ssl: Avoid hardcoding of cipher suites and fix ECDH suite handling

ECDH suite handling did not use the EC parameters form the certs
as expected.

1 files changed, 23 insertions, 6 deletions

diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index a45249b75e..4022f49077 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1434,16 +1434,33 @@ sufficient_crypto_support(_) ->
 check_key_exchange_send_active(Socket, false) ->
     send_recv_result_active(Socket);
 check_key_exchange_send_active(Socket, KeyEx) ->
-    {ok, [{cipher_suite, Suite}]} = ssl:connection_information(Socket, [cipher_suite]),
-    true = check_key_exchange(Suite, KeyEx), 
+    {ok, Info} =
+        ssl:connection_information(Socket, [cipher_suite, protocol]),
+    Suite = proplists:get_value(cipher_suite, Info),
+    Version = proplists:get_value(protocol, Info),
+    true = check_key_exchange(Suite, KeyEx, Version), 
     send_recv_result_active(Socket).
 
-check_key_exchange({KeyEx,_, _}, KeyEx) ->
+check_key_exchange({KeyEx,_, _}, KeyEx, _) ->
     true;
-check_key_exchange({KeyEx,_,_,_}, KeyEx) ->
+check_key_exchange({KeyEx,_,_,_}, KeyEx, _) ->
     true;
-check_key_exchange(KeyEx1, KeyEx2) ->
-    ct:pal("Negotiated ~p  Expected ~p", [KeyEx1, KeyEx2]),
+check_key_exchange(KeyEx1, KeyEx2, Version) ->
+    case Version of
+        'tlsv1.2' ->
+            v_1_2_check(element(1, KeyEx1), KeyEx2);
+        'dtlsv1.2' ->
+            v_1_2_check(element(1, KeyEx1), KeyEx2);
+        _ ->       
+            ct:pal("Negotiated ~p  Expected ~p", [KeyEx1, KeyEx2]),
+            false
+    end.
+
+v_1_2_check(ecdh_ecdsa, ecdh_rsa) ->
+    true;
+v_1_2_check(ecdh_rsa, ecdh_ecdsa) ->
+    true;
+v_1_2_check(_, _) ->
     false.
 
 send_recv_result_active(Socket) ->