diff options
author | Ingela Anderton Andin <ingela@erlang.org> | 2019-08-28 10:42:33 +0200 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2019-08-28 10:42:33 +0200 |
commit | 43da2bb99a0728ec8cb54d57f1c5808c0b9ba298 (patch) | |
tree | cc6b93177a7f8d15b0d6198f2ff8e2ca9cac3323 | |
parent | 3688631813c890c3713589c654d56b6949fb935d (diff) | |
parent | ada689bc5c78490e15ca4eb5e95eab80dce749de (diff) | |
download | erlang-43da2bb99a0728ec8cb54d57f1c5808c0b9ba298.tar.gz |
Merge branch 'ingela/ssl/test-cuddle' into maint
* ingela/ssl/test-cuddle:
ssl: Check if OpenSSL allows client initiate renegotiation
-rw-r--r-- | lib/ssl/test/openssl_alpn_SUITE.erl | 30 | ||||
-rw-r--r-- | lib/ssl/test/openssl_npn_SUITE.erl | 27 | ||||
-rw-r--r-- | lib/ssl/test/openssl_renegotiate_SUITE.erl | 22 | ||||
-rw-r--r-- | lib/ssl/test/ssl_test_lib.erl | 21 |
4 files changed, 47 insertions, 53 deletions
diff --git a/lib/ssl/test/openssl_alpn_SUITE.erl b/lib/ssl/test/openssl_alpn_SUITE.erl index 5008dba922..a54286c2cd 100644 --- a/lib/ssl/test/openssl_alpn_SUITE.erl +++ b/lib/ssl/test/openssl_alpn_SUITE.erl @@ -85,13 +85,11 @@ alpn_npn_coexist() -> erlang_server_alpn_npn_openssl_client_alpn_npn ]. rengotiation_tests() -> - case ssl_test_lib:sane_openssl_alpn_npn_renegotiate() of - true -> - [erlang_client_alpn_openssl_server_alpn_renegotiate, - erlang_server_alpn_openssl_client_alpn_renegotiate]; - false -> - [] - end. + [ + erlang_client_alpn_openssl_server_alpn_renegotiate, + erlang_server_alpn_openssl_client_alpn_renegotiate + ]. + init_per_suite(Config0) -> case os:find_executable("openssl") of false -> @@ -148,15 +146,17 @@ init_per_testcase(TestCase, Config) -> ct:timetrap({seconds, 10}), special_init(TestCase, Config). -special_init(TestCase, Config) - when TestCase == erlang_client_alpn_openssl_server_alpn_renegotiate; - TestCase == erlang_server_alpn_openssl_client_alpn_renegotiate -> - {ok, Version} = application:get_env(ssl, protocol_version), +special_init(erlang_client_alpn_openssl_server_alpn_renegotiate, Config) -> + {ok, Version} = application:get_env(ssl, protocol_version), ssl_test_lib:check_sane_openssl_renegotaite(Config, Version); -special_init(TestCase, Config) - when TestCase == erlang_client_alpn_npn_openssl_server_alpn_npn; - TestCase == erlang_server_alpn_npn_openssl_client_alpn_npn -> - ssl_test_lib:check_openssl_npn_support(Config); +special_init(erlang_server_alpn_openssl_client_alpn_renegotiate, Config) -> + {ok, Version} = application:get_env(ssl, protocol_version), + case ssl_test_lib:check_sane_openssl_renegotaite(Config, Version) of + Config -> + ssl_test_lib:openssl_allows_client_renegotaite(Config); + Skip -> + Skip + end; special_init(_, Config) -> Config. diff --git a/lib/ssl/test/openssl_npn_SUITE.erl b/lib/ssl/test/openssl_npn_SUITE.erl index 0294f4997f..ed3d81eba7 100644 --- a/lib/ssl/test/openssl_npn_SUITE.erl +++ b/lib/ssl/test/openssl_npn_SUITE.erl @@ -55,13 +55,10 @@ npn_tests() -> erlang_client_openssl_server_npn_only_server]. npn_renegotiate_tests() -> - case ssl_test_lib:sane_openssl_alpn_npn_renegotiate() of - true -> - [erlang_server_openssl_client_npn_renegotiate, - erlang_client_openssl_server_npn_renegotiate]; - false -> - [] - end. + [ + erlang_server_openssl_client_npn_renegotiate, + erlang_client_openssl_server_npn_renegotiate + ]. init_per_suite(Config0) -> case os:find_executable("openssl") of @@ -119,13 +116,19 @@ init_per_testcase(TestCase, Config) -> ct:timetrap({seconds, 10}), special_init(TestCase, Config). -special_init(TestCase, Config) - when TestCase == erlang_client_npn_openssl_server_npn_renegotiate; - TestCase == erlang_server_npn_openssl_client_npn_renegotiate -> - {ok, Version} = application:get_env(ssl, protocol_version), +special_init(erlang_client_openssl_server_npn_renegotiate, Config) -> + {ok, Version} = application:get_env(ssl, protocol_version), ssl_test_lib:check_sane_openssl_renegotaite(Config, Version); +special_init(erlang_server_openssl_client_npn_renegotiate, Config) -> + {ok, Version} = application:get_env(ssl, protocol_version), + case ssl_test_lib:check_sane_openssl_renegotaite(Config, Version) of + Config -> + ssl_test_lib:openssl_allows_client_renegotaite(Config); + Skip -> + Skip + end; special_init(_, Config) -> - Config. + Config. end_per_testcase(_, Config) -> Config. diff --git a/lib/ssl/test/openssl_renegotiate_SUITE.erl b/lib/ssl/test/openssl_renegotiate_SUITE.erl index 787b5208b8..a5c6056d63 100644 --- a/lib/ssl/test/openssl_renegotiate_SUITE.erl +++ b/lib/ssl/test/openssl_renegotiate_SUITE.erl @@ -104,7 +104,8 @@ init_per_group(GroupName, Config) -> true -> case ssl_test_lib:check_sane_openssl_version(GroupName) of true -> - ssl_test_lib:check_sane_openssl_renegotaite(ssl_test_lib:init_tls_version(GroupName, Config), + ssl_test_lib:check_sane_openssl_renegotaite(ssl_test_lib:init_tls_version(GroupName, + Config), GroupName); false -> {skip, openssl_does_not_support_version} @@ -123,21 +124,12 @@ end_per_group(GroupName, Config) -> false -> Config end. - +init_per_testcase(erlang_client_openssl_server_nowrap_seqnum, Config) -> + ct:timetrap({seconds, 10}), + ssl_test_lib:openssl_allows_client_renegotaite(Config); init_per_testcase(TestCase, Config) -> ct:timetrap({seconds, 10}), - special_init(TestCase, Config). - -special_init(TestCase, Config) - when TestCase == erlang_client_openssl_server_renegotiate; - TestCase == erlang_client_openssl_server_nowrap_seqnum; - TestCase == erlang_server_openssl_client_nowrap_seqnum; - TestCase == erlang_client_openssl_server_renegotiate_after_client_data - -> - {ok, Version} = application:get_env(ssl, protocol_version), - ssl_test_lib:check_sane_openssl_renegotaite(Config, Version); -special_init(_, Config) -> - Config. + Config. end_per_testcase(_, Config) -> Config. @@ -287,7 +279,7 @@ erlang_client_openssl_server_nowrap_seqnum(Config) when is_list(Config) -> process_flag(trap_exit, false). %%-------------------------------------------------------------------- erlang_server_openssl_client_nowrap_seqnum() -> - [{doc, "Test that erlang client will renegotiate session when", + [{doc, "Test that erlang server will renegotiate session when", "max sequence number celing is about to be reached. Although" "in the testcase we use the test option renegotiate_at" " to lower treashold substantially."}]. diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index c4f294771a..b96eef461e 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -2212,6 +2212,16 @@ check_sane_openssl_renegotaite(Config) -> Config end. +openssl_allows_client_renegotaite(Config) -> + case os:cmd("openssl version") of + "OpenSSL 1.1" ++ _ -> + {skip, "OpenSSL does not allow client renegotiation"}; + "LibreSSL 2" ++ _ -> + {skip, "LibreSSL does not allow client renegotiation"}; + _ -> + Config + end. + workaround_openssl_s_clinent() -> %% http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683159 %% https://bugs.archlinux.org/task/33919 @@ -2777,17 +2787,6 @@ new_config(PrivDir, ServerOpts0) -> [{cacertfile, NewCaCertFile}, {certfile, NewCertFile}, {keyfile, NewKeyFile} | ServerOpts]. -sane_openssl_alpn_npn_renegotiate() -> - case os:cmd("openssl version") of - "LibreSSL 2.9.1" ++ _ -> - false; - "LibreSSL 2.6.4" ++ _ -> - false; - "OpenSSL 1.1.1a-freebsd" ++ _ -> - false; - _ -> - true - end. openssl_sane_dtls_alpn() -> case os:cmd("openssl version") of |