File 3901-ssl-Improve-interop-test.patch of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 3901-ssl-Improve-interop-test.patch of Package erlang

From 4931ff75a61b7020a7a9aa1d597f9215960423f5 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 30 Jan 2023 11:41:02 +0100
Subject: [PATCH] ssl: Improve interop test

For DTLS first check inter-op of corresponding TLS version, as it
needs to be supported as DTLS is defined as diff towards TLS,
and inter-op test towards DTLS might be inconclusive due to UDP not being
a reliable transport.
---
 lib/ssl/test/ssl_test_lib.erl | 52 +++++++++++++++++++++++------------
 1 file changed, 34 insertions(+), 18 deletions(-)

diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index feeedca4ee..836e62e0a9 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -2755,8 +2755,7 @@ is_dtls_version('dtlsv1') ->
 is_dtls_version(_) ->
     false.
 
-openssl_tls_version_support(Version, Config0) ->    
-    %% Check if version is supported
+openssl_tls_version_support(Version, Config0) ->
     Config = make_rsa_cert(Config0),
     ServerOpts = proplists:get_value(server_rsa_opts, Config),
     Port = inet_port(node()),
@@ -2765,20 +2764,37 @@ openssl_tls_version_support(Version, Config0) ->
     KeyFile = proplists:get_value(keyfile, ServerOpts),
     Exe = "openssl",
     Opts0 = [{versions, [Version]}, {verify, verify_none}],
-    {Proto, Opts} = case is_tls_version(Version) of
-                        true  -> {tls, [{protocol,tls}|Opts0]};
-                        false -> {dtls, patch_dtls_options([{protocol, dtls}|Opts0])}
-                    end,
-    Args0 = case Proto of
-                tls ->
-                    ["s_server", "-accept",
-                     integer_to_list(Port), "-CAfile", CaCertFile,
-                     "-cert", CertFile,"-key", KeyFile];
-                dtls ->
-                    ["s_server", "-accept",
-                     integer_to_list(Port), "-dtls", "-CAfile", CaCertFile,
-                     "-cert", CertFile,"-key", KeyFile]
-            end,
+    TLSOpts = [{protocol,tls}|Opts0],
+    DTLSOpts = patch_dtls_options([{protocol, dtls}|Opts0]),
+
+    TLSArgs = ["s_server", "-accept",
+               integer_to_list(Port), "-CAfile", CaCertFile,
+               "-cert", CertFile,"-key", KeyFile],
+    DTLSArgs = ["s_server", "-accept",
+                integer_to_list(Port), "-dtls", "-CAfile", CaCertFile,
+                "-cert", CertFile,"-key", KeyFile],
+
+    case is_tls_version(Version) of
+        true ->
+            openssl_tls_version_support(tls, TLSOpts, Port, Exe, TLSArgs);
+        false ->
+            DTLSTupleVersion = dtls_record:protocol_version(Version),
+            CorrespondingTLSVersion = dtls_v1:corresponding_tls_version(DTLSTupleVersion),
+            AtomTLSVersion = tls_record:protocol_version(CorrespondingTLSVersion),
+            CorrTLSOpts = [{protocol,tls}, {versions, [AtomTLSVersion]},
+                           {verify, verify_none}],
+            case openssl_tls_version_support(tls, CorrTLSOpts, Port, Exe, TLSArgs) of
+                true ->
+                    %% If corresponding TLS version is not supported DTLS
+                    %% will not be supported and test for it will be inconclusive
+                    %% due to UDP not being a reliable transport
+                    openssl_tls_version_support(dtls, DTLSOpts, Port, Exe, DTLSArgs);
+                false ->
+                    false
+            end
+    end.
+
+openssl_tls_version_support(Proto, Opts, Port, Exe, Args0) ->
     Args = maybe_force_ipv4(Args0),
     OpensslPort = portable_open_port(Exe, Args),
     try wait_for_openssl_server(Port, Proto) of
@@ -2789,7 +2805,7 @@ openssl_tls_version_support(Version, Config0) ->
                     close_port(OpensslPort),
                     true;
                 {error, {tls_alert, {protocol_version, _}}} ->
-                    ?PAL("OpenSSL does not support ~p", [Version]),
+                    ?PAL("OpenSSL does not support ~p", [proplists:get_value(versions, Opts)]),
                     close_port(OpensslPort),
                     false;
                 {error, {tls_alert, Alert}} ->
@@ -2803,7 +2819,7 @@ openssl_tls_version_support(Version, Config0) ->
             end
     catch
         _:_ ->
-            ?PAL("OpenSSL does not support ~p", [Version]),
+            ?PAL("OpenSSL does not support ~p", [proplists:get_value(versions, Opts)]),
             close_port(OpensslPort),
             false
     end.
-- 
2.35.3

Places

File 3901-ssl-Improve-interop-test.patch of Package erlang

Places