Adjust tests to also pass when using BoringSSL (#7946)
Motivation: Some of the tests failed when using BoringSSL as some protocol / cipher combinations are not supported and it uses a different alert when the cert is not valid yet. Modification: - Remove protocol / cipher combos that are not supported by BoringSSL - Test for different alert when using BoringSSL Result: Not test failures when using BoringSSL.
This commit is contained in:
parent
932d77b83e
commit
0bce0450c0
@ -558,9 +558,7 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
||||
.build();
|
||||
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AES128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
|
||||
@ -568,7 +566,6 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "SEED-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-MD5");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AES256-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-SEED-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
|
||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");
|
||||
|
@ -203,14 +203,24 @@ public class SslErrorTest {
|
||||
if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
|
||||
verifyException(unwrappedCause, "expired", promise);
|
||||
} else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
|
||||
verifyException(unwrappedCause, "bad", promise);
|
||||
// BoringSSL uses "expired" in this case while others use "bad"
|
||||
if ("BoringSSL".equals(OpenSsl.versionString())) {
|
||||
verifyException(unwrappedCause, "expired", promise);
|
||||
} else {
|
||||
verifyException(unwrappedCause, "bad", promise);
|
||||
}
|
||||
} else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
|
||||
verifyException(unwrappedCause, "revoked", promise);
|
||||
}
|
||||
} else if (exception instanceof CertificateExpiredException) {
|
||||
verifyException(unwrappedCause, "expired", promise);
|
||||
} else if (exception instanceof CertificateNotYetValidException) {
|
||||
verifyException(unwrappedCause, "bad", promise);
|
||||
// BoringSSL uses "expired" in this case while others use "bad"
|
||||
if ("BoringSSL".equals(OpenSsl.versionString())) {
|
||||
verifyException(unwrappedCause, "expired", promise);
|
||||
} else {
|
||||
verifyException(unwrappedCause, "bad", promise);
|
||||
}
|
||||
} else if (exception instanceof CertificateRevokedException) {
|
||||
verifyException(unwrappedCause, "revoked", promise);
|
||||
}
|
||||
@ -242,7 +252,9 @@ public class SslErrorTest {
|
||||
if (message.toLowerCase(Locale.UK).contains(messagePart.toLowerCase(Locale.UK))) {
|
||||
promise.setSuccess(null);
|
||||
} else {
|
||||
promise.setFailure(new AssertionError("message not contains '" + messagePart + "': " + message));
|
||||
Throwable error = new AssertionError("message not contains '" + messagePart + "': " + message);
|
||||
error.initCause(cause);
|
||||
promise.setFailure(error);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user