aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2015-06-15 14:17:35 +0200
committerIngela Anderton Andin <[email protected]>2015-06-15 14:17:35 +0200
commit0dbe45a5ef3df42905efbcd36114570f1a7df87c (patch)
treec3c5681b754ad5d96f326ebc420a01d230c974ba /lib/ssl/test
parent56e3ade9d8396cba5508b0de557a1bd574c37b69 (diff)
parent331ade0e56df08d9f2eb1b71cf22f30038015e93 (diff)
downloadotp-0dbe45a5ef3df42905efbcd36114570f1a7df87c.tar.gz
otp-0dbe45a5ef3df42905efbcd36114570f1a7df87c.tar.bz2
otp-0dbe45a5ef3df42905efbcd36114570f1a7df87c.zip
Merge branch 'ia/ssl/test-fips'
* ia/ssl/test-fips: ssl: Filter suites for openssl FIPS if necessary
Diffstat (limited to 'lib/ssl/test')
-rw-r--r--lib/ssl/test/ssl_test_lib.erl26
1 files changed, 25 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index a3bfdf8893..f35c0502ae 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -778,7 +778,12 @@ send_selected_port(_,_,_) ->
rsa_suites(CounterPart) ->
ECC = is_sane_ecc(CounterPart),
- lists:filter(fun({rsa, _, _}) ->
+ FIPS = is_fips(CounterPart),
+ lists:filter(fun({rsa, des_cbc, sha}) when FIPS == true ->
+ false;
+ ({dhe_rsa, des_cbc, sha}) when FIPS == true ->
+ false;
+ ({rsa, _, _}) ->
true;
({dhe_rsa, _, _}) ->
true;
@@ -1090,6 +1095,25 @@ is_sane_ecc(crypto) ->
is_sane_ecc(_) ->
true.
+is_fips(openssl) ->
+ VersionStr = os:cmd("openssl version"),
+ case re:split(VersionStr, "fips") of
+ [_] ->
+ false;
+ _ ->
+ true
+ end;
+is_fips(crypto) ->
+ [{_,_, Bin}] = crypto:info_lib(),
+ case re:split(Bin, <<"fips">>) of
+ [_] ->
+ false;
+ _ ->
+ true
+ end;
+is_fips(_) ->
+ false.
+
cipher_restriction(Config0) ->
case is_sane_ecc(openssl) of
false ->