From 2976421b28202961b470c9450c5b98429a8a19f1 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Thu, 21 Mar 2013 11:32:45 +0100
Subject: ssl: Skip ECC cipher tests on versions of openssl pre 0.9.9

EEC is not fully supported before 0.9.9. Also skip tests on opensslversions
with known bugs in ECC support
---
 lib/ssl/test/ssl_basic_SUITE.erl      |  2 +-
 lib/ssl/test/ssl_test_lib.erl         | 23 +++++++++++++++++++++--
 lib/ssl/test/ssl_to_openssl_SUITE.erl |  2 +-
 3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index aa87224305..2e820299c5 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -1549,7 +1549,7 @@ ciphers_rsa_signed_certs(Config) when is_list(Config) ->
     Version = 
 	ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
 
-    Ciphers = ssl_test_lib:rsa_suites(),
+    Ciphers = ssl_test_lib:rsa_suites(erlang),
     ct:print("~p erlang cipher suites ~p~n", [Version, Ciphers]),
     run_suites(Ciphers, Version, Config, rsa).
 %%-------------------------------------------------------------------
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index fc1817ec49..1dfaf099f1 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -709,12 +709,13 @@ send_selected_port(Pid, 0, Socket) ->
 send_selected_port(_,_,_) ->
     ok.
 
-rsa_suites() ->
+rsa_suites(CounterPart) ->
+    ECC = is_sane_ecc(CounterPart),
     lists:filter(fun({rsa, _, _}) ->
 			 true;
 		    ({dhe_rsa, _, _}) ->
 			 true;
-		    ({ecdhe_rsa, _, _}) ->
+		    ({ecdhe_rsa, _, _}) when ECC == true ->
 			 true;
 		    (_) ->
 			 false
@@ -963,3 +964,21 @@ send_recv_result_active_once(Socket) ->
 	{ssl, Socket, "Hello world"} ->
 	    ok
     end.
+
+is_sane_ecc(openssl) ->
+    case os:cmd("openssl version") of
+	"OpenSSL 1.0.0a" ++ _ -> % Known bug in openssl
+	    %% manifests as SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list
+	    false;
+	"OpenSSL 1.0.0" ++ _ ->  % Known bug in openssl
+	    %% manifests as SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list
+	    false;
+	"OpenSSL 0.9.8" ++ _ -> % Does not support ECC
+	    false;
+	"OpenSSL 0.9.7" ++ _ -> % Does not support ECC
+	    false;
+	_ ->
+	    true
+    end;
+is_sane_ecc(_) ->
+    true.
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index a3d382f837..1324ffdf9c 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -749,7 +749,7 @@ ciphers_rsa_signed_certs(Config) when is_list(Config) ->
     Version = 
 	ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
 
-    Ciphers = ssl_test_lib:rsa_suites(),
+    Ciphers = ssl_test_lib:rsa_suites(openssl),
     run_suites(Ciphers, Version, Config, rsa).
 %%--------------------------------------------------------------------
 
-- 
cgit v1.2.3