Overview

File 0524-ssl-Fix-CRL-suite-with-openssl-1.1.1a.patch of Package erlang

From 348483658478645e12127e888fd53aed45ad750f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Wed, 9 Jan 2019 16:40:15 +0100
Subject: [PATCH] ssl: Fix CRL suite with openssl-1.1.1a

Later versions of openssl do not support negative integers for
CRL due time (used for negative testing).

As a workaround this commit implements a function that can set
CRL due time in seconds and makes the testcase
'crl_hash_dir_expired' sleep for one second.

Change-Id: I2ef8b3c6ee545bd09170fa6027cb9ca38cfb42c0
---
 lib/ssl/test/make_certs.erl    | 12 ++++++++++++
 lib/ssl/test/ssl_crl_SUITE.erl |  7 +++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/lib/ssl/test/make_certs.erl b/lib/ssl/test/make_certs.erl
index 8fe7c54549..7f3371da9a 100644
--- a/lib/ssl/test/make_certs.erl
+++ b/lib/ssl/test/make_certs.erl
@@ -189,6 +189,18 @@ gencrl(Root, CA, C, CrlHours) ->
     Env = [{"ROOTDIR", filename:absname(Root)}], 
     cmd(Cmd, Env).
 
+%% This function sets the number of seconds until the next CRL is due.
+gencrl_sec(Root, CA, C, CrlSecs) ->
+    CACnfFile = filename:join([Root, CA, "ca.cnf"]),
+    CACRLFile = filename:join([Root, CA, "crl.pem"]),
+    Cmd = [C#config.openssl_cmd, " ca"
+	   " -gencrl ",
+	   " -crlsec ", integer_to_list(CrlSecs),
+	   " -out ", CACRLFile,
+	   " -config ", CACnfFile],
+    Env = [{"ROOTDIR", filename:absname(Root)}],
+    cmd(Cmd, Env).
+
 can_generate_expired_crls(C) ->
     %% OpenSSL can generate CRLs with an expiration date in the past,
     %% if we pass a negative number for -crlhours.  However, LibreSSL
diff --git a/lib/ssl/test/ssl_crl_SUITE.erl b/lib/ssl/test/ssl_crl_SUITE.erl
index 23c5eaf84d..c61039b5da 100644
--- a/lib/ssl/test/ssl_crl_SUITE.erl
+++ b/lib/ssl/test/ssl_crl_SUITE.erl
@@ -383,8 +383,11 @@ crl_hash_dir_expired(Config) when is_list(Config) ->
 	 {verify, verify_peer}],
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
-    %% First make a CRL that expired yesterday.
-    make_certs:gencrl(PrivDir, CA, CertsConfig, -24),
+    %% First make a CRL that will expire in one second.
+    make_certs:gencrl_sec(PrivDir, CA, CertsConfig, 1),
+    %% Sleep until the next CRL is due
+    ct:sleep({seconds, 1}),
+
     CrlDir = filename:join(PrivDir, "crls"),
     populate_crl_hash_dir(PrivDir, CrlDir,
 			  [{CA, "1627b4b0"}],
-- 
2.16.4
openSUSE Build Service is sponsored by
Places