File 1681-Add-another-option-test.patch of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 1681-Add-another-option-test.patch of Package erlang

From f6e660455c8a680633932a3f3b3ed597150fbae3 Mon Sep 17 00:00:00 2001
From: Dan Gudmundsson <dgud@erlang.org>
Date: Thu, 14 Mar 2024 17:24:28 +0100
Subject: [PATCH] Add another option test

Double check that ssl:update_options work as expected.
---
 lib/ssl/src/ssl.erl            | 22 ++++++++++++---
 lib/ssl/test/ssl_api_SUITE.erl | 51 ++++++++++++++++++++++++++++------
 2 files changed, 60 insertions(+), 13 deletions(-)

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index d83cd13f25..7959a686bd 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -3669,14 +3669,23 @@ opt_certs(UserOpts, #{log_level := LogLevel, versions := Versions} = Opts0, Env)
             opt_old_certs(UserOpts, #{}, Opts0, Env);
         {old, [CertKey]} ->
             opt_old_certs(UserOpts, CertKey, Opts0, Env);
-        {Where, CKs} when is_list(CKs) ->
+        {Where, CKs0} when is_list(CKs0) ->
             warn_override(Where, UserOpts, certs_keys, [cert,certfile,key,keyfile,password], LogLevel),
-            Opts0#{certs_keys => [check_cert_key(Versions, CK, #{}, LogLevel) || CK <- CKs]}
+            CKs = lists:foldl(fun(CK0, Acc) ->
+                                      CK = check_cert_key(Versions, CK0, #{}, LogLevel),
+                                      case maps:size(CK) =:= 0 of
+                                          true ->
+                                              Acc;
+                                          false ->
+                                              [CK|Acc]
+                                      end
+                              end, [], CKs0),
+            Opts0#{certs_keys => lists:reverse(CKs)}
     end.
 
 opt_old_certs(UserOpts, CertKeys, #{log_level := LogLevel, versions := Versions}=SSLOpts, _Env) ->
     CK = check_cert_key(Versions, UserOpts, CertKeys, LogLevel),
-    case maps:keys(CK) =:= [] of
+    case maps:size(CK) =:= 0 of
         true ->
             SSLOpts#{certs_keys => []};
         false ->
@@ -3996,7 +4005,12 @@ opt_mitigation(UserOpts, #{versions := Versions} = Opts, _Env) ->
     assert_version_dep(Where2 =:= new, padding_check, Versions, ['tlsv1']),
 
     %% Use 'new' we need to check for non default 'one_n_minus_one'
-    Opts1 = set_opt_new(new, beast_mitigation, disabled, BM, Opts),
+    Opts1 = if
+                DefBeast =:= one_n_minus_one, BM =:= disabled ->
+                    Opts#{beast_mitigation => BM};
+                true ->
+                    set_opt_new(new, beast_mitigation, disabled, BM, Opts)
+            end,
     set_opt_new(Where2, padding_check, true, PC, Opts1).
 
 opt_server(UserOpts, #{versions := Versions, log_level := LogLevel} = Opts, #{role := server}) ->
diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl
index 6dfe198159..a459c0c5b7 100644
--- a/lib/ssl/test/ssl_api_SUITE.erl
+++ b/lib/ssl/test/ssl_api_SUITE.erl
@@ -230,6 +230,8 @@
          run_client_error/1
         ]).
 
+-compile([nowarn_deprecated_function]).
+
 
 -define(SLEEP, 500).
 %%--------------------------------------------------------------------
@@ -2279,8 +2281,8 @@ customize_defaults(Opts, Role, Host) ->
                 {__DefOpts, __Opts} = customize_defaults(Opts, Role, Host),
                 try ssl:handle_options(__Opts, Role, Host) of
                     {ok, #config{ssl=EXP = __ALL}} ->
-                        ShouldBeMissing = ShouldBeMissing -- maps:keys(__ALL);
-                       %% __ALL = ssl:update_options([], Role, __ALL);
+                        check_expected(ShouldBeMissing, ShouldBeMissing -- maps:keys(__ALL)),
+                        check_expected(__ALL, ssl:update_options([], Role, __ALL));
                     Other ->
                         ?CT_PAL("ssl:handle_options(~0p,~0p,~0p).",[__Opts,Role,Host]),
                         error({unexpected, Other})
@@ -2292,7 +2294,7 @@ customize_defaults(Opts, Role, Host) ->
                 end,
                 try ssl:update_options(__Opts, Role, __DefOpts) of
                     EXP = __ALL2 ->
-                        ShouldBeMissing = ShouldBeMissing -- maps:keys(__ALL2);
+                        check_expected(ShouldBeMissing, ShouldBeMissing -- maps:keys(__ALL2));
                     Other2 ->
                         ?CT_PAL("{ok,Cfg} = ssl:handle_options([],~p,~p),"
                                "ssl:update_options(~w,~w, element(2,Cfg)).",
@@ -2376,6 +2378,38 @@ customize_defaults(Opts, Role, Host) ->
                 end
         end()).
 
