Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ledest:erlang:24
erlang
3971-ssl-Avoid-OpenSSL-versions-that-will-not-i...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 3971-ssl-Avoid-OpenSSL-versions-that-will-not-interop-wit.patch of Package erlang
From c832926095334ed95c49ce9c36afdee77600d6f6 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin <ingela@erlang.org> Date: Wed, 29 Mar 2023 13:53:46 +0200 Subject: [PATCH] ssl: Avoid OpenSSL versions that will not interop with {dsa,sha} These are versions that pass normal interop test but still do not work. --- lib/ssl/test/openssl_client_cert_SUITE.erl | 4 +++- lib/ssl/test/openssl_server_cert_SUITE.erl | 4 +++- lib/ssl/test/ssl_test_lib.erl | 17 +++++++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/lib/ssl/test/openssl_client_cert_SUITE.erl b/lib/ssl/test/openssl_client_cert_SUITE.erl index 6348f4d110..36b098bd49 100644 --- a/lib/ssl/test/openssl_client_cert_SUITE.erl +++ b/lib/ssl/test/openssl_client_cert_SUITE.erl @@ -280,7 +280,9 @@ init_per_group(Group, Config0) when Group == dsa -> NVersion = ssl_test_lib:n_version(proplists:get_value(version, Config0)), SigAlgs = ssl_test_lib:sig_algs(dsa, NVersion), case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) - andalso (ssl_test_lib:openssl_dsa_suites() =/= []) of + andalso (ssl_test_lib:openssl_dsa_suites() =/= []) + andalso (ssl_test_lib:check_sane_openssl_dsa(Config0)) + of true -> Config = ssl_test_lib:make_dsa_cert(Config0), COpts = SigAlgs ++ proplists:get_value(client_dsa_opts, Config), diff --git a/lib/ssl/test/openssl_server_cert_SUITE.erl b/lib/ssl/test/openssl_server_cert_SUITE.erl index c4b09dbb37..03653ab0d6 100644 --- a/lib/ssl/test/openssl_server_cert_SUITE.erl +++ b/lib/ssl/test/openssl_server_cert_SUITE.erl @@ -312,7 +312,9 @@ init_per_group(eddsa_1_3, Config0) -> init_per_group(dsa = Group, Config0) -> PKAlg = crypto:supports(public_keys), case lists:member(dss, PKAlg) andalso lists:member(dh, PKAlg) andalso - (ssl_test_lib:openssl_dsa_suites() =/= []) of + (ssl_test_lib:openssl_dsa_suites() =/= []) + andalso (ssl_test_lib:check_sane_openssl_dsa(Config0)) + of true -> Config = ssl_test_lib:make_dsa_cert(Config0), COpts = proplists:get_value(client_dsa_opts, Config), diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl index eda86fe936..2c8827effe 100644 --- a/lib/ssl/test/ssl_test_lib.erl +++ b/lib/ssl/test/ssl_test_lib.erl @@ -44,6 +44,7 @@ default_tls_version/1, check_sane_openssl_renegotiate/2, check_openssl_npn_support/1, + check_sane_openssl_dsa/1, start_server/1, start_server/2, start_client/1, @@ -3357,6 +3358,22 @@ check_sane_openssl_version(Version, Config) -> false -> false end. + + +%% If other DSA checks have passed also check the following +check_sane_openssl_dsa(Config) -> + case not is_fips(openssl, Config) of + true -> + case proplists:get_value(openssl_version, Config) of + "OpenSSL 1.0." ++ _ -> + false; + _ -> + true + end; + false -> + false + end. + check_sane_openssl_renegotiate(Config, Version) when Version == 'tlsv1'; Version == 'tlsv1.1'; Version == 'tlsv1.2' -> -- 2.35.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
