From f5902d53588784d95674e07055fc2ef0d6fd0ed0 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 19 Apr 2013 22:07:55 +0200
Subject: ssl: Filter out ECC cipher suites when openssl is buggy

Even in "normal" (not explicitly ECC tests) cases we need to filter out
ECC ciper suites as they are preferd.
---
 lib/ssl/test/ssl_test_lib.erl         | 12 ++++++++++++
 lib/ssl/test/ssl_to_openssl_SUITE.erl |  3 ++-
 2 files changed, 14 insertions(+), 1 deletion(-)

(limited to 'lib/ssl')

diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 3b63886a07..6069a9da95 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -982,3 +982,15 @@ is_sane_ecc(openssl) ->
     end;
 is_sane_ecc(_) ->
     true.
+
+cipher_restriction(Config) ->
+    case is_sane_ecc(openssl) of
+	false ->
+	    Opts = proplists:get_value(server_opts, Config),
+	    NewConfig = proplists:delete(server_opts, Config),
+	    Restricted0 = ssl:cipher_suites() -- ecdsa_suites(),
+            Restricted  = Restricted0 -- ecdh_rsa_suites(),
+	    [{server_opts, [{ciphers, Restricted} | Opts]} | NewConfig];
+	true ->
+	    Config
+    end.
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index fc88a8f23c..075b4b1ec4 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -107,7 +107,8 @@ init_per_suite(Config0) ->
 		    ct:log("Make certs  ~p~n", [Result]),
 		    Config1 = ssl_test_lib:make_dsa_cert(Config0),
 		    Config = ssl_test_lib:cert_options(Config1),
-		    [{watchdog, Dog} | Config]
+		    NewConfig = [{watchdog, Dog} | Config],
+		    ssl_test_lib:cipher_restriction(NewConfig)
 		catch _:_  ->
 		    {skip, "Crypto did not start"}
 	    end
-- 
cgit v1.2.3