Merge branch 'maint'

7 files changed, 128 insertions, 69 deletions

diff --git a/lib/ssl/test/ssl_ECC_SUITE.erl b/lib/ssl/test/ssl_ECC_SUITE.erl
index 0fbb0bb79a..c48ccfb83b 100644
--- a/lib/ssl/test/ssl_ECC_SUITE.erl
+++ b/lib/ssl/test/ssl_ECC_SUITE.erl
@@ -36,7 +36,9 @@ all() ->
     [
      {group, 'tlsv1.2'},
      {group, 'tlsv1.1'},
-     {group, 'tlsv1'}
+     {group, 'tlsv1'},
+     {group, 'dtlsv1.2'},
+     {group, 'dtlsv1'}
     ].
 
 groups() ->
@@ -44,6 +46,8 @@ groups() ->
      {'tlsv1.2', [], all_versions_groups()},
      {'tlsv1.1', [], all_versions_groups()},
      {'tlsv1', [], all_versions_groups()},
+     {'dtlsv1.2', [], all_versions_groups()},
+     {'dtlsv1', [], all_versions_groups()},
      {'erlang_server', [], openssl_key_cert_combinations()},
      %%{'erlang_client', [], openssl_key_cert_combinations()},
      {'erlang', [], key_cert_combinations() ++ misc() 
@@ -197,7 +201,7 @@ common_init_per_group(GroupName, Config) ->
     end.
 
 end_per_group(_GroupName, Config) ->
-    Config.
+   proplists:delete(tls_version, Config).
 
 %%--------------------------------------------------------------------
 
diff --git a/lib/ssl/test/ssl_alpn_handshake_SUITE.erl b/lib/ssl/test/ssl_alpn_handshake_SUITE.erl
index 158b3524ac..bd9011f3b6 100644
--- a/lib/ssl/test/ssl_alpn_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_alpn_handshake_SUITE.erl
@@ -35,14 +35,19 @@ all() ->
     [{group, 'tlsv1.2'},
      {group, 'tlsv1.1'},
      {group, 'tlsv1'},
-     {group, 'sslv3'}].
+     {group, 'sslv3'},
+     {group, 'dtlsv1.2'},
+     {group, 'dtlsv1'}
+    ].
 
 groups() ->
     [
      {'tlsv1.2', [], alpn_tests()},
      {'tlsv1.1', [], alpn_tests()},
      {'tlsv1', [], alpn_tests()},
-     {'sslv3', [], alpn_not_supported()}
+     {'sslv3', [], alpn_not_supported()},
+     {'dtlsv1.2', [], alpn_tests() -- [client_renegotiate]},
+     {'dtlsv1', [], alpn_tests() -- [client_renegotiate]}
     ].
 
 alpn_tests() ->
@@ -67,13 +72,12 @@ alpn_not_supported() ->
      alpn_not_supported_server
     ].
 
-init_per_suite(Config) ->
+init_per_suite(Config0) ->
     catch crypto:stop(),
     try crypto:start() of
 	ok ->
 	    ssl_test_lib:clean_start(),
-	    {ok, _} = make_certs:all(proplists:get_value(data_dir, Config),
-				     proplists:get_value(priv_dir, Config)),
+	    Config = ssl_test_lib:make_rsa_cert(Config0),
 	    ssl_test_lib:cert_options(Config)
     catch _:_ ->
 	    {skip, "Crypto did not start"}
@@ -90,8 +94,7 @@ init_per_group(GroupName, Config) ->
 	true ->
 	    case ssl_test_lib:sufficient_crypto_support(GroupName) of
 		true ->
-		    ssl_test_lib:init_tls_version(GroupName, Config),
-		    Config;
+		    ssl_test_lib:init_tls_version(GroupName, Config);
 		false ->
 		    {skip, "Missing crypto support"}
 	    end;
@@ -116,26 +119,29 @@ end_per_testcase(_TestCase, Config) ->
 %%--------------------------------------------------------------------
 
 empty_protocols_are_not_allowed(Config) when is_list(Config) ->
+    ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config),
     {error, {options, {alpn_preferred_protocols, {invalid_protocol, <<>>}}}}
 	= (catch ssl:listen(9443,
-			    [{alpn_preferred_protocols, [<<"foo/1">>, <<"">>]}])),
+			    [{alpn_preferred_protocols, [<<"foo/1">>, <<"">>]}| ServerOpts])),
     {error, {options, {alpn_advertised_protocols, {invalid_protocol, <<>>}}}}
 	= (catch ssl:connect({127,0,0,1}, 9443,
-			     [{alpn_advertised_protocols, [<<"foo/1">>, <<"">>]}])).
+			     [{alpn_advertised_protocols, [<<"foo/1">>, <<"">>]} | ServerOpts])).
 
