ssl: Add connection information on new cipher_suite format

1 files changed, 62 insertions, 60 deletions

diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 959de60f57..305b13e5c4 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -147,8 +147,7 @@ options_tests_tls() ->
      tls_tcp_reuseaddr].
 
 api_tests() ->
-    [connection_info,
-     secret_connection_info,
+    [secret_connection_info,
      connection_information,
      peercert,
      peercert_with_client_cert,
@@ -610,7 +609,16 @@ new_options_in_accept(Config) when is_list(Config) ->
     [_ , _ | ServerSslOpts] = ssl_test_lib:ssl_options(server_opts, Config), %% Remove non ssl opts
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     Version = ssl_test_lib:protocol_options(Config, [{tls, sslv3}, {dtls, dtlsv1}]),
-    Cipher = ssl_test_lib:protocol_options(Config, [{tls, {rsa,rc4_128,sha}}, {dtls, {rsa,aes_128_cbc,sha}}]),
+    Cipher = ssl_test_lib:protocol_options(Config, [{tls, #{key_exchange =>rsa,
+                                                            cipher => rc4_128,
+                                                            mac => sha,
+                                                            prf => default_prf
+                                                           }}, 
+                                                    {dtls, #{key_exchange =>rsa,
+                                                             cipher => aes_128_cbc,
+                                                             mac => sha,
+                                                             prf => default_prf
+                                                            }}]),
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
 					{from, self()}, 
 					{ssl_extra_opts, [{versions, [Version]},
@@ -739,41 +747,6 @@ prf(Config) when is_list(Config) ->
 
 %%--------------------------------------------------------------------
 
-connection_info() ->
-    [{doc,"Test the API function ssl:connection_information/2"}].
-connection_info(Config) when is_list(Config) -> 
-    ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
-    ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
-    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-
-    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
-					{from, self()}, 
-					{mfa, {?MODULE, connection_info_result, []}},
-					{options, ServerOpts}]),
-    
-    Port = ssl_test_lib:inet_port(Server),
-    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
-					{host, Hostname},
-			   {from, self()}, 
-			   {mfa, {?MODULE, connection_info_result, []}},
-			   {options, 
-			    [{ciphers,[{dhe_rsa, aes_128_cbc, sha}]} | 
-			     ClientOpts]}]),
-    
-    ct:log("Testcase ~p, Client ~p  Server ~p ~n",
-		       [self(), Client, Server]),
-
-    Version = ssl_test_lib:protocol_version(Config),
-    
-    ServerMsg = ClientMsg = {ok, {Version, {dhe_rsa, aes_128_cbc, sha}}},
-			   
-    ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg),
-    
-    ssl_test_lib:close(Server),
-    ssl_test_lib:close(Client).
-
-%%--------------------------------------------------------------------
-
 secret_connection_info() ->
     [{doc,"Test the API function ssl:connection_information/2"}].
 secret_connection_info(Config) when is_list(Config) -> 
@@ -3475,16 +3448,50 @@ tls_tcp_reuseaddr(Config) when is_list(Config) ->
 honor_server_cipher_order() ->
     [{doc,"Test API honor server cipher order."}].
 honor_server_cipher_order(Config) when is_list(Config) ->
-    ClientCiphers = [{dhe_rsa, aes_128_cbc, sha}, {dhe_rsa, aes_256_cbc, sha}],
-    ServerCiphers = [{dhe_rsa, aes_256_cbc, sha}, {dhe_rsa, aes_128_cbc, sha}],
-honor_cipher_order(Config, true, ServerCiphers, ClientCiphers, {dhe_rsa, aes_256_cbc, sha}).
+     ClientCiphers = [#{key_exchange => dhe_rsa, 
+                       cipher => aes_128_cbc, 
+                       mac => sha,
+                       prf => default_prf}, 
+                     #{key_exchange => dhe_rsa, 
+                       cipher => aes_256_cbc, 
+                       mac => sha,
+                       prf => default_prf}],
+    ServerCiphers = [#{key_exchange => dhe_rsa, 
+                       cipher => aes_256_cbc,   
+                       mac =>sha,
+                       prf => default_prf},
+                     #{key_exchange => dhe_rsa, 
+                       cipher => aes_128_cbc, 
+                       mac => sha,
+                       prf => default_prf}],
+    honor_cipher_order(Config, true, ServerCiphers, ClientCiphers, #{key_exchange => dhe_rsa, 
+                                                                     cipher => aes_256_cbc, 
+                                                                     mac => sha,
+                                                                     prf => default_prf}).
 
