From 477d94eac263ad903dea019c8a9db27e8a1592a8 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 31 Jul 2019 12:06:03 +0200 Subject: ssl: Fix missing OpenSSL conf --- lib/ssl/test/openssl_session_SUITE.erl | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/lib/ssl/test/openssl_session_SUITE.erl b/lib/ssl/test/openssl_session_SUITE.erl index 24dcaa7817..97d83b98c3 100644 --- a/lib/ssl/test/openssl_session_SUITE.erl +++ b/lib/ssl/test/openssl_session_SUITE.erl @@ -56,8 +56,8 @@ groups() -> {'tlsv1.1', [], tests()}, {'tlsv1', [], tests()}, {'sslv3', [], tests()}, - {'dtlsv1.2', [], dtls_tests()}, - {'dtlsv1', [], dtls_tests()} + {'dtlsv1.2', [], tests()}, + {'dtlsv1', [], tests()} ]; false -> [{'tlsv1.2', [], tests()}, @@ -73,11 +73,6 @@ tests() -> reuse_session_erlang_client ]. -dtls_tests() -> - [ - reuse_session_erlang_server - ]. - init_per_suite(Config0) -> case os:find_executable("openssl") of @@ -193,19 +188,20 @@ reuse_session_erlang_client(Config) when is_list(Config) -> ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config), ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config), {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config), - + + Version = ssl_test_lib:protocol_version(Config), Port = ssl_test_lib:inet_port(node()), CertFile = proplists:get_value(certfile, ServerOpts), CACertFile = proplists:get_value(cacertfile, ServerOpts), KeyFile = proplists:get_value(keyfile, ServerOpts), Exe = "openssl", - Args = ["s_server", "-accept", integer_to_list(Port), + Args = ["s_server", "-accept", integer_to_list(Port), ssl_test_lib:version_flag(Version), "-cert", CertFile,"-key", KeyFile, "-CAfile", CACertFile], OpensslPort = ssl_test_lib:portable_open_port(Exe, Args), - ssl_test_lib:wait_for_openssl_server(Port, tls), + ssl_test_lib:wait_for_openssl_server(Port, proplists:get_value(protocol, Config)), Client0 = ssl_test_lib:start_client([{node, ClientNode}, -- cgit v1.2.3 From a736bc204c7cf6defa386d226516043d037b4e4b Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 31 Jul 2019 16:30:44 +0200 Subject: ssl: Add OpenSSL renegotiate sanity check --- lib/ssl/test/openssl_renegotiate_SUITE.erl | 5 +++-- lib/ssl/test/ssl_test_lib.erl | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/ssl/test/openssl_renegotiate_SUITE.erl b/lib/ssl/test/openssl_renegotiate_SUITE.erl index 91a8175ac6..787b5208b8 100644 --- a/lib/ssl/test/openssl_renegotiate_SUITE.erl +++ b/lib/ssl/test/openssl_renegotiate_SUITE.erl @@ -104,8 +104,9 @@ init_per_group(GroupName, Config) -> true -> case ssl_test_lib:check_sane_openssl_version(GroupName) of true -> - ssl_test_lib:init_tls_version(GroupName, Config); - false -> + ssl_test_lib:check_sane_openssl_renegotaite(ssl_test_lib:init_tls_version(GroupName, Config), + GroupName); + false -> {skip, openssl_does_not_support_version} end; false -> diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index 7dd27fb5cb..5dd5fc45af 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -2187,6 +2187,13 @@ check_sane_openssl_renegotaite(Config, Version) when Version == 'tlsv1.1'; _ -> check_sane_openssl_renegotaite(Config) end; +check_sane_openssl_renegotaite(Config, 'sslv3') -> + case os:cmd("openssl version") of + "OpenSSL 1" ++ _ -> + {skip, "Known renegotiation bug with sslv3 in OpenSSL"}; + _ -> + check_sane_openssl_renegotaite(Config) + end; check_sane_openssl_renegotaite(Config, _) -> check_sane_openssl_renegotaite(Config). -- cgit v1.2.3