Adjust tests to also pass when using BoringSSL (#7946)
Motivation: Some of the tests failed when using BoringSSL as some protocol / cipher combinations are not supported and it uses a different alert when the cert is not valid yet. Modification: - Remove protocol / cipher combos that are not supported by BoringSSL - Test for different alert when using BoringSSL Result: Not test failures when using BoringSSL.
This commit is contained in:
parent
932d77b83e
commit
0bce0450c0
@ -558,9 +558,7 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
.build();
|
.build();
|
||||||
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AES128-SHA");
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-CAMELLIA128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "DES-CBC3-SHA");
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-AES128-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AECDH-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "CAMELLIA128-SHA");
|
||||||
@ -568,7 +566,6 @@ public class OpenSslEngineTest extends SSLEngineTest {
|
|||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "SEED-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "SEED-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-MD5");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "RC4-MD5");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES256-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-AES256-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "AES256-SHA");
|
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-SEED-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-SEED-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "ADH-DES-CBC3-SHA");
|
||||||
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");
|
testWrapWithDifferentSizes(PROTOCOL_SSL_V3, "EDH-RSA-DES-CBC3-SHA");
|
||||||
|
@ -203,14 +203,24 @@ public class SslErrorTest {
|
|||||||
if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
|
if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
|
||||||
verifyException(unwrappedCause, "expired", promise);
|
verifyException(unwrappedCause, "expired", promise);
|
||||||
} else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
|
} else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
|
||||||
|
// BoringSSL uses "expired" in this case while others use "bad"
|
||||||
|
if ("BoringSSL".equals(OpenSsl.versionString())) {
|
||||||
|
verifyException(unwrappedCause, "expired", promise);
|
||||||
|
} else {
|
||||||
verifyException(unwrappedCause, "bad", promise);
|
verifyException(unwrappedCause, "bad", promise);
|
||||||
|
}
|
||||||
} else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
|
} else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
|
||||||
verifyException(unwrappedCause, "revoked", promise);
|
verifyException(unwrappedCause, "revoked", promise);
|
||||||
}
|
}
|
||||||
} else if (exception instanceof CertificateExpiredException) {
|
} else if (exception instanceof CertificateExpiredException) {
|
||||||
verifyException(unwrappedCause, "expired", promise);
|
verifyException(unwrappedCause, "expired", promise);
|
||||||
} else if (exception instanceof CertificateNotYetValidException) {
|
} else if (exception instanceof CertificateNotYetValidException) {
|
||||||
|
// BoringSSL uses "expired" in this case while others use "bad"
|
||||||
|
if ("BoringSSL".equals(OpenSsl.versionString())) {
|
||||||
|
verifyException(unwrappedCause, "expired", promise);
|
||||||
|
} else {
|
||||||
verifyException(unwrappedCause, "bad", promise);
|
verifyException(unwrappedCause, "bad", promise);
|
||||||
|
}
|
||||||
} else if (exception instanceof CertificateRevokedException) {
|
} else if (exception instanceof CertificateRevokedException) {
|
||||||
verifyException(unwrappedCause, "revoked", promise);
|
verifyException(unwrappedCause, "revoked", promise);
|
||||||
}
|
}
|
||||||
@ -242,7 +252,9 @@ public class SslErrorTest {
|
|||||||
if (message.toLowerCase(Locale.UK).contains(messagePart.toLowerCase(Locale.UK))) {
|
if (message.toLowerCase(Locale.UK).contains(messagePart.toLowerCase(Locale.UK))) {
|
||||||
promise.setSuccess(null);
|
promise.setSuccess(null);
|
||||||
} else {
|
} else {
|
||||||
promise.setFailure(new AssertionError("message not contains '" + messagePart + "': " + message));
|
Throwable error = new AssertionError("message not contains '" + messagePart + "': " + message);
|
||||||
|
error.initCause(cause);
|
||||||
|
promise.setFailure(error);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user