diff options
| author | Ingela Anderton Andin <[email protected]> | 2013-04-19 22:07:55 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <[email protected]> | 2013-05-08 10:39:19 +0200 |
| commit | f5902d53588784d95674e07055fc2ef0d6fd0ed0 (patch) | |
| tree | d8a8db81daea3f7f4d115c763e8b647056ed5c80 /lib/ssl | |
| parent | 826ff38deec221e306b2f4a9ee529fae1dbbedf7 (diff) | |
| download | otp-f5902d53588784d95674e07055fc2ef0d6fd0ed0.tar.gz otp-f5902d53588784d95674e07055fc2ef0d6fd0ed0.tar.bz2 otp-f5902d53588784d95674e07055fc2ef0d6fd0ed0.zip | |
ssl: Filter out ECC cipher suites when openssl is buggy
Even in "normal" (not explicitly ECC tests) cases we need to filter out
ECC ciper suites as they are preferd.
Diffstat (limited to 'lib/ssl')
| -rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 12 | ||||
| -rw-r--r-- | lib/ssl/test/ssl_to_openssl_SUITE.erl | 3 |
2 files changed, 14 insertions, 1 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index 3b63886a07..6069a9da95 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -982,3 +982,15 @@ is_sane_ecc(openssl) -> end; is_sane_ecc(_) -> true. + +cipher_restriction(Config) -> + case is_sane_ecc(openssl) of + false -> + Opts = proplists:get_value(server_opts, Config), + NewConfig = proplists:delete(server_opts, Config), + Restricted0 = ssl:cipher_suites() -- ecdsa_suites(), + Restricted = Restricted0 -- ecdh_rsa_suites(), + [{server_opts, [{ciphers, Restricted} | Opts]} | NewConfig]; + true -> + Config + end. diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl index fc88a8f23c..075b4b1ec4 100644 --- a/lib/ssl/test/ssl_to_openssl_SUITE.erl +++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl @@ -107,7 +107,8 @@ init_per_suite(Config0) -> ct:log("Make certs ~p~n", [Result]), Config1 = ssl_test_lib:make_dsa_cert(Config0), Config = ssl_test_lib:cert_options(Config1), - [{watchdog, Dog} | Config] + NewConfig = [{watchdog, Dog} | Config], + ssl_test_lib:cipher_restriction(NewConfig) catch _:_ -> {skip, "Crypto did not start"} end |