aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2013-03-21 11:32:45 +0100
committerIngela Anderton Andin <[email protected]>2013-05-08 10:39:17 +0200
commit2976421b28202961b470c9450c5b98429a8a19f1 (patch)
treedf678c3d2627097c603faaf0e95a967f1fb083c9 /lib/ssl
parent3aba3fb6ddca49f37c592c86f838423e0698c6f6 (diff)
downloadotp-2976421b28202961b470c9450c5b98429a8a19f1.tar.gz
otp-2976421b28202961b470c9450c5b98429a8a19f1.tar.bz2
otp-2976421b28202961b470c9450c5b98429a8a19f1.zip
ssl: Skip ECC cipher tests on versions of openssl pre 0.9.9
EEC is not fully supported before 0.9.9. Also skip tests on opensslversions with known bugs in ECC support
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl2
-rw-r--r--lib/ssl/test/ssl_test_lib.erl23
-rw-r--r--lib/ssl/test/ssl_to_openssl_SUITE.erl2
3 files changed, 23 insertions, 4 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index aa87224305..2e820299c5 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -1549,7 +1549,7 @@ ciphers_rsa_signed_certs(Config) when is_list(Config) ->
Version =
ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
- Ciphers = ssl_test_lib:rsa_suites(),
+ Ciphers = ssl_test_lib:rsa_suites(erlang),
ct:print("~p erlang cipher suites ~p~n", [Version, Ciphers]),
run_suites(Ciphers, Version, Config, rsa).
%%-------------------------------------------------------------------
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index fc1817ec49..1dfaf099f1 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -709,12 +709,13 @@ send_selected_port(Pid, 0, Socket) ->
send_selected_port(_,_,_) ->
ok.
-rsa_suites() ->
+rsa_suites(CounterPart) ->
+ ECC = is_sane_ecc(CounterPart),
lists:filter(fun({rsa, _, _}) ->
true;
({dhe_rsa, _, _}) ->
true;
- ({ecdhe_rsa, _, _}) ->
+ ({ecdhe_rsa, _, _}) when ECC == true ->
true;
(_) ->
false
@@ -963,3 +964,21 @@ send_recv_result_active_once(Socket) ->
{ssl, Socket, "Hello world"} ->
ok
end.
+
+is_sane_ecc(openssl) ->
+ case os:cmd("openssl version") of
+ "OpenSSL 1.0.0a" ++ _ -> % Known bug in openssl
+ %% manifests as SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list
+ false;
+ "OpenSSL 1.0.0" ++ _ -> % Known bug in openssl
+ %% manifests as SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list
+ false;
+ "OpenSSL 0.9.8" ++ _ -> % Does not support ECC
+ false;
+ "OpenSSL 0.9.7" ++ _ -> % Does not support ECC
+ false;
+ _ ->
+ true
+ end;
+is_sane_ecc(_) ->
+ true.
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index a3d382f837..1324ffdf9c 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -749,7 +749,7 @@ ciphers_rsa_signed_certs(Config) when is_list(Config) ->
Version =
ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
- Ciphers = ssl_test_lib:rsa_suites(),
+ Ciphers = ssl_test_lib:rsa_suites(openssl),
run_suites(Ciphers, Version, Config, rsa).
%%--------------------------------------------------------------------