[erlang-patches] new veriosn elliptic curve support

Andreas Schultz aschultz@REDACTED
Tue Mar 5 19:12:48 CET 2013


Hi,

----- Original Message -----
> Hello!
> 
> I just noticed that this patch seems to break the OS X Leopard build.
> 
> ./otp_build autoconf
> ./otp_build configure --enable-smp-support --enable-darwin-universal
> make
> ...
> Lots of text
> ...

[...]

> It would seem like OPENSSL_NO_EC is not defined on OS X Leopard, even if
> the feature is not supported. The feature is supported on Snow Leopard
> and Lion.
> 
> I don't really know how this is meant to work, but maybe a configure
> test for osx leopard could work?

A test for the openssl version possibly combined with a platform check
might be sufficient. I checked openssl 0.9.7 and they did support EC
and the OPENSSL_NO_EC define. Could you find out what openssl version
leopard has?

> As a side note, strangely openssl/ec.h exists, but not ecdh and
> ecdsa.... maybe that's why it is not defined? Let me know if you need
> any more info.

I'll extend the check for NO_ECDH and NO_ECDSA, that should take care of
such a situation.

Andreas

> Lukas
> 
> On 28/02/13 09:43, Fredrik wrote:
> > On 02/27/2013 07:33 PM, Andreas Schultz wrote:
> >> Hi,
> >>
> >> I have fixed the ssl_to_openssl_SUITE failure. The test suite tried to
> >> use an EC cipher on an openssl version that has no support for that
> >> cipher.
> >>
> >> I have also tried to reproduced the failing crypto ec test on Ubuntu
> >> natty 32bit and 64bit with halfword and m32-build, but it does pass
> >> the test on all those variants.
> >>
> >> Is there anything special or non-standard in your test setup
> >> (e.g. configuration switches, manually installed libraries, ...)???
> >>
> >> New version with fixed ssl_to_openssl_SUITE here:
> >>
> >> git fetch git://github.com/RoadRunnr/otp.git tls-psk-srp-suites-ECC
> >>
> >> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites-ECC
> >> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites-ECC.patch
> >>
> >>
> >> Andreas
> >>
> >> ----- Original Message -----
> >>> Hi!
> >>>
> >>> Andreas Schultz wrote:
> >>>> ----- Original Message -----
> >>>>> Hi!
> >>>>>
> >>>>> I took a look at the failing test cases  and found that whit openssl
> >>>>> 0.9.8k,  openssl
> >>>>>
> >>>>> will crash with errors like the following:
> >>>>>
> >>>>> openssl 25966:error:14092073:SSL
> >>>>> routines:SSL3_GET_SERVER_HELLO:bad packet
> >>>>> length:s3_clnt.c:879:
> >>>>> CONNECTED(00000003)
> >>>>>
> >>>>>
> >>>>> **** User 2013-02-25 11:01:47.291 ****
> >>>>> ssl_to_openssl_SUITE:basic_erlang_server_openssl_client failed on
> >>>>> line
> >>>>> 249 Reason: {test_case_failed,{{expected,{<0.11346.0>,ok}},
> >>>>> {got,{'EXIT',#Port<0.11738>,normal}}}}
> >>>>>
> >>>>>
> >>>>> That is why the the test case gets {EXIT',#Port<0.11738>,normal}
> >>>>>
> >>>>> for the test cases erlang_server_openssl_client,
> >>>>> erlang_server_openssl_client_client_cert,
> >>>>> erlang_server_openssl_client_dsa_cert,
> >>>>> erlang_server_openssl_client_reuse_session
> >>>>>
> >>>>>
> >>>>> and with openssl openssl 0.9.8k and 0.9.8.o  there is a hanshake
> >>>>> failure
> >>>>> in the ciphers_rsa_signed_certs test case
> >>>>> <http://otp.ericsson.se:8000/product/internal/test/test_results/pu_R16B/2013_02_25/otp_r16b_elbereth_linux-gnu_x86_64_64_s4_a6_meamax/ct_run.test_server@elbereth.2013-02-26_04.53.56/test.ssl_test.logs/run.2013-02-26_04.53.59/ssl_to_openssl_suite.src.html#ciphers_rsa_signed_certs-1>
> >>>>>
> >>>> Got that too. Will investigate.
> >>>>
> >>>> Yet this still doesn't explain why the i386 build is showing
> >>>> a failure in the crypto EC tests (this also cause a lot of
> >>>> the ssl failures later on).
> >>> Yes it could be good to investigate that first.
> >>> Looking at the crypto testruns it fails on openssl 0.9.8k.
> >>>
> >>> Regards Ingela Erlang/OTP team - Ericsson AB
> >>>
> >>> [...]
> >>>
> > Hello,
> > Re-fetched. Let's see how the testing go now!
> > There should be no special configurations as far as I know..
> >
> 
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------ managed broadband access ------------------

Travelping GmbH               phone:           +49-391-8190990
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: HRB21276 Handelsregistergericht Chemnitz
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------



More information about the erlang-patches mailing list