diff options
| author | Ingela Anderton Andin <[email protected]> | 2018-04-17 16:43:28 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2018-07-10 16:21:38 +0200 |
| commit | b12f1e98e32ebb38b4f53e1284bc17350ffbdfed (patch) | |
| tree | 93f32ad8fba6f9f5e7c57d92509823d89e7002cb /lib/ssl/test | |
| parent | 80879a1cada84e4d0e7a1ededc9c7e06e5470ae9 (diff) | |
| download | otp-b12f1e98e32ebb38b4f53e1284bc17350ffbdfed.tar.gz otp-b12f1e98e32ebb38b4f53e1284bc17350ffbdfed.tar.bz2 otp-b12f1e98e32ebb38b4f53e1284bc17350ffbdfed.zip | |
ssl: Avoid hardcoding of cipher suites and fix ECDH suite handling
ECDH suite handling did not use the EC parameters form the certs
as expected.
Conflicts:
lib/ssl/src/ssl_cipher.erl
Diffstat (limited to 'lib/ssl/test')
| -rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index 3ab917bbbc..04ee6ef1b1 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -1343,16 +1343,33 @@ sufficient_crypto_support(_) -> check_key_exchange_send_active(Socket, false) -> send_recv_result_active(Socket); check_key_exchange_send_active(Socket, KeyEx) -> - {ok, [{cipher_suite, Suite}]} = ssl:connection_information(Socket, [cipher_suite]), - true = check_key_exchange(Suite, KeyEx), + {ok, Info} = + ssl:connection_information(Socket, [cipher_suite, protocol]), + Suite = proplists:get_value(cipher_suite, Info), + Version = proplists:get_value(protocol, Info), + true = check_key_exchange(Suite, KeyEx, Version), send_recv_result_active(Socket). -check_key_exchange({KeyEx,_, _}, KeyEx) -> +check_key_exchange({KeyEx,_, _}, KeyEx, _) -> true; -check_key_exchange({KeyEx,_,_,_}, KeyEx) -> +check_key_exchange({KeyEx,_,_,_}, KeyEx, _) -> true; -check_key_exchange(KeyEx1, KeyEx2) -> - ct:pal("Negotiated ~p Expected ~p", [KeyEx1, KeyEx2]), +check_key_exchange(KeyEx1, KeyEx2, Version) -> + case Version of + 'tlsv1.2' -> + v_1_2_check(element(1, KeyEx1), KeyEx2); + 'dtlsv1.2' -> + v_1_2_check(element(1, KeyEx1), KeyEx2); + _ -> + ct:pal("Negotiated ~p Expected ~p", [KeyEx1, KeyEx2]), + false + end. + +v_1_2_check(ecdh_ecdsa, ecdh_rsa) -> + true; +v_1_2_check(ecdh_rsa, ecdh_ecdsa) -> + true; +v_1_2_check(_, _) -> false. send_recv_result_active(Socket) -> |