+check_expected(A, A) ->
+    ok;
+check_expected(A, B) when is_list(A), is_list(B) ->
+    Diff1 = A -- B,
+    Diff2 = B -- A,
+    ct:log("NOT EQUAL~n ~p~n ~p~n", [A,B]),
+    if Diff1 =/= [], Diff2 =/= [] ->
+            ct:fail({not_equal, {line, ?LINE}, Diff1, Diff2});
+       Diff2 =/= [] ->
+            ct:fail({not_equal, {line, ?LINE}, Diff2});
+       true ->
+            ct:fail({not_equal, {line, ?LINE}, Diff1})
+    end;
+check_expected(A, B) when is_map(A), is_map(B) ->
+    Diff1 = [{KeyA, ValA}
+             || KeyA := ValA <- A, ValA =/= maps:get(KeyA, B, missing_key_val)],
+    Diff2 = [{KeyB, ValB}
+             || KeyB := ValB <- B, ValB =/= maps:get(KeyB, A, missing_key_val)],
+    ct:log("NOT EQUAL~n ~p~n ~p~n", [A,B]),
+    if Diff1 =/= [], Diff2 =/= [] ->
+            ct:fail({not_equal, {line, ?LINE}, Diff1, Diff2});
+       Diff2 =/= [] ->
+            ct:fail({not_equal, {line, ?LINE}, Diff2});
+       true ->
+            ct:fail({not_equal, {line, ?LINE}, Diff1})
+    end;
+check_expected({ok, Term1}, {ok, Term2}) ->
+    check_expected(Term1, Term2);
+check_expected(A, B) ->
+    ct:log("NOT EQUAL~n ~p~n~p~n", [A,B]),
+    ct:fail(not_equal).
+
 
 options_whitebox(Config) when is_list(Config) ->
     Cert = proplists:get_value(cert, ssl_test_lib:ssl_options(server_rsa_der_opts, Config)),
@@ -2545,11 +2579,10 @@ options_anti_replay(_Config) ->
 
 options_beast_mitigation(_Config) -> %% Beast mitigation TLS-1.0 option only
     ?OK(#{beast_mitigation := one_n_minus_one}, [{versions, [tlsv1,'tlsv1.1']}], client),
+
     ?OK(#{}, [{versions, ['tlsv1.1']}], client, [beast_mitigation]),
-    ?OK(#{}, [{beast_mitigation, disabled}, {versions, [tlsv1]}], client,
-        [beast_mitigation]),
-    ?OK(#{beast_mitigation := zero_n},
-        [{beast_mitigation, zero_n}, {versions, [tlsv1]}], client),
+    ?OK(#{}, [{beast_mitigation, disabled}, {versions, [tlsv1]}], client),
+    ?OK(#{beast_mitigation := zero_n}, [{beast_mitigation, zero_n}, {versions, [tlsv1]}], client),
 
     %% Errors
     ?ERR({beast_mitigation, enabled},
@@ -2595,7 +2628,7 @@ options_cert(Config) -> %% cert[file] cert_keys keys password
     ?OK(#{certs_keys := [#{certfile := <<"/tmp/foo">>, keyfile := <<"/tmp/foo">>}]},
         [{certfile, <<"/tmp/foo">>}], client, Old),
 
-    ?OK(#{certs_keys := [#{}]}, [{certs_keys, [#{}]}], client),
+    ?OK(#{certs_keys := []}, [{certs_keys, [#{}]}], client),
 
     ?OK(#{certs_keys := [#{key := {rsa, <<>>}}]},
         [{key, {rsa, <<>>}}], client, Old),
@@ -2620,7 +2653,7 @@ options_cert(Config) -> %% cert[file] cert_keys keys password
     ?OK(#{certs_keys := [#{certfile := <<"/tmp/foo">>, keyfile := <<"/tmp/baz">>}]},
         [{certfile, <<"/tmp/foo">>}, {keyfile, "/tmp/baz"}], client, Old),
 
-    ?OK(#{certs_keys := [#{}]},
+    ?OK(#{certs_keys := []},
         [{cert, Cert}, {certfile, "/tmp/foo"}, {certs_keys, [#{}]}],
         client, Old),
 
-- 
2.35.3

Places

File 1681-Add-another-option-test.patch of Package erlang

Places