ssl: Changed default behaviour of next protocol negotiation to make

more "sense" (be true to the specification).

3 files changed, 49 insertions, 34 deletions

diff --git a/lib/ssl/test/ssl_npn_handshake_SUITE.erl b/lib/ssl/test/ssl_npn_handshake_SUITE.erl
index f2327756c3..8bef2d8d22 100644
--- a/lib/ssl/test/ssl_npn_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_npn_handshake_SUITE.erl
@@ -28,16 +28,16 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 init_per_suite(Config) ->
     try crypto:start() of
-    ok ->
-        application:start(public_key),
-        ssl:start(),
-        Result =
-        (catch make_certs:all(?config(data_dir, Config),
-                      ?config(priv_dir, Config))),
-        test_server:format("Make certs  ~p~n", [Result]),
-        ssl_test_lib:cert_options(Config)
+	ok ->
+	    application:start(public_key),
+	    ssl:start(),
+	    Result =
+		(catch make_certs:all(?config(data_dir, Config),
+				      ?config(priv_dir, Config))),
+	    test_server:format("Make certs  ~p~n", [Result]),
+	    ssl_test_lib:cert_options(Config)
     catch _:_ ->
-        {skip, "Crypto did not start"}
+	    {skip, "Crypto did not start"}
     end.
 
 end_per_suite(_Config) ->
@@ -62,9 +62,14 @@ connection_info_result(Socket) ->
     ssl:connection_info(Socket).
 
 validate_empty_protocols_are_not_allowed_test(_Config) ->
-    {error, {eoptions, {next_protocols_advertised, <<>>}}} = (catch ssl:listen(9443, [{next_protocols_advertised, [<<"foo/1">>, <<"">>]}])),
-    {error, {eoptions, {client_preferred_next_protocols, <<>>}}} = (catch ssl:connect({127,0,0,1}, 9443, [{client_preferred_next_protocols, {<<"foox/1">>, client, [<<"foo/1">>, <<"">>]}}], infinity)),
-    Option = {client_preferred_next_protocols, {<<"">>, client, [<<"foo/1">>, <<"blah/1">>]}},
+    {error, {eoptions, {next_protocols_advertised, {invalid_protocol, <<>>}}}}
+	= (catch ssl:listen(9443,
+			    [{next_protocols_advertised, [<<"foo/1">>, <<"">>]}])),
+    {error, {eoptions, {client_preferred_next_protocols, {invalid_protocol, <<>>}}}}
+	= (catch ssl:connect({127,0,0,1}, 9443,
+			     [{client_preferred_next_protocols,
+			       {client, [<<"foo/1">>, <<"">>], <<"foox/1">>}}], infinity)),
+    Option = {client_preferred_next_protocols, {invalid_protocol, <<"">>}},
     {error, {eoptions, Option}} = (catch ssl:connect({127,0,0,1}, 9443, [Option], infinity)).
 
 validate_empty_advertisement_list_is_allowed_test(_Config) ->
@@ -90,32 +95,34 @@ perform_client_does_not_try_to_negotiate_but_server_supports_npn_test(Config) ->
 
 perform_client_tries_to_negotiate_but_server_does_not_support_test(Config) ->
     run_npn_handshake_test(Config,
-        [{client_preferred_next_protocols, {<<"http/1.1">>, client, [<<"spdy/2">>]}}],
+        [{client_preferred_next_protocols, {client, [<<"spdy/2">>], <<"http/1.1">>}}],
         [],
         {error, next_protocol_not_negotiated}).
 
 perform_fallback_npn_handshake_test(Config) ->
     run_npn_handshake_test(Config,
-        [{client_preferred_next_protocols, {<<"http/1.1">>, client, [<<"spdy/2">>]}}],
+        [{client_preferred_next_protocols, {client, [<<"spdy/2">>], <<"http/1.1">>}}],
         [{next_protocols_advertised, [<<"spdy/1">>, <<"http/1.1">>, <<"http/1.0">>]}],
         {ok, <<"http/1.1">>}).
 
 perform_fallback_npn_handshake_server_preference_test(Config) ->
     run_npn_handshake_test(Config,
-        [{client_preferred_next_protocols, {<<"http/1.1">>, server, [<<"spdy/2">>]}}],
+        [{client_preferred_next_protocols, {server, [<<"spdy/2">>], <<"http/1.1">>}}],
         [{next_protocols_advertised, [<<"spdy/1">>, <<"http/1.1">>, <<"http/1.0">>]}],
         {ok, <<"http/1.1">>}).
 