 %--------------------------------------------------------------------------------
 
 protocols_must_be_a_binary_list(Config) when is_list(Config) ->
+    ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config),
     Option1 = {alpn_preferred_protocols, hello},
-    {error, {options, Option1}} = (catch ssl:listen(9443, [Option1])),
+    {error, {options, Option1}} = (catch ssl:listen(9443, [Option1 | ServerOpts])),
     Option2 = {alpn_preferred_protocols, [<<"foo/1">>, hello]},
     {error, {options, {alpn_preferred_protocols, {invalid_protocol, hello}}}}
-        = (catch ssl:listen(9443, [Option2])),
+        = (catch ssl:listen(9443, [Option2 | ServerOpts])),
+    ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config),
     Option3 = {alpn_advertised_protocols, hello},
-    {error, {options, Option3}} = (catch ssl:connect({127,0,0,1}, 9443, [Option3])),
+    {error, {options, Option3}} = (catch ssl:connect({127,0,0,1}, 9443, [Option3 | ClientOpts])),
     Option4 = {alpn_advertised_protocols, [<<"foo/1">>, hello]},
     {error, {options, {alpn_advertised_protocols, {invalid_protocol, hello}}}}
-        = (catch ssl:connect({127,0,0,1}, 9443, [Option4])).
+        = (catch ssl:connect({127,0,0,1}, 9443, [Option4 | ClientOpts])).
 
 %--------------------------------------------------------------------------------
 
@@ -226,9 +232,9 @@ client_alpn_and_server_alpn_npn(Config) when is_list(Config) ->
 client_renegotiate(Config) when is_list(Config) ->
     Data = "hello world",
     
-    ClientOpts0 = proplists:get_value(client_opts, Config),
+    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_opts, Config),
     ClientOpts = [{alpn_advertised_protocols, [<<"http/1.0">>]}] ++ ClientOpts0,
-    ServerOpts0 = proplists:get_value(server_opts, Config),
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config),
     ServerOpts = [{alpn_preferred_protocols, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}] ++  ServerOpts0,
     ExpectedProtocol = {ok, <<"http/1.0">>},
 
@@ -250,9 +256,9 @@ client_renegotiate(Config) when is_list(Config) ->
 %--------------------------------------------------------------------------------
 
 session_reused(Config) when  is_list(Config)->
-    ClientOpts0 = proplists:get_value(client_opts, Config),
+    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_opts, Config),
     ClientOpts = [{alpn_advertised_protocols, [<<"http/1.0">>]}] ++ ClientOpts0,
-    ServerOpts0 = proplists:get_value(server_opts, Config),
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config),
     ServerOpts = [{alpn_preferred_protocols, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]}] ++  ServerOpts0,
 
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -299,7 +305,7 @@ session_reused(Config) when  is_list(Config)->
 %--------------------------------------------------------------------------------
 
 alpn_not_supported_client(Config) when is_list(Config) ->
-    ClientOpts0 = proplists:get_value(client_opts, Config),
+    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_opts, Config),
     PrefProtocols = {client_preferred_next_protocols,
 		     {client, [<<"http/1.0">>], <<"http/1.1">>}},
     ClientOpts = [PrefProtocols] ++ ClientOpts0,
@@ -315,7 +321,7 @@ alpn_not_supported_client(Config) when is_list(Config) ->
 %--------------------------------------------------------------------------------
 
 alpn_not_supported_server(Config) when is_list(Config)->
-    ServerOpts0 = proplists:get_value(server_opts, Config),
+    ServerOpts0 =  ssl_test_lib:ssl_options(server_rsa_opts, Config),
     AdvProtocols = {next_protocols_advertised, [<<"spdy/2">>, <<"http/1.1">>, <<"http/1.0">>]},
     ServerOpts = [AdvProtocols] ++  ServerOpts0,
   
@@ -326,8 +332,8 @@ alpn_not_supported_server(Config) when is_list(Config)->
 %%--------------------------------------------------------------------
 
 run_failing_handshake(Config, ClientExtraOpts, ServerExtraOpts, ExpectedResult) ->
-    ClientOpts = ClientExtraOpts ++ proplists:get_value(client_opts, Config),
-    ServerOpts = ServerExtraOpts ++ proplists:get_value(server_opts, Config),
+    ClientOpts = ClientExtraOpts ++ ssl_test_lib:ssl_options(client_rsa_opts, Config),
+    ServerOpts = ServerExtraOpts ++ ssl_test_lib:ssl_options(server_rsa_opts, Config),
 
