diff options
author | Ingela Anderton Andin <[email protected]> | 2013-03-21 11:32:45 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2013-05-08 10:39:17 +0200 |
commit | 2976421b28202961b470c9450c5b98429a8a19f1 (patch) | |
tree | df678c3d2627097c603faaf0e95a967f1fb083c9 /lib/ssl/test | |
parent | 3aba3fb6ddca49f37c592c86f838423e0698c6f6 (diff) | |
download | otp-2976421b28202961b470c9450c5b98429a8a19f1.tar.gz otp-2976421b28202961b470c9450c5b98429a8a19f1.tar.bz2 otp-2976421b28202961b470c9450c5b98429a8a19f1.zip |
ssl: Skip ECC cipher tests on versions of openssl pre 0.9.9
EEC is not fully supported before 0.9.9. Also skip tests on opensslversions
with known bugs in ECC support
Diffstat (limited to 'lib/ssl/test')
-rw-r--r-- | lib/ssl/test/ssl_basic_SUITE.erl | 2 | ||||
-rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 23 | ||||
-rw-r--r-- | lib/ssl/test/ssl_to_openssl_SUITE.erl | 2 |
3 files changed, 23 insertions, 4 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl index aa87224305..2e820299c5 100644 --- a/lib/ssl/test/ssl_basic_SUITE.erl +++ b/lib/ssl/test/ssl_basic_SUITE.erl @@ -1549,7 +1549,7 @@ ciphers_rsa_signed_certs(Config) when is_list(Config) -> Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])), - Ciphers = ssl_test_lib:rsa_suites(), + Ciphers = ssl_test_lib:rsa_suites(erlang), ct:print("~p erlang cipher suites ~p~n", [Version, Ciphers]), run_suites(Ciphers, Version, Config, rsa). %%------------------------------------------------------------------- diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index fc1817ec49..1dfaf099f1 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -709,12 +709,13 @@ send_selected_port(Pid, 0, Socket) -> send_selected_port(_,_,_) -> ok. -rsa_suites() -> +rsa_suites(CounterPart) -> + ECC = is_sane_ecc(CounterPart), lists:filter(fun({rsa, _, _}) -> true; ({dhe_rsa, _, _}) -> true; - ({ecdhe_rsa, _, _}) -> + ({ecdhe_rsa, _, _}) when ECC == true -> true; (_) -> false @@ -963,3 +964,21 @@ send_recv_result_active_once(Socket) -> {ssl, Socket, "Hello world"} -> ok end. + +is_sane_ecc(openssl) -> + case os:cmd("openssl version") of + "OpenSSL 1.0.0a" ++ _ -> % Known bug in openssl + %% manifests as SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list + false; + "OpenSSL 1.0.0" ++ _ -> % Known bug in openssl + %% manifests as SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list + false; + "OpenSSL 0.9.8" ++ _ -> % Does not support ECC + false; + "OpenSSL 0.9.7" ++ _ -> % Does not support ECC + false; + _ -> + true + end; +is_sane_ecc(_) -> + true. diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl index a3d382f837..1324ffdf9c 100644 --- a/lib/ssl/test/ssl_to_openssl_SUITE.erl +++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl @@ -749,7 +749,7 @@ ciphers_rsa_signed_certs(Config) when is_list(Config) -> Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])), - Ciphers = ssl_test_lib:rsa_suites(), + Ciphers = ssl_test_lib:rsa_suites(openssl), run_suites(Ciphers, Version, Config, rsa). %%-------------------------------------------------------------------- |