 honor_client_cipher_order() ->
     [{doc,"Test API honor server cipher order."}].
 honor_client_cipher_order(Config) when is_list(Config) ->
-    ClientCiphers = [{dhe_rsa, aes_128_cbc, sha}, {dhe_rsa, aes_256_cbc, sha}],
-    ServerCiphers = [{dhe_rsa, aes_256_cbc, sha}, {dhe_rsa, aes_128_cbc, sha}],
-honor_cipher_order(Config, false, ServerCiphers, ClientCiphers, {dhe_rsa, aes_128_cbc, sha}).
+    ClientCiphers = [#{key_exchange => dhe_rsa, 
+                       cipher => aes_128_cbc, 
+                       mac => sha,
+                       prf => default_prf}, 
+                     #{key_exchange => dhe_rsa, 
+                       cipher => aes_256_cbc, 
+                       mac => sha,
+                       prf => default_prf}],
+    ServerCiphers = [#{key_exchange => dhe_rsa, 
+                       cipher => aes_256_cbc,   
+                       mac =>sha,
+                       prf => default_prf},
+                     #{key_exchange => dhe_rsa, 
+                       cipher => aes_128_cbc, 
+                       mac => sha,
+                       prf => default_prf}],
+honor_cipher_order(Config, false, ServerCiphers, ClientCiphers, #{key_exchange => dhe_rsa, 
+                                                                  cipher => aes_128_cbc, 
+                                                                  mac => sha,
+                                                                  prf => default_prf}).
 
 honor_cipher_order(Config, Honor, ServerCiphers, ClientCiphers, Expected) ->
     ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
@@ -4221,7 +4228,7 @@ unordered_protocol_versions_server(Config) when is_list(Config) ->
 					{from, self()}, 
 					{mfa, {?MODULE, connection_info_result, []}},
 					{options, ClientOpts}]),
-    CipherSuite = first_rsa_suite(ssl:cipher_suites()),
+    CipherSuite = first_rsa_suite(ssl:cipher_suites(default, 'tlsv1.2')),
     ServerMsg = ClientMsg = {ok, {'tlsv1.2', CipherSuite}},    
     ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg).
 
@@ -4247,7 +4254,7 @@ unordered_protocol_versions_client(Config) when is_list(Config) ->
 					{mfa, {?MODULE, connection_info_result, []}},
 					{options,  [{versions, ['tlsv1.1', 'tlsv1.2']} | ClientOpts]}]),
  
-    CipherSuite = first_rsa_suite(ssl:cipher_suites()),
+    CipherSuite = first_rsa_suite(ssl:cipher_suites(default, 'tlsv1.2')),
     ServerMsg = ClientMsg = {ok, {'tlsv1.2', CipherSuite}},    
     ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg).
   
@@ -4964,6 +4971,7 @@ run_suites(Ciphers, Config, Type) ->
                  [{ciphers, Ciphers} |
                   ssl_test_lib:ssl_options(server_ecdsa_opts, Config)]} 
 	end,
+    ct:pal("ssl_test_lib:filter_suites(~p ~p) -> ~p ", [Ciphers, Version, ssl_test_lib:filter_suites(Ciphers, Version)]),
     Result =  lists:map(fun(Cipher) ->
 				cipher(Cipher, Version, Config, ClientOpts, ServerOpts) end,
 			ssl_test_lib:filter_suites(Ciphers, Version)),
@@ -4976,7 +4984,7 @@ run_suites(Ciphers, Config, Type) ->
     end.
 
 erlang_cipher_suite(Suite) when is_list(Suite)->
-    ssl_cipher:erl_suite_definition(ssl_cipher:openssl_suite(Suite));
+    ssl_cipher:suite_definition(ssl_cipher:openssl_suite(Suite));
 erlang_cipher_suite(Suite) ->
     Suite.
 
@@ -5028,8 +5036,9 @@ connection_information_result(Socket) ->
     end.
 
 connection_info_result(Socket) ->
-    {ok, Info} = ssl:connection_information(Socket, [protocol, cipher_suite]),
-    {ok, {proplists:get_value(protocol, Info), proplists:get_value(cipher_suite, Info)}}.
+    {ok, Info} = ssl:connection_information(Socket, [protocol, selected_cipher_suite]),
+    {ok, {proplists:get_value(protocol, Info), proplists:get_value(selected_cipher_suite, Info)}}.
+
 version_info_result(Socket) ->
     {ok, [{version, Version}]} = ssl:connection_information(Socket, [version]),
     {ok, Version}.
@@ -5158,17 +5167,10 @@ try_recv_active_once(Socket) ->
     {error, einval} = ssl:recv(Socket, 11),
     ok.
 
-first_rsa_suite([{ecdhe_rsa, _, _} = Suite | _]) ->
-    Suite;
-first_rsa_suite([{dhe_rsa, _, _} = Suite| _]) ->
-    Suite;
-first_rsa_suite([{rsa, _, _} = Suite| _]) ->
-    Suite;
-first_rsa_suite([{ecdhe_rsa, _, _, _} = Suite | _]) ->
-    Suite;
-first_rsa_suite([{dhe_rsa, _, _, _} = Suite| _]) ->
-    Suite;
-first_rsa_suite([{rsa, _, _, _} = Suite| _]) ->
+first_rsa_suite([#{key_exchange := UseRSACert} = Suite | Rest]) when 
+      UseRSACert == rsa;
+      UseRSACert == dhe_rsa;
+      UseRSACert == ecdhe_rsa ->
     Suite;
 first_rsa_suite([_ | Rest]) ->
     first_rsa_suite(Rest).