 
 perform_normal_npn_handshake_client_preference_test(Config) ->
     run_npn_handshake_test(Config,
-        [{client_preferred_next_protocols, {<<"http/1.1">>, client, [<<"http/1.0">>, <<"http/1.1">>]}}],
+        [{client_preferred_next_protocols,
+	  {client, [<<"http/1.0">>, <<"http/1.1">>], <<"http/1.1">>}}],
         [{next_protocols_advertised, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}],
         {ok, <<"http/1.0">>}).
 
 perform_normal_npn_handshake_server_preference_test(Config) ->
     run_npn_handshake_test(Config,
-        [{client_preferred_next_protocols, {<<"http/1.1">>, server, [<<"http/1.0">>, <<"http/1.1">>]}}],
+        [{client_preferred_next_protocols,
+	  {server, [<<"http/1.0">>, <<"http/1.1">>], <<"http/1.1">>}}],
         [{next_protocols_advertised, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}],
         {ok, <<"http/1.1">>}).
 
@@ -124,9 +131,11 @@ perform_renegotiate_from_client_after_npn_handshake(Config) ->
     Data = "hello world",
 
     ClientOpts0 = ?config(client_opts, Config),
-    ClientOpts = [{client_preferred_next_protocols, {<<"http/1.1">>, client, [<<"http/1.0">>]}}] ++ ClientOpts0,
+    ClientOpts = [{client_preferred_next_protocols,
+		   {client, [<<"http/1.0">>], <<"http/1.1">>}}] ++ ClientOpts0,
     ServerOpts0 = ?config(server_opts, Config),
-    ServerOpts = [{next_protocols_advertised, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}] ++  ServerOpts0,
+    ServerOpts = [{next_protocols_advertised,
+		   [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}] ++  ServerOpts0,
     ExpectedProtocol = {ok, <<"http/1.0">>},
 
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -170,7 +179,8 @@ run_npn_handshake_test(Config, ClientExtraOpts, ServerExtraOpts, ExpectedProtoco
     ssl_test_lib:check_result(Server, ok, Client, ok).
 
 assert_npn(Socket, Protocol) ->
-    test_server:format("Negotiated Protocol ~p, Expecting: ~p ~n", [ssl:negotiated_next_protocol(Socket), Protocol]),
+    test_server:format("Negotiated Protocol ~p, Expecting: ~p ~n",
+		       [ssl:negotiated_next_protocol(Socket), Protocol]),
     Protocol = ssl:negotiated_next_protocol(Socket).
 
 assert_npn_and_renegotiate_and_send_data(Socket, Protocol, Data) ->
diff --git a/lib/ssl/test/ssl_npn_hello_SUITE.erl b/lib/ssl/test/ssl_npn_hello_SUITE.erl
index f177778178..0bca8bbeb4 100644
--- a/lib/ssl/test/ssl_npn_hello_SUITE.erl
+++ b/lib/ssl/test/ssl_npn_hello_SUITE.erl
@@ -60,7 +60,7 @@ encode_and_decode_client_hello_test(_Config) ->
 encode_and_decode_npn_client_hello_test(_Config) ->
     HandShakeData = create_client_handshake(#next_protocol_negotiation{extension_data = <<>>}),
     Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
-    {[{DecodedHandshakeMessage, _Raw}], _} = ssl_handshake:get_tls_handshake(Version� list_to_binary(HandShakeData), <<>>),
+    {[{DecodedHandshakeMessage, _Raw}], _} = ssl_handshake:get_tls_handshake(Version, list_to_binary(HandShakeData), <<>>),
     NextProtocolNegotiation = DecodedHandshakeMessage#client_hello.next_protocol_negotiation,
     NextProtocolNegotiation = #next_protocol_negotiation{extension_data = <<>>}.
 
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index cc3c6439ac..30f8f60156 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -29,7 +29,7 @@
 -define(TIMEOUT, 120000).
 -define(LONG_TIMEOUT, 600000).
 -define(SLEEP, 1000).
--define(OPENSSL_RENEGOTIATE, "r\n").
+-define(OPENSSL_RENEGOTIATE, "R\n").
 -define(OPENSSL_QUIT, "Q\n").
 -define(OPENSSL_GARBAGE, "P\n").
 -define(EXPIRE, 10).
@@ -172,9 +172,9 @@ all() ->
 
 groups() ->
     [{basic, [], basic_tests()},
-     {'tlsv1.2', [], all_versions_tests()},
-     {'tlsv1.1', [], all_versions_tests()},
-     {'tlsv1', [], all_versions_tests()},
+     {'tlsv1.2', [], all_versions_tests() ++ npn_tests()},
+     {'tlsv1.1', [], all_versions_tests() ++ npn_tests()},
+     {'tlsv1', [], all_versions_tests()++ npn_tests()},
      {'sslv3', [], all_versions_tests()}].
 
