File 4651-ssl-Add-check-that-OpenSSL-s_client-supports-sigalgs.patch of Package erlang
From 15804043853e7b7098e655f23ecb12f455c0da0e Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Wed, 5 Jan 2022 09:07:35 +0100
Subject: [PATCH 1/2] ssl: Add check that OpenSSL s_client supports sigalgs
option
Also exclude OpenSSL-1.0* as even if it support sigalgs option
it does note support the signature algs we are interested in.
---
lib/ssl/test/openssl_sni_SUITE.erl | 33 ++++++++++++++++++++++++++----
1 file changed, 29 insertions(+), 4 deletions(-)
diff --git a/lib/ssl/test/openssl_sni_SUITE.erl b/lib/ssl/test/openssl_sni_SUITE.erl
index 4e25ddb467..3d00d25e1e 100644
--- a/lib/ssl/test/openssl_sni_SUITE.erl
+++ b/lib/ssl/test/openssl_sni_SUITE.erl
@@ -248,15 +248,40 @@ sni_test(ServerNode, ServerOptions0, ClientOptions, Config) ->
maybe_add_sigalgs(Version, ServerOptions) when Version == 'tlsv1.3';
Version == 'tlsv1.2' ->
- [{signature_algs, [rsa_pss_rsae_sha512,
- rsa_pss_rsae_sha384,
- rsa_pss_rsae_sha256]} | ServerOptions];
+ case maybe_add_openssl_sigalgs(Version) of
+ [] ->
+ [{signature_algs, [rsa_pss_rsae_sha512,
+ rsa_pss_rsae_sha384,
+ rsa_pss_rsae_sha256,
+ {sha512, rsa},
+ {sha384, rsa},
+ {sha256, rsa},
+ {sha224, rsa},
+ {sha, rsa}
+ ]
+ } | ServerOptions];
+ _ ->
+ [{signature_algs, [rsa_pss_rsae_sha512,
+ rsa_pss_rsae_sha384,
+ rsa_pss_rsae_sha256]} | ServerOptions]
+ end;
maybe_add_sigalgs(_, ServerOptions) ->
ServerOptions.
maybe_add_openssl_sigalgs(Version) when Version == 'tlsv1.3';
Version == 'tlsv1.2' ->
- [{sigalgs, "rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:rsa_pss_rsae_sha256"}];
+ case ssl_test_lib:portable_cmd("openssl", ["version"]) of
+ "OpenSSL 1.0" ++ _ ->
+ [];
+ _ ->
+ HelpText = ssl_test_lib:portable_cmd("openssl", ["s_client", "--help"]),
+ case string:str(HelpText, "-sigalgs") of
+ 0 ->
+ [];
+ _ ->
+ [{sigalgs, "rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:rsa_pss_rsae_sha256"}]
+ end
+ end;
maybe_add_openssl_sigalgs(_) ->
[].
--
2.31.1
