From 0bce0450c05697df6ff77a0a14183ee53a00053f Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Wed, 16 May 2018 18:58:27 +0200 Subject: [PATCH] Adjust tests to also pass when using BoringSSL (#7946) Motivation: Some of the tests failed when using BoringSSL as some protocol / cipher combinations are not supported and it uses a different alert when the cert is not valid yet. Modification: - Remove protocol / cipher combos that are not supported by BoringSSL - Test for different alert when using BoringSSL Result: Not test failures when using BoringSSL. --- .../netty/handler/ssl/OpenSslEngineTest.java | 3 --- .../io/netty/handler/ssl/SslErrorTest.java | 18 +++++++++++++++--- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java index 9949dd9189..944b22b028 100644 --- a/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java @@ -558,9 +558,7 @@ public class OpenSslEngineTest extends SSLEngineTest { .build(); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA"); - testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AES128-SHA"); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA"); - testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DES-CBC3-SHA"); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES128-SHA"); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA"); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA128-SHA"); @@ -568,7 +566,6 @@ public class OpenSslEngineTest extends SSLEngineTest { testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "SEED-SHA"); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-MD5"); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES256-SHA"); - testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AES256-SHA"); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-SEED-SHA"); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA"); testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA"); diff --git a/handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java b/handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java index 27aa9bfe16..6285ae0c4e 100644 --- a/handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/SslErrorTest.java @@ -203,14 +203,24 @@ public class SslErrorTest { if (reason == CertPathValidatorException.BasicReason.EXPIRED) { verifyException(unwrappedCause, "expired", promise); } else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) { - verifyException(unwrappedCause, "bad", promise); + // BoringSSL uses "expired" in this case while others use "bad" + if ("BoringSSL".equals(OpenSsl.versionString())) { + verifyException(unwrappedCause, "expired", promise); + } else { + verifyException(unwrappedCause, "bad", promise); + } } else if (reason == CertPathValidatorException.BasicReason.REVOKED) { verifyException(unwrappedCause, "revoked", promise); } } else if (exception instanceof CertificateExpiredException) { verifyException(unwrappedCause, "expired", promise); } else if (exception instanceof CertificateNotYetValidException) { - verifyException(unwrappedCause, "bad", promise); + // BoringSSL uses "expired" in this case while others use "bad" + if ("BoringSSL".equals(OpenSsl.versionString())) { + verifyException(unwrappedCause, "expired", promise); + } else { + verifyException(unwrappedCause, "bad", promise); + } } else if (exception instanceof CertificateRevokedException) { verifyException(unwrappedCause, "revoked", promise); } @@ -242,7 +252,9 @@ public class SslErrorTest { if (message.toLowerCase(Locale.UK).contains(messagePart.toLowerCase(Locale.UK))) { promise.setSuccess(null); } else { - promise.setFailure(new AssertionError("message not contains '" + messagePart + "': " + message)); + Throwable error = new AssertionError("message not contains '" + messagePart + "': " + message); + error.initCause(cause); + promise.setFailure(error); } }