | ServerOpts].
+
+sane_openssl_alpn_npn_renegotiate() ->
+ case os:cmd("openssl version") of
+ "LibreSSL 2.9.1" ++ _ ->
+ false;
+ "LibreSSL 2.6.4" ++ _ ->
+ false;
+ "OpenSSL 1.1.1a-freebsd" ++ _ ->
+ false;
+ _ ->
+ true
+ end.
+
+openssl_sane_dtls_alpn() ->
+ case os:cmd("openssl version") of
+ "OpenSSL 1.1.0g" ++ _ ->
+ false;
+ "OpenSSL 1.1.1a" ++ _ ->
+ false;
+ _->
+ openssl_sane_dtls()
+ end.