diff options
author | Ingela Anderton Andin <[email protected]> | 2019-04-05 11:54:28 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2019-04-05 12:18:43 +0200 |
commit | cd617e1b45602c2fc13f04cfd22ecc97c55afd7a (patch) | |
tree | 193f5541ee6838e1e8ed24b273f508afcc110e28 /lib | |
parent | 2523791bed250bfa389ef984b3f9c5cec019b47a (diff) | |
download | otp-cd617e1b45602c2fc13f04cfd22ecc97c55afd7a.tar.gz otp-cd617e1b45602c2fc13f04cfd22ecc97c55afd7a.tar.bz2 otp-cd617e1b45602c2fc13f04cfd22ecc97c55afd7a.zip |
ssl: Do not use broken OpenSSL clients
Also remove dead code
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 4 | ||||
-rw-r--r-- | lib/ssl/test/ssl_to_openssl_SUITE.erl | 29 |
2 files changed, 16 insertions, 17 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index 94c2cb8d9b..b8672f46ba 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -1756,10 +1756,10 @@ is_sane_ecc(crypto) -> is_sane_ecc(_) -> sufficient_crypto_support(cipher_ec). -is_sane_oppenssl_sni() -> +is_sane_oppenssl_client() -> [{_,_, Bin}] = crypto:info_lib(), case binary_to_list(Bin) of - "OpenSSL 0.9" ++ _ -> % Does not support ECC + "OpenSSL 0.9" ++ _ -> false; _ -> true diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl index 1a9a5b712d..07abddbcf7 100644 --- a/lib/ssl/test/ssl_to_openssl_SUITE.erl +++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl @@ -181,16 +181,6 @@ end_per_suite(_Config) -> ssl:stop(), application:stop(crypto). -init_per_group(basic, Config0) -> - case ssl_test_lib:supports_ssl_tls_version('tlsv1.2') - orelse ssl_test_lib:supports_ssl_tls_version('tlsv1.1') - orelse ssl_test_lib:supports_ssl_tls_version('tlsv1') - of - true -> - ssl_test_lib:clean_tls_version(Config0); - false -> - {skip, "only sslv3 supported by OpenSSL"} - end; init_per_group(GroupName, Config) -> case ssl_test_lib:is_tls_version(GroupName) of @@ -233,7 +223,7 @@ init_per_testcase(TestCase, Config) when TestCase == erlang_server_openssl_client_dsa_cert; TestCase == erlang_client_openssl_server_dsa_cert; TestCase == erlang_server_openssl_client_dsa_cert -> - case ssl_test_lib:openssl_dsa_support() of + case ssl_test_lib:openssl_dsa_support() andalso ssl_test_lib:is_sane_oppenssl_client() of true -> special_init(TestCase, Config); false -> @@ -334,7 +324,16 @@ special_init(TestCase, Config0) ]} ]}]} | Config0], check_openssl_sni_support(Config); - +special_init(TestCase, Config) + when TestCase == erlang_server_openssl_client; + TestCase == erlang_server_openssl_client_client_cert; + TestCase == erlang_server_openssl_client_reuse_session -> + case ssl_test_lib:is_sane_oppenssl_client() of + true -> + Config; + false -> + {skip, "Broken OpenSSL client"} + end; special_init(_, Config) -> Config. @@ -1073,7 +1072,7 @@ erlang_client_bad_openssl_server(Config) when is_list(Config) -> Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, {host, Hostname}, {from, self()}, - {mfa, {ssl_test_lib, no_result_msg, []}}, + {mfa, {ssl_test_lib, no_result, []}}, {options, [{versions, [Version]} | ClientOpts]}]), @@ -1912,7 +1911,7 @@ send_wait_send(Socket, [ErlData, OpenSslData]) -> check_openssl_sni_support(Config) -> HelpText = os:cmd("openssl s_client --help"), - case ssl_test_lib:is_sane_oppenssl_sni() of + case ssl_test_lib:is_sane_oppenssl_client() of true -> case string:str(HelpText, "-servername") of 0 -> @@ -2011,7 +2010,7 @@ openssl_has_common_ciphers(Ciphers) -> OCiphers = ssl_test_lib:common_ciphers(openssl), has_common_ciphers(Ciphers, OCiphers). -has_common_ciphers([], OCiphers) -> +has_common_ciphers([], _) -> false; has_common_ciphers([Cipher | Rest], OCiphers) -> case lists:member(Cipher, OCiphers) of |