From c3e06e575b06f25601fdc60f4142a0d6b9e6eb7a Mon Sep 17 00:00:00 2001 From: Magnus Henoch Date: Thu, 19 May 2016 11:56:47 +0100 Subject: Skip crl_hash_dir_expired test for LibreSSL LibreSSL doesn't like it when we pass a negative number for the -crlhours argument. I'm not sure if there is another way to make it generate a CRL with expiry date in the past, so let's skip that test in this case. --- lib/ssl/test/make_certs.erl | 9 +++++++++ lib/ssl/test/ssl_crl_SUITE.erl | 2 ++ 2 files changed, 11 insertions(+) diff --git a/lib/ssl/test/make_certs.erl b/lib/ssl/test/make_certs.erl index ed1a6523ed..009bcd81ad 100644 --- a/lib/ssl/test/make_certs.erl +++ b/lib/ssl/test/make_certs.erl @@ -186,6 +186,15 @@ gencrl(Root, CA, C, CrlHours) -> Env = [{"ROOTDIR", filename:absname(Root)}], cmd(Cmd, Env). +can_generate_expired_crls(C) -> + %% OpenSSL can generate CRLs with an expiration date in the past, + %% if we pass a negative number for -crlhours. However, LibreSSL + %% rejects this with the error "invalid argument -24: too small". + %% Let's check which one we have. + Cmd = [C#config.openssl_cmd, " ca -crlhours -24"], + Output = os:cmd(Cmd), + 0 =:= string:str(Output, "too small"). + verify(Root, CA, User, C) -> CAFile = filename:join([Root, User, "cacerts.pem"]), CACRLFile = filename:join([Root, CA, "crl.pem"]), diff --git a/lib/ssl/test/ssl_crl_SUITE.erl b/lib/ssl/test/ssl_crl_SUITE.erl index 27005682e9..06f9f4d5a7 100644 --- a/lib/ssl/test/ssl_crl_SUITE.erl +++ b/lib/ssl/test/ssl_crl_SUITE.erl @@ -353,6 +353,8 @@ crl_hash_dir_expired(Config) when is_list(Config) -> %% Add "issuing distribution point", to ensure that verification %% fails if there is no valid CRL. CertsConfig = make_certs:make_config([{issuing_distribution_point, true}]), + make_certs:can_generate_expired_crls(CertsConfig) + orelse throw({skip, "cannot generate CRLs with expiry date in the past"}), make_certs:intermediateCA(PrivDir, CA, "erlangCA", CertsConfig), EndUser = "CRL-maybe-expired", make_certs:enduser(PrivDir, CA, EndUser, CertsConfig), -- cgit v1.2.3