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -346,9 +352,9 @@ run_failing_handshake(Config, ClientExtraOpts, ServerExtraOpts, ExpectedResult)
 run_handshake(Config, ClientExtraOpts, ServerExtraOpts, ExpectedProtocol) ->
     Data = "hello world",
 
-    ClientOpts0 = proplists:get_value(client_opts, Config),
+    ClientOpts0 = ssl_test_lib:ssl_options(client_rsa_opts, Config),
     ClientOpts = ClientExtraOpts ++ ClientOpts0,
-    ServerOpts0 = proplists:get_value(server_opts, Config),
+    ServerOpts0 = ssl_test_lib:ssl_options(server_rsa_opts, Config),
     ServerOpts = ServerExtraOpts ++  ServerOpts0,
 
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index aeb4897d7e..8e1a6a8892 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -53,8 +53,7 @@ all() ->
      {group, options_tls},
      {group, session},
      {group, 'dtlsv1.2'},
-     %%     {group, 'dtlsv1'}, Breaks dtls in cert_verify_SUITE enable later when 
-     %% problem is identified and fixed
+     {group, 'dtlsv1'}, 
      {group, 'tlsv1.2'},
      {group, 'tlsv1.1'},
      {group, 'tlsv1'},
@@ -277,6 +276,13 @@ end_per_suite(_Config) ->
     application:stop(crypto).
 
 %%--------------------------------------------------------------------
+init_per_group(GroupName, Config) when GroupName == basic;
+                                       GroupName == basic_tls;
+                                       GroupName == options;
+                                       GroupName == options_tls;
+                                       GroupName == session ->
+    ssl_test_lib:init_tls_version_default(Config);
+
 init_per_group(GroupName, Config) ->
     case ssl_test_lib:is_tls_version(GroupName) andalso ssl_test_lib:sufficient_crypto_support(GroupName) of
 	true ->
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index 7281425461..5e40200158 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -53,28 +53,34 @@ all() ->
      {group, 'tlsv1.2'},
      {group, 'tlsv1.1'},
      {group, 'tlsv1'},
-     {group, 'sslv3'}
+     {group, 'sslv3'},
+     {group, 'dtlsv1.2'},
+     {group, 'dtlsv1'}
     ].
 
 groups() ->
-    [{'tlsv1.2', [], packet_tests()},
-     {'tlsv1.1', [], packet_tests()},
-     {'tlsv1', [], packet_tests()},
-     {'sslv3', [], packet_tests()}
+    [{'tlsv1.2', [], socket_packet_tests() ++ protocol_packet_tests()},
+     {'tlsv1.1', [], socket_packet_tests() ++ protocol_packet_tests()},
+     {'tlsv1', [], socket_packet_tests() ++ protocol_packet_tests()},
+     {'sslv3', [], socket_packet_tests() ++ protocol_packet_tests()},
+     {'dtlsv1.2', [], protocol_packet_tests()},
+     {'dtlsv1', [],  protocol_packet_tests()}
     ].
 
-packet_tests() ->
-    active_packet_tests() ++ active_once_packet_tests() ++ passive_packet_tests() ++
-	[packet_send_to_large,
-	 packet_cdr_decode, packet_cdr_decode_list,
+socket_packet_tests() ->
+    socket_active_packet_tests() ++ socket_active_once_packet_tests() ++ 
+        socket_passive_packet_tests() ++ [packet_send_to_large, packet_tpkt_decode, packet_tpkt_decode_list].
+
+protocol_packet_tests() ->
+    protocol_active_packet_tests() ++ protocol_active_once_packet_tests() ++ protocol_passive_packet_tests() ++
+	[packet_cdr_decode, packet_cdr_decode_list,
 	 packet_http_decode, packet_http_decode_list,
 	 packet_http_bin_decode_multi,
 	 packet_line_decode, packet_line_decode_list,
 	 packet_asn1_decode, packet_asn1_decode_list,
-	 packet_tpkt_decode, packet_tpkt_decode_list,
 	 packet_sunrm_decode, packet_sunrm_decode_list].
 
