From c0dd8fa1446b276d35557ede18199c629b2ed590 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Thu, 25 Jan 2018 10:50:29 +0100
Subject: ssl: Check OpenSSL version for DSS (DSA) support

LibreSSL-2.6.3 dropped DSS (DSA) support
---
 lib/ssl/test/ssl_test_lib.erl         | 26 ++++++++++++++++++++++++++
 lib/ssl/test/ssl_to_openssl_SUITE.erl | 35 ++++++++++++++++++++++++++---------
 2 files changed, 52 insertions(+), 9 deletions(-)

diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index f9cc6ab8b7..5c9ea068bf 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1309,6 +1309,32 @@ cipher_restriction(Config0) ->
 	    Config0
     end.
 
+openssl_dsa_support() ->
+    case os:cmd("openssl version") of
+        "LibreSSL 2.6.1" ++ _ ->
+            true;
+        "LibreSSL 2.6.2" ++ _ ->
+            true;
+        "LibreSSL 2.6" ++ _ ->
+            false;
+        "LibreSSL 2.4" ++ _ ->
+            true;
+        "LibreSSL 2.3" ++ _ ->
+            true;
+        "LibreSSL 2.2" ++ _ ->
+            true;
+        "LibreSSL 2.1" ++ _ ->
+            true;
+        "LibreSSL 2.0" ++ _ ->
+            true;
+        "LibreSSL"  ++ _ ->
+            false;
+        "OpenSSL 1.0.1" ++ Rest ->
+            hd(Rest) >= s;
+        _ ->
+            true
+    end.
+
 check_sane_openssl_version(Version) ->
     case supports_ssl_tls_version(Version) of 
 	true ->
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 33cdc325f4..f091c8786e 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -143,10 +143,15 @@ init_per_suite(Config0) ->
 	    try crypto:start() of
 		ok ->
                     ssl_test_lib:clean_start(),
-                  
-                    Config1 = ssl_test_lib:make_rsa_cert(Config0),
-                    Config2 = ssl_test_lib:make_dsa_cert(Config1),
-                    ssl_test_lib:cipher_restriction(Config2)
+                    Config = 
+                        case ssl_test_lib:openssl_dsa_support() of
+                            true ->
+                                Config1 = ssl_test_lib:make_rsa_cert(Config0),
+                                ssl_test_lib:make_dsa_cert(Config1);
+                            false ->
+                                ssl_test_lib:make_rsa_cert(Config0)
+                        end,
+                    ssl_test_lib:cipher_restriction(Config)
 		catch _:_  ->
 		    {skip, "Crypto did not start"}
 	    end
@@ -199,15 +204,27 @@ init_per_testcase(expired_session, Config) ->
     ssl:start(),
     Config;
 
-init_per_testcase(TestCase, Config) when TestCase == ciphers_rsa_signed_certs;
-					 TestCase == ciphers_dsa_signed_certs ->
-    ct:timetrap({seconds, 90}),
-    special_init(TestCase, Config);
-
+init_per_testcase(TestCase, Config) when 
+      TestCase == ciphers_dsa_signed_certs;
+      TestCase ==  erlang_client_openssl_server_dsa_cert;
+      TestCase == erlang_server_openssl_client_dsa_cert;
+      TestCase == erlang_client_openssl_server_dsa_cert;
+      TestCase ==  erlang_server_openssl_client_dsa_cert ->
+    case ssl_test_lib:openssl_dsa_support() of
+        true ->
+            special_init(TestCase, Config);
+        false ->
+           {skip, "DSA not supported by OpenSSL"}
+    end; 
 init_per_testcase(TestCase, Config) ->
     ct:timetrap({seconds, 35}),
     special_init(TestCase, Config).
 
+special_init(TestCase, Config) when 
+      TestCase == ciphers_rsa_signed_certs;
+      TestCase == ciphers_dsa_signed_certs->
+    ct:timetrap({seconds, 90}),
+    Config;
 special_init(TestCase, Config)
   when TestCase == erlang_client_openssl_server_renegotiate;
        TestCase == erlang_client_openssl_server_nowrap_seqnum;
-- 
cgit v1.2.3