[erlang-patches] new veriosn elliptic curve support

Lukas Larsson <>
Wed Mar 6 10:50:28 CET 2013


Hello again,

Since we want Erlang/OTP to be runnable on OS X Leopard we have to make 
an exception to the OpenSSL supported version and make it work here. So 
somekind of workaround needs to be done. I'm not sure if this problem is 
for all 0.9.7, or if it is Apple which have decided to do things a 
specific way. So maybe the best way would be to check if the header 
files exist in configure and then ifdef based on that. Alternatively if 
you can determine that this is the way it works in 0.9.7, then you 
should just be able to ifdef on the openssl version define.

Lukas

On 05/03/13 19:25, Lukas Larsson wrote:
> hmm, now that you mention it, it's 0.9.7l which is unsupported by us. 
> I'll get back to you if we need to work around this, or if we can just 
> leave it.
>
> Lukas
>
> On 05/03/13 19:12, Andreas Schultz wrote:
>> Hi,
>>
>> ----- Original Message -----
>>> Hello!
>>>
>>> I just noticed that this patch seems to break the OS X Leopard build.
>>>
>>> ./otp_build autoconf
>>> ./otp_build configure --enable-smp-support --enable-darwin-universal
>>> make
>>> ...
>>> Lots of text
>>> ...
>> [...]
>>
>>> It would seem like OPENSSL_NO_EC is not defined on OS X Leopard, 
>>> even if
>>> the feature is not supported. The feature is supported on Snow Leopard
>>> and Lion.
>>>
>>> I don't really know how this is meant to work, but maybe a configure
>>> test for osx leopard could work?
>> A test for the openssl version possibly combined with a platform check
>> might be sufficient. I checked openssl 0.9.7 and they did support EC
>> and the OPENSSL_NO_EC define. Could you find out what openssl version
>> leopard has?
>>
>>> As a side note, strangely openssl/ec.h exists, but not ecdh and
>>> ecdsa.... maybe that's why it is not defined? Let me know if you need
>>> any more info.
>> I'll extend the check for NO_ECDH and NO_ECDSA, that should take care of
>> such a situation.
>>
>> Andreas
>>
>>> Lukas
>>>
>>> On 28/02/13 09:43, Fredrik wrote:
>>>> On 02/27/2013 07:33 PM, Andreas Schultz wrote:
>>>>> Hi,
>>>>>
>>>>> I have fixed the ssl_to_openssl_SUITE failure. The test suite 
>>>>> tried to
>>>>> use an EC cipher on an openssl version that has no support for that
>>>>> cipher.
>>>>>
>>>>> I have also tried to reproduced the failing crypto ec test on Ubuntu
>>>>> natty 32bit and 64bit with halfword and m32-build, but it does pass
>>>>> the test on all those variants.
>>>>>
>>>>> Is there anything special or non-standard in your test setup
>>>>> (e.g. configuration switches, manually installed libraries, ...)???
>>>>>
>>>>> New version with fixed ssl_to_openssl_SUITE here:
>>>>>
>>>>> git fetch git://github.com/RoadRunnr/otp.git tls-psk-srp-suites-ECC
>>>>>
>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites-ECC 
>>>>>
>>>>> https://github.com/RoadRunnr/otp/compare/master...tls-psk-srp-suites-ECC.patch 
>>>>>
>>>>>
>>>>>
>>>>> Andreas
>>>>>
>>>>> ----- Original Message -----
>>>>>> Hi!
>>>>>>
>>>>>> Andreas Schultz wrote:
>>>>>>> ----- Original Message -----
>>>>>>>> Hi!
>>>>>>>>
>>>>>>>> I took a look at the failing test cases  and found that whit 
>>>>>>>> openssl
>>>>>>>> 0.9.8k,  openssl
>>>>>>>>
>>>>>>>> will crash with errors like the following:
>>>>>>>>
>>>>>>>> openssl 25966:error:14092073:SSL
>>>>>>>> routines:SSL3_GET_SERVER_HELLO:bad packet
>>>>>>>> length:s3_clnt.c:879:
>>>>>>>> CONNECTED(00000003)
>>>>>>>>
>>>>>>>>
>>>>>>>> **** User 2013-02-25 11:01:47.291 ****
>>>>>>>> ssl_to_openssl_SUITE:basic_erlang_server_openssl_client failed on
>>>>>>>> line
>>>>>>>> 249 Reason: {test_case_failed,{{expected,{<0.11346.0>,ok}},
>>>>>>>> {got,{'EXIT',#Port<0.11738>,normal}}}}
>>>>>>>>
>>>>>>>>
>>>>>>>> That is why the the test case gets {EXIT',#Port<0.11738>,normal}
>>>>>>>>
>>>>>>>> for the test cases erlang_server_openssl_client,
>>>>>>>> erlang_server_openssl_client_client_cert,
>>>>>>>> erlang_server_openssl_client_dsa_cert,
>>>>>>>> erlang_server_openssl_client_reuse_session
>>>>>>>>
>>>>>>>>
>>>>>>>> and with openssl openssl 0.9.8k and 0.9.8.o  there is a hanshake
>>>>>>>> failure
>>>>>>>> in the ciphers_rsa_signed_certs test case
>>>>>>>> <http://otp.ericsson.se:8000/product/internal/test/test_results/pu_R16B/2013_02_25/otp_r16b_elbereth_linux-gnu_x86_64_64_s4_a6_meamax/ct_run.test_server@elbereth.2013-02-26_04.53.56/test.ssl_test.logs/run.2013-02-26_04.53.59/ssl_to_openssl_suite.src.html#ciphers_rsa_signed_certs-1> 
>>>>>>>>
>>>>>>>>
>>>>>>> Got that too. Will investigate.
>>>>>>>
>>>>>>> Yet this still doesn't explain why the i386 build is showing
>>>>>>> a failure in the crypto EC tests (this also cause a lot of
>>>>>>> the ssl failures later on).
>>>>>> Yes it could be good to investigate that first.
>>>>>> Looking at the crypto testruns it fails on openssl 0.9.8k.
>>>>>>
>>>>>> Regards Ingela Erlang/OTP team - Ericsson AB
>>>>>>
>>>>>> [...]
>>>>>>
>>>> Hello,
>>>> Re-fetched. Let's see how the testing go now!
>>>> There should be no special configurations as far as I know..
>>>>
>>>
>
> _______________________________________________
> erlang-patches mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-patches
>



More information about the erlang-patches mailing list