aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2016-06-16 09:26:12 +0200
committerIngela Anderton Andin <[email protected]>2016-06-16 09:26:12 +0200
commitb087c11c6051648a3026437ecc7c308f5ec3e310 (patch)
tree8f61970aca158e03f4b4bf73dfaca17187688557 /lib
parent3c84636abdc7c84eb9c8ea929468721b99469721 (diff)
parente1b7c7732bf966b41f222b7cf5a3095cc573c83f (diff)
downloadotp-b087c11c6051648a3026437ecc7c308f5ec3e310.tar.gz
otp-b087c11c6051648a3026437ecc7c308f5ec3e310.tar.bz2
otp-b087c11c6051648a3026437ecc7c308f5ec3e310.zip
Merge branch 'ingela/ssl/sslv2-phase-out-in-tests'
* ingela/ssl/sslv2-phase-out-in-tests: ssl: Make sure openssl client does not use sslv2 hello
Diffstat (limited to 'lib')
-rw-r--r--lib/ssl/test/ssl_to_openssl_SUITE.erl37
1 files changed, 25 insertions, 12 deletions
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index e1710bb2c4..b3109b5de9 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -1290,13 +1290,13 @@ erlang_server_openssl_client_sni_test(Config, SNIHostname, ExpectedSNIHostname,
Port = ssl_test_lib:inet_port(Server),
Exe = "openssl",
ClientArgs = case SNIHostname of
- undefined ->
- ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port)];
- _ ->
- ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port), "-servername", SNIHostname]
- end,
+ undefined ->
+ openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname,Port);
+ _ ->
+ openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname, Port, SNIHostname)
+ end,
ClientPort = ssl_test_lib:portable_open_port(Exe, ClientArgs),
-
+
%% Client check needs to be done befor server check,
%% or server check might consume client messages
ExpectedClientOutput = ["OK", "/CN=" ++ ExpectedCN ++ "/"],
@@ -1319,13 +1319,14 @@ erlang_server_openssl_client_sni_test_sni_fun(Config, SNIHostname, ExpectedSNIHo
Port = ssl_test_lib:inet_port(Server),
Exe = "openssl",
ClientArgs = case SNIHostname of
- undefined ->
- ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port)];
- _ ->
- ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port), "-servername", SNIHostname]
- end,
+ undefined ->
+ openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname,Port);
+ _ ->
+ openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname, Port, SNIHostname)
+ end,
+
ClientPort = ssl_test_lib:portable_open_port(Exe, ClientArgs),
-
+
%% Client check needs to be done befor server check,
%% or server check might consume client messages
ExpectedClientOutput = ["OK", "/CN=" ++ ExpectedCN ++ "/"],
@@ -1787,3 +1788,15 @@ workaround_openssl_s_clinent() ->
_ ->
[]
end.
+
+openssl_client_args(false, Hostname, Port) ->
+ ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port)];
+openssl_client_args(true, Hostname, Port) ->
+ ["s_client", "-no_ssl2", "-connect", Hostname ++ ":" ++ integer_to_list(Port)].
+
+openssl_client_args(false, Hostname, Port, ServerName) ->
+ ["s_client", "-connect", Hostname ++ ":" ++
+ integer_to_list(Port), "-servername", ServerName];
+openssl_client_args(true, Hostname, Port, ServerName) ->
+ ["s_client", "-no_ssl2", "-connect", Hostname ++ ":" ++
+ integer_to_list(Port), "-servername", ServerName].
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 06:41:53 +0000