From 73a681948072c81b332858b37c8292c4c04a9d46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Tue, 12 Feb 2019 14:15:40 +0100
Subject: ssl: Use IPv4 addresses with openssl s_client

This commit fixes failing testcases on OpenBSD 12.0 systems. It
forces openssl s_client to use an IPv4 address if openssl supports
IPv6.

When s_client is called with the argument "localhost" it binds
to the first address returned by getaddrinfo. As the first address
is an IPv6 address on OpenBSD 12.0, the client fails to send
UDP packets to the ssl server that is listening on an IPv4 address.

Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
---
 lib/ssl/test/ssl_test_lib.erl | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

(limited to 'lib/ssl')

diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 294aeb0211..6515da12f5 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1074,11 +1074,11 @@ start_client(openssl, Port, ClientOpts, Config) ->
     CA = proplists:get_value(cacertfile, ClientOpts),
     Version = ssl_test_lib:protocol_version(Config),
     Exe = "openssl",
-    Args = ["s_client", "-verify", "2", "-port", integer_to_list(Port),
+    Args0 = ["s_client", "-verify", "2", "-port", integer_to_list(Port),
 	    ssl_test_lib:version_flag(Version),
 	    "-cert", Cert, "-CAfile", CA,
 	    "-key", Key, "-host","localhost", "-msg", "-debug"],
-
+    Args = maybe_force_ipv4(Args0),
     OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), 
     true = port_command(OpenSslPort, "Hello world"),
     OpenSslPort;
@@ -1092,6 +1092,18 @@ start_client(erlang, Port, ClientOpts, Config) ->
 			       {mfa, {ssl_test_lib, check_key_exchange_send_active, [KeyEx]}},
 			       {options, [{verify, verify_peer} | ClientOpts]}]).
 
+%% Workaround for running tests on machines where openssl
+%% s_client would use an IPv6 address with localhost. As
+%% this test suite and the ssl application is not prepared
+%% for that we have to force s_client to use IPv4 if
+%% OpenSSL supports IPv6.
+maybe_force_ipv4(Args0) ->
+    case is_ipv6_supported() of
+        true ->
+            Args0 ++ ["-4"];
+        false ->
+            Args0
+    end.
 
 start_client_ecc(erlang, Port, ClientOpts, Expect, ECCOpts, Config) ->
     {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
@@ -1625,6 +1637,16 @@ active_recv(Socket, N, Acc) ->
             active_recv(Socket, N-length(Bytes),  Acc ++ Bytes)
     end.
 
+is_ipv6_supported() ->
+    case os:cmd("openssl version") of
+        "OpenSSL 0.9.8" ++ _ -> % Does not support IPv6
+            false;
+        "OpenSSL 1.0" ++ _ ->   % Does not support IPv6
+            false;
+        _ ->
+            true
+    end.
+
 is_sane_ecc(openssl) ->
     case os:cmd("openssl version") of
 	"OpenSSL 1.0.0a" ++ _ -> % Known bug in openssl
-- 
cgit v1.2.3