Adjust tests to also pass when using BoringSSL (#7946)

Motivation:

Some of the tests failed when using BoringSSL as some protocol / cipher combinations are not supported and it uses a different alert when the cert is not valid yet.

Modification:

- Remove protocol / cipher combos that are not supported by BoringSSL
- Test for different alert when using BoringSSL

Result:

Not test failures when using BoringSSL.
This commit is contained in:
Norman Maurer 2018-05-16 18:58:27 +02:00 committed by GitHub
parent 932d77b83e
commit 0bce0450c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 6 deletions

View File

@ -558,9 +558,7 @@ public class OpenSslEngineTest extends SSLEngineTest {
.build();
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
@ -568,7 +566,6 @@ public class OpenSslEngineTest extends SSLEngineTest {
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-MD5");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AES256-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-SEED-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");

View File

@ -203,14 +203,24 @@ public class SslErrorTest {
if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
verifyException(unwrappedCause, "expired", promise);
} else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
verifyException(unwrappedCause, "bad", promise);
// BoringSSL uses "expired" in this case while others use "bad"
if ("BoringSSL".equals(OpenSsl.versionString())) {
verifyException(unwrappedCause, "expired", promise);
} else {
verifyException(unwrappedCause, "bad", promise);
}
} else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
verifyException(unwrappedCause, "revoked", promise);
}
} else if (exception instanceof CertificateExpiredException) {
verifyException(unwrappedCause, "expired", promise);
} else if (exception instanceof CertificateNotYetValidException) {
verifyException(unwrappedCause, "bad", promise);
// BoringSSL uses "expired" in this case while others use "bad"
if ("BoringSSL".equals(OpenSsl.versionString())) {
verifyException(unwrappedCause, "expired", promise);
} else {
verifyException(unwrappedCause, "bad", promise);
}
} else if (exception instanceof CertificateRevokedException) {
verifyException(unwrappedCause, "revoked", promise);
}
@ -242,7 +252,9 @@ public class SslErrorTest {
if (message.toLowerCase(Locale.UK).contains(messagePart.toLowerCase(Locale.UK))) {
promise.setSuccess(null);
} else {
promise.setFailure(new AssertionError("message not contains '" + messagePart + "': " + message));
Throwable error = new AssertionError("message not contains '" + messagePart + "': " + message);
error.initCause(cause);
promise.setFailure(error);
}
}