-passive_packet_tests() ->
+socket_passive_packet_tests() ->
     [packet_raw_passive_many_small,
      packet_0_passive_many_small,
      packet_1_passive_many_small,
@@ -85,12 +91,8 @@ passive_packet_tests() ->
      packet_1_passive_some_big,
      packet_2_passive_some_big,
      packet_4_passive_some_big,
-     packet_httph_passive,
-     packet_httph_bin_passive,
-     packet_http_error_passive,
      packet_wait_passive,
      packet_size_passive,
-     packet_baddata_passive,
      %% inet header option should be deprecated!
      header_decode_one_byte_passive,
      header_decode_two_bytes_passive,
@@ -98,7 +100,14 @@ passive_packet_tests() ->
      header_decode_two_bytes_one_sent_passive
     ].
 
-active_once_packet_tests() ->
+protocol_passive_packet_tests() ->
+    [packet_httph_passive,
+     packet_httph_bin_passive,
+     packet_http_error_passive,
+     packet_baddata_passive
+    ].
+
+socket_active_once_packet_tests() ->
     [packet_raw_active_once_many_small,
      packet_0_active_once_many_small,
      packet_1_active_once_many_small,
@@ -108,12 +117,16 @@ active_once_packet_tests() ->
      packet_0_active_once_some_big,
      packet_1_active_once_some_big,
      packet_2_active_once_some_big,
-     packet_4_active_once_some_big,
+     packet_4_active_once_some_big
+    ].
+
+protocol_active_once_packet_tests() ->
+    [
      packet_httph_active_once,
      packet_httph_bin_active_once
     ].
 
-active_packet_tests() ->
+socket_active_packet_tests() ->
     [packet_raw_active_many_small,
      packet_0_active_many_small,
      packet_1_active_many_small,
@@ -124,10 +137,7 @@ active_packet_tests() ->
      packet_1_active_some_big,
      packet_2_active_some_big,
      packet_4_active_some_big,
-     packet_httph_active,
-     packet_httph_bin_active,
      packet_wait_active,
-     packet_baddata_active,
      packet_size_active,
      %% inet header option should be deprecated!
      header_decode_one_byte_active,
@@ -136,6 +146,13 @@ active_packet_tests() ->
      header_decode_two_bytes_one_sent_active
     ].
 
+
+protocol_active_packet_tests() ->
+    [packet_httph_active,
+     packet_httph_bin_active,
+     packet_baddata_active
+    ].
+
 init_per_suite(Config) ->
     catch crypto:stop(),
     try crypto:start() of
diff --git a/lib/ssl/test/ssl_sni_SUITE.erl b/lib/ssl/test/ssl_sni_SUITE.erl
index 4a8027edda..03676cb828 100644
--- a/lib/ssl/test/ssl_sni_SUITE.erl
+++ b/lib/ssl/test/ssl_sni_SUITE.erl
@@ -30,12 +30,32 @@
 %% Common Test interface functions -----------------------------------
 %%--------------------------------------------------------------------
 
-all() -> [no_sni_header, 
-	  sni_match, 
-	  sni_no_match,
-	  no_sni_header_fun, 
-	  sni_match_fun, 
-	  sni_no_match_fun].
+all() ->
+    [{group, 'tlsv1.2'},
+     {group, 'tlsv1.1'},
+     {group, 'tlsv1'},
+     {group, 'sslv3'},
+     {group, 'dtlsv1.2'},
+     {group, 'dtlsv1'}
+    ].
+
+groups() ->
+    [
+     {'tlsv1.2', [], sni_tests()},
+     {'tlsv1.1', [], sni_tests()},
+     {'tlsv1', [], sni_tests()},
+     {'sslv3', [], sni_tests()},
+     {'dtlsv1.2', [], sni_tests()},
+     {'dtlsv1', [], sni_tests()}
+    ].
+
+sni_tests() ->
+    [no_sni_header, 
+     sni_match, 
+     sni_no_match,
+     no_sni_header_fun, 
+     sni_match_fun, 
+     sni_no_match_fun].
 
