1 files changed, 60 insertions, 50 deletions

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index cff842cb2f..7edc6554ca 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 1999-2013. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2014. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -608,39 +608,41 @@ handle_options(Opts0, _Role) ->
 	       end,
 
     SSLOptions = #ssl_options{
-      versions   = Versions,
-      verify     = validate_option(verify, Verify),
-      verify_fun = VerifyFun,
-      fail_if_no_peer_cert = FailIfNoPeerCert,
-      verify_client_once =  handle_option(verify_client_once, Opts, false),
-      depth      = handle_option(depth,  Opts, 1),
-      cert       = handle_option(cert, Opts, undefined),
-      certfile   = CertFile,
-      key        = handle_option(key, Opts, undefined),
-      keyfile    = handle_option(keyfile,  Opts, CertFile),
-      password   = handle_option(password, Opts, ""),
-      cacerts    = CaCerts,
-      cacertfile = handle_option(cacertfile, Opts, CaCertDefault),
-      dh         = handle_option(dh, Opts, undefined),
-      dhfile     = handle_option(dhfile, Opts, undefined),
-      user_lookup_fun = handle_option(user_lookup_fun, Opts, undefined),
-      psk_identity = handle_option(psk_identity, Opts, undefined),
-      srp_identity = handle_option(srp_identity, Opts, undefined),
-      ciphers    = handle_option(ciphers, Opts, []),
-      %% Server side option
-      reuse_session = handle_option(reuse_session, Opts, ReuseSessionFun),
-      reuse_sessions = handle_option(reuse_sessions, Opts, true),
-      secure_renegotiate = handle_option(secure_renegotiate, Opts, false),
-      renegotiate_at = handle_option(renegotiate_at, Opts, ?DEFAULT_RENEGOTIATE_AT),
-      hibernate_after = handle_option(hibernate_after, Opts, undefined),
-      erl_dist = handle_option(erl_dist, Opts, false),
-      next_protocols_advertised =
+		    versions   = Versions,
+		    verify     = validate_option(verify, Verify),
+		    verify_fun = VerifyFun,
+		    fail_if_no_peer_cert = FailIfNoPeerCert,
+		    verify_client_once =  handle_option(verify_client_once, Opts, false),
+		    depth      = handle_option(depth,  Opts, 1),
+		    cert       = handle_option(cert, Opts, undefined),
+		    certfile   = CertFile,
+		    key        = handle_option(key, Opts, undefined),
+		    keyfile    = handle_option(keyfile,  Opts, CertFile),
+		    password   = handle_option(password, Opts, ""),
+		    cacerts    = CaCerts,
+		    cacertfile = handle_option(cacertfile, Opts, CaCertDefault),
+		    dh         = handle_option(dh, Opts, undefined),
+		    dhfile     = handle_option(dhfile, Opts, undefined),
+		    user_lookup_fun = handle_option(user_lookup_fun, Opts, undefined),
+		    psk_identity = handle_option(psk_identity, Opts, undefined),
+		    srp_identity = handle_option(srp_identity, Opts, undefined),
+		    ciphers    = handle_option(ciphers, Opts, []),
+		    %% Server side option
+		    reuse_session = handle_option(reuse_session, Opts, ReuseSessionFun),
+		    reuse_sessions = handle_option(reuse_sessions, Opts, true),
+		    secure_renegotiate = handle_option(secure_renegotiate, Opts, false),
+		    renegotiate_at = handle_option(renegotiate_at, Opts, ?DEFAULT_RENEGOTIATE_AT),
+		    hibernate_after = handle_option(hibernate_after, Opts, undefined),
+		    erl_dist = handle_option(erl_dist, Opts, false),
+		    next_protocols_advertised =
 			handle_option(next_protocols_advertised, Opts, undefined),
-      next_protocol_selector =
+		    next_protocol_selector =
 			make_next_protocol_selector(
 			  handle_option(client_preferred_next_protocols, Opts, undefined)),
-      log_alert = handle_option(log_alert, Opts, true)
-     },
+		    log_alert = handle_option(log_alert, Opts, true),
+		    server_name_indication = handle_option(server_name_indication, Opts, undefined),
+		    honor_cipher_order = handle_option(honor_cipher_order, Opts, false)
+		   },
 
     CbInfo  = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}),
     SslOptions = [protocol, versions, verify, verify_fun,
@@ -651,7 +653,8 @@ handle_options(Opts0, _Role) ->
 		  reuse_session, reuse_sessions, ssl_imp,
 		  cb_info, renegotiate_at, secure_renegotiate, hibernate_after,
 		  erl_dist, next_protocols_advertised,
-		  client_preferred_next_protocols, log_alert],
+		  client_preferred_next_protocols, log_alert,
+		  server_name_indication, honor_cipher_order],
 
     SockOpts = lists:foldl(fun(Key, PropList) ->
 				   proplists:delete(Key, PropList)
@@ -694,11 +697,9 @@ validate_option(verify_fun, Fun) when is_function(Fun) ->
      end, Fun};
 validate_option(verify_fun, {Fun, _} = Value) when is_function(Fun) ->
    Value;
-validate_option(fail_if_no_peer_cert, Value)
-  when Value == true; Value == false ->
+validate_option(fail_if_no_peer_cert, Value) when is_boolean(Value) ->
     Value;
-validate_option(verify_client_once, Value)
-  when Value == true; Value == false ->
+validate_option(verify_client_once, Value) when is_boolean(Value) ->
     Value;
 validate_option(depth, Value) when is_integer(Value),
                                    Value >= 0, Value =< 255->
@@ -711,7 +712,7 @@ validate_option(certfile, undefined = Value) ->
 validate_option(certfile, Value) when is_binary(Value) ->
     Value;
 validate_option(certfile, Value) when is_list(Value) ->
-    list_to_binary(Value);
+    binary_filename(Value);
 
 validate_option(key, undefined) ->
     undefined;
@@ -728,7 +729,7 @@ validate_option(keyfile, undefined) ->
 validate_option(keyfile, Value) when is_binary(Value) ->
     Value;
 validate_option(keyfile, Value) when is_list(Value), Value =/= "" ->
-    list_to_binary(Value);
+    binary_filename(Value);
 validate_option(password, Value) when is_list(Value) ->
     Value;
 
@@ -742,7 +743,7 @@ validate_option(cacertfile, undefined) ->
 validate_option(cacertfile, Value) when is_binary(Value) ->
     Value;
 validate_option(cacertfile, Value) when is_list(Value), Value =/= ""->
-    list_to_binary(Value);
+    binary_filename(Value);
 validate_option(dh, Value) when Value == undefined;
 				is_binary(Value) ->
     Value;
@@ -751,12 +752,12 @@ validate_option(dhfile, undefined = Value)  ->
 validate_option(dhfile, Value) when is_binary(Value) ->
     Value;
 validate_option(dhfile, Value) when is_list(Value), Value =/= "" ->
-    list_to_binary(Value);
+    binary_filename(Value);
 validate_option(psk_identity, undefined) ->
     undefined;
 validate_option(psk_identity, Identity)
   when is_list(Identity), Identity =/= "", length(Identity) =< 65535 ->
-    list_to_binary(Identity);
+    binary_filename(Identity);
 validate_option(user_lookup_fun, undefined) ->
     undefined;
 validate_option(user_lookup_fun, {Fun, _} = Value) when is_function(Fun, 3) ->
@@ -765,7 +766,8 @@ validate_option(srp_identity, undefined) ->
     undefined;
 validate_option(srp_identity, {Username, Password})
   when is_list(Username), is_list(Password), Username =/= "", length(Username) =< 255 ->
-    {list_to_binary(Username), list_to_binary(Password)};
+    {unicode:characters_to_binary(Username),
+     unicode:characters_to_binary(Password)};
 
 validate_option(ciphers, Value)  when is_list(Value) ->
     Version = tls_record:highest_protocol_version([]),
@@ -778,12 +780,10 @@ validate_option(ciphers, Value)  when is_list(Value) ->
     end;
 validate_option(reuse_session, Value) when is_function(Value) ->
     Value;
-validate_option(reuse_sessions, Value) when Value == true;
-					    Value == false ->
+validate_option(reuse_sessions, Value) when is_boolean(Value) ->
     Value;
 
-validate_option(secure_renegotiate, Value) when Value == true;
-						Value == false ->
+validate_option(secure_renegotiate, Value) when is_boolean(Value) ->
     Value;
 validate_option(renegotiate_at, Value) when is_integer(Value) ->
     erlang:min(Value, ?DEFAULT_RENEGOTIATE_AT);
@@ -792,8 +792,7 @@ validate_option(hibernate_after, undefined) ->
     undefined;
 validate_option(hibernate_after, Value) when is_integer(Value), Value >= 0 ->
     Value;
-validate_option(erl_dist,Value) when Value == true;
-				     Value == false ->
+validate_option(erl_dist,Value) when is_boolean(Value) ->
     Value;
 validate_option(client_preferred_next_protocols = Opt, {Precedence, PreferredProtocols} = Value)
   when is_list(PreferredProtocols) ->
@@ -819,8 +818,7 @@ validate_option(client_preferred_next_protocols = Opt, {Precedence, PreferredPro
 
 validate_option(client_preferred_next_protocols, undefined) ->
     undefined;
-validate_option(log_alert, Value) when Value == true;
-				       Value == false ->
+validate_option(log_alert, Value) when is_boolean(Value) ->
     Value;
 validate_option(next_protocols_advertised = Opt, Value) when is_list(Value) ->
     case tls_record:highest_protocol_version([]) of
@@ -833,6 +831,14 @@ validate_option(next_protocols_advertised = Opt, Value) when is_list(Value) ->
 
 validate_option(next_protocols_advertised, undefined) ->
     undefined;
+validate_option(server_name_indication, Value) when is_list(Value) ->
+    Value;
+validate_option(server_name_indication, disable) ->
+    disable;
+validate_option(server_name_indication, undefined) ->
+    undefined;
+validate_option(honor_cipher_order, Value) when is_boolean(Value) ->
+    Value;
 validate_option(Opt, Value) ->
     throw({error, {options, {Opt, Value}}}).
 
@@ -1031,3 +1037,7 @@ connection_sup(tls_connection) ->
     tls_connection_sup;
 connection_sup(dtls_connection) ->
     dtls_connection_sup.
+
+binary