File 3901-ssl-Improve-interop-test.patch of Package erlang
From 4931ff75a61b7020a7a9aa1d597f9215960423f5 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Mon, 30 Jan 2023 11:41:02 +0100
Subject: [PATCH] ssl: Improve interop test
For DTLS first check inter-op of corresponding TLS version, as it
needs to be supported as DTLS is defined as diff towards TLS,
and inter-op test towards DTLS might be inconclusive due to UDP not being
a reliable transport.
---
lib/ssl/test/ssl_test_lib.erl | 52 +++++++++++++++++++++++------------
1 file changed, 34 insertions(+), 18 deletions(-)
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index feeedca4ee..836e62e0a9 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -2755,8 +2755,7 @@ is_dtls_version('dtlsv1') ->
is_dtls_version(_) ->
false.
-openssl_tls_version_support(Version, Config0) ->
- %% Check if version is supported
+openssl_tls_version_support(Version, Config0) ->
Config = make_rsa_cert(Config0),
ServerOpts = proplists:get_value(server_rsa_opts, Config),
Port = inet_port(node()),
@@ -2765,20 +2764,37 @@ openssl_tls_version_support(Version, Config0) ->
KeyFile = proplists:get_value(keyfile, ServerOpts),
Exe = "openssl",
Opts0 = [{versions, [Version]}, {verify, verify_none}],
- {Proto, Opts} = case is_tls_version(Version) of
- true -> {tls, [{protocol,tls}|Opts0]};
- false -> {dtls, patch_dtls_options([{protocol, dtls}|Opts0])}
- end,
- Args0 = case Proto of
- tls ->
- ["s_server", "-accept",
- integer_to_list(Port), "-CAfile", CaCertFile,
- "-cert", CertFile,"-key", KeyFile];
- dtls ->
- ["s_server", "-accept",
- integer_to_list(Port), "-dtls", "-CAfile", CaCertFile,
- "-cert", CertFile,"-key", KeyFile]
- end,
+ TLSOpts = [{protocol,tls}|Opts0],
+ DTLSOpts = patch_dtls_options([{protocol, dtls}|Opts0]),
+
+ TLSArgs = ["s_server", "-accept",
+ integer_to_list(Port), "-CAfile", CaCertFile,
+ "-cert", CertFile,"-key", KeyFile],
+ DTLSArgs = ["s_server", "-accept",
+ integer_to_list(Port), "-dtls", "-CAfile", CaCertFile,
+ "-cert", CertFile,"-key", KeyFile],
+
+ case is_tls_version(Version) of
+ true ->
+ openssl_tls_version_support(tls, TLSOpts, Port, Exe, TLSArgs);
+ false ->
+ DTLSTupleVersion = dtls_record:protocol_version(Version),
+ CorrespondingTLSVersion = dtls_v1:corresponding_tls_version(DTLSTupleVersion),
+ AtomTLSVersion = tls_record:protocol_version(CorrespondingTLSVersion),
+ CorrTLSOpts = [{protocol,tls}, {versions, [AtomTLSVersion]},
+ {verify, verify_none}],
+ case openssl_tls_version_support(tls, CorrTLSOpts, Port, Exe, TLSArgs) of
+ true ->
+ %% If corresponding TLS version is not supported DTLS
+ %% will not be supported and test for it will be inconclusive
+ %% due to UDP not being a reliable transport
+ openssl_tls_version_support(dtls, DTLSOpts, Port, Exe, DTLSArgs);
+ false ->
+ false
+ end
+ end.
+
+openssl_tls_version_support(Proto, Opts, Port, Exe, Args0) ->
Args = maybe_force_ipv4(Args0),
OpensslPort = portable_open_port(Exe, Args),
try wait_for_openssl_server(Port, Proto) of
@@ -2789,7 +2805,7 @@ openssl_tls_version_support(Version, Config0) ->
close_port(OpensslPort),
true;
{error, {tls_alert, {protocol_version, _}}} ->
- ?PAL("OpenSSL does not support ~p", [Version]),
+ ?PAL("OpenSSL does not support ~p", [proplists:get_value(versions, Opts)]),
close_port(OpensslPort),
false;
{error, {tls_alert, Alert}} ->
@@ -2803,7 +2819,7 @@ openssl_tls_version_support(Version, Config0) ->
end
catch
_:_ ->
- ?PAL("OpenSSL does not support ~p", [Version]),
+ ?PAL("OpenSSL does not support ~p", [proplists:get_value(versions, Opts)]),
close_port(OpensslPort),
false
end.
--
2.35.3
