Permalink
Browse files

skip sslaccept_tout_test for R15B03

An SSL bug introduced in R15B03 makes the sslaccept_tout_test fail. The bug
is explained here:

http://erlang.org/pipermail/erlang-bugs/2012-November/003208.html
http://erlang.org/pipermail/erlang-bugs/2012-November/003209.html

Check the Erlang version and skip that test for R15B03.
  • Loading branch information...
1 parent 0f6226d commit dc424c8c0395e7cc1b49e89a7f305f4f233dd69c @vinoski vinoski committed Nov 28, 2012
Showing with 15 additions and 10 deletions.
  1. +15 −10 test/t2/app_test.erl
View
@@ -808,16 +808,21 @@ test_shaper() ->
test_sslaccept_timeout() ->
- io:format("sslaccept_tout_test\n", []),
- {ok, Sock} = gen_tcp:connect("localhost", 8443, [binary, {active, true}]),
- ?line ok = receive
- {tcp_closed, Sock} -> ok
- after
- %% keepalive_timeout is set to 10 secs. So, wait 15 secs
- %% before returning an error
- 15000 -> error
- end,
- gen_tcp:close(Sock),
+ case erlang:system_info(version) of
+ "5.9.3" ->
+ io:format("sslaccept_tout_test (skipping due to R15B03 bug)\n", []);
+ _ ->
+ io:format("sslaccept_tout_test\n", []),
+ {ok, Sock} = gen_tcp:connect("localhost", 8443, [binary, {active, true}]),
+ ?line ok = receive
+ {tcp_closed, Sock} -> ok
+ after
+ %% keepalive_timeout is set to 10 secs. So, wait 15 secs
+ %% before returning an error
+ 15000 -> error
+ end,
+ gen_tcp:close(Sock)
+ end,
ok.
test_ssl_multipart_post() ->

2 comments on commit dc424c8

Imho its better to wait for otp patch otherwise using ssl introduces a denial of service vulnerability due to a bug in r15b3. This regression bug was introduced to otp when another ssl bug was being fixed: lots of sockets in time_wait state due to ssl connections not closing properly. I bet ya the otp team will pull the current release and patch it before rereleasing, at least I hope they will.

Collaborator

vinoski replied Nov 29, 2012

I know why the bug occurred in OTP. My patch only disables a single test so that regular Yaws development can continue as usual, the alternative being that collaborators and contributors simply avoid running the tests due to the known failure. I've already sent a warning about the SSL problem to the Yaws mailing list, and regardless, not including this patch in the code base is pretty unlikely to keep someone who really wants to run Yaws on R15B03 from doing so. If the OTP team does issue a new release quickly, then I'll simply undo this patch just as quickly.

Please sign in to comment.