 basic_tests() ->
@@ -199,8 +199,10 @@ all_versions_tests() ->
      ciphers_dsa_signed_certs,
      erlang_client_bad_openssl_server,
      expired_session,
-     ssl2_erlang_server_openssl_client,
-     erlang_client_openssl_server_npn_negotiation,
+     ssl2_erlang_server_openssl_client].
+
+npn_tests() ->
+    [erlang_client_openssl_server_npn_negotiation,
      erlang_server_openssl_client_npn_negotiation,
      erlang_server_openssl_client_npn_negotiation_and_renegotiate,
      erlang_client_openssl_server_npn_negotiation_and_renegotiate,
@@ -1164,7 +1166,7 @@ erlang_client_openssl_server_npn_negotiate_only_on_server(Config) when is_list(C
 
 erlang_client_openssl_server_npn_negotiate_only_on_client(Config) when is_list(Config) ->
     Data = "From openssl to erlang",
-    start_erlang_client_and_openssl_server_with_opts(Config, [{client_preferred_next_protocols, {<<"http/1.1">>, client, [<<"spdy/2">>]}}], "", Data, fun(Server, OpensslPort) ->
+    start_erlang_client_and_openssl_server_with_opts(Config, [{client_preferred_next_protocols, {client, [<<"spdy/2">>], <<"http/1.1">>}}], "", Data, fun(Server, OpensslPort) ->
         port_command(OpensslPort, Data),
         ssl_test_lib:check_result(Server, ok)
     end),
@@ -1202,9 +1204,11 @@ start_erlang_client_and_openssl_server_with_opts(Config, ErlangClientOpts, Opens
     Port = ssl_test_lib:inet_port(node()),
     CertFile = proplists:get_value(certfile, ServerOpts),
     KeyFile = proplists:get_value(keyfile, ServerOpts),
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
 
-    Cmd = "openssl s_server " ++ OpensslServerOpts ++ "  -accept " ++ integer_to_list(Port)  ++
-    " -cert " ++ CertFile  ++ " -key " ++ KeyFile,
+    Cmd = "openssl s_server " ++ OpensslServerOpts ++ "  -accept " ++ 
+	integer_to_list(Port) ++  version_flag(Version) ++
+	" -cert " ++ CertFile  ++ " -key " ++ KeyFile,
 
     test_server:format("openssl cmd: ~p~n", [Cmd]),
 
@@ -1231,7 +1235,7 @@ start_erlang_client_and_openssl_server_for_npn_negotiation(Config, Data, Callbac
     process_flag(trap_exit, true),
     ServerOpts = ?config(server_opts, Config),
     ClientOpts0 = ?config(client_opts, Config),
-    ClientOpts = [{client_preferred_next_protocols, {<<"http/1.1">>, client, [<<"spdy/2">>]}} | ClientOpts0],
+    ClientOpts = [{client_preferred_next_protocols, {client, [<<"spdy/2">>], <<"http/1.1">>}} | ClientOpts0],
 
     {ClientNode, _, Hostname} = ssl_test_lib:run_where(Config),
 
@@ -1240,8 +1244,9 @@ start_erlang_client_and_openssl_server_for_npn_negotiation(Config, Data, Callbac
     Port = ssl_test_lib:inet_port(node()),
     CertFile = proplists:get_value(certfile, ServerOpts),
     KeyFile = proplists:get_value(keyfile, ServerOpts),
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
 
-    Cmd = "openssl s_server -msg -nextprotoneg http/1.1,spdy/2  -accept " ++ integer_to_list(Port)  ++
+    Cmd = "openssl s_server -msg -nextprotoneg http/1.1,spdy/2  -accept " ++ integer_to_list(Port)  ++  version_flag(Version) ++
     " -cert " ++ CertFile  ++ " -key " ++ KeyFile,
 
     test_server:format("openssl cmd: ~p~n", [Cmd]),
@@ -1278,8 +1283,8 @@ start_erlang_server_and_openssl_client_for_npn_negotiation(Config, Data, Callbac
                     {mfa, {?MODULE, erlang_ssl_receive_and_assert_npn, [<<"spdy/2">>, Data]}},
                     {options, ServerOpts}]),
     Port = ssl_test_lib:inet_port(Server),
-
-    Cmd = "openssl s_client -nextprotoneg http/1.0,spdy/2 -msg -port " ++ integer_to_list(Port)  ++
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Cmd = "openssl s_client -nextprotoneg http/1.0,spdy/2 -msg -port " ++ integer_to_list(Port)  ++ version_flag(Version) ++
     " -host localhost",
 
     test_server:format("openssl cmd: ~p~n", [Cmd]),