 init_per_suite(Config0) ->
     catch crypto:stop(),
@@ -154,9 +174,9 @@ run_sni_fun_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) ->
     ClientOptions = 
     case SNIHostname of
         undefined ->
-            proplists:get_value(client_rsa_opts, Config);
+            ssl_test_lib:ssl_options(client_rsa_opts, Config);
         _ ->
-            [{server_name_indication, SNIHostname}] ++ proplists:get_value(client_rsa_opts, Config)
+            [{server_name_indication, SNIHostname}] ++ ssl_test_lib:ssl_options(client_rsa_opts, Config)
     end,
     ct:log("Options: ~p", [[ServerOptions, ClientOptions]]),
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -176,13 +196,13 @@ run_handshake(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) ->
     ct:log("Start running handshake, Config: ~p, SNIHostname: ~p, "
 	   "ExpectedSNIHostname: ~p, ExpectedCN: ~p", 
 	   [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]),
-    ServerOptions = proplists:get_value(sni_server_opts, Config) ++  ssl_test_lib:ssl_options(server_rsa_opts, Config),
+    ServerOptions = proplists:get_value(sni_server_opts, Config) ++ ssl_test_lib:ssl_options(server_rsa_opts, Config),
     ClientOptions = 
         case SNIHostname of
             undefined ->
-                proplists:get_value(client_rsa_opts, Config);
+                ssl_test_lib:ssl_options(client_rsa_opts, Config);
             _ ->
-                [{server_name_indication, SNIHostname}] ++ proplists:get_value(client_rsa_opts, Config)
+                [{server_name_indication, SNIHostname}] ++ ssl_test_lib:ssl_options(client_rsa_opts, Config)
         end,
     ct:log("Options: ~p", [[ServerOptions, ClientOptions]]),
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index a02d6e7b32..565beebcea 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1115,6 +1115,10 @@ init_tls_version(Version, Config) ->
     NewConfig = proplists:delete(protocol_opts, proplists:delete(protocol, Config)),
     [{protocol, tls} | NewConfig].
 
+init_tls_version_default(Config) ->
+    %% Remove non default options that may be left from other test groups 
+    proplists:delete(protocol_opts, proplists:delete(protocol, Config)).
+    
 sufficient_crypto_support(Version)
   when Version == 'tlsv1.2'; Version == 'dtlsv1.2' ->
     CryptoSupport = crypto:supports(),
@@ -1224,7 +1228,7 @@ is_fips(_) ->
     false.
 
 cipher_restriction(Config0) ->
-    Version = tls_record:protocol_version(protocol_version(Config0)),
+    Version = protocol_version(Config0, tuple),
     case is_sane_ecc(openssl) of
 	false ->
 	    Opts = proplists:get_value(server_opts, Config0),
@@ -1455,6 +1459,7 @@ ct_log_supported_protocol_versions(Config) ->
 
 clean_env() ->
     application:unset_env(ssl, protocol_version),
+    application:unset_env(ssl, dtls_protocol_version),
     application:unset_env(ssl, session_lifetime),
     application:unset_env(ssl, session_cb),
     application:unset_env(ssl, session_cb_init_args),
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index c9a1b8c735..43a4a0b6d1 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -85,19 +85,19 @@ all_versions_tests() ->
     ].
 dtls_all_versions_tests() ->
     [
-     %%erlang_client_openssl_server,
+     erlang_client_openssl_server,
      erlang_server_openssl_client,
-     %%erlang_client_openssl_server_dsa_cert,
+     erlang_client_openssl_server_dsa_cert,
      erlang_server_openssl_client_dsa_cert,
-     erlang_server_openssl_client_reuse_session
+     erlang_server_openssl_client_reuse_session,
      %%erlang_client_openssl_server_renegotiate,
      %%erlang_client_openssl_server_nowrap_seqnum,
      %%erlang_server_openssl_client_nowrap_seqnum,
-     %%erlang_client_openssl_server_no_server_ca_cert,
-     %%erlang_client_openssl_server_client_cert,
-     %%erlang_server_openssl_client_client_cert
-     %%ciphers_rsa_signed_certs,
-     %%ciphers_dsa_signed_certs,
+     erlang_client_openssl_server_no_server_ca_cert,
+     erlang_client_openssl_server_client_cert,
+     erlang_server_openssl_client_client_cert,
+     ciphers_rsa_signed_certs,
+     ciphers_dsa_signed_certs
      %%erlang_client_bad_openssl_server,
      %%expired_session
     ].
@@ -875,7 +875,8 @@ ciphers_dsa_signed_certs() ->
     [{doc,"Test cipher suites that uses dsa certs"}].
 ciphers_dsa_signed_certs(Config) when is_list(Config) ->
     Version = ssl_test_lib:protocol_version(Config),
-    Ciphers = ssl_test_lib:dsa_suites(tls_record:protocol_version(Version)),
+    NVersion = ssl_test_lib:protocol_version(Config, tuple),
+    Ciphers = ssl_test_lib:dsa_suites(NVersion),
     run_suites(Ciphers, Version, Config, dsa).
 
 %%--------------------------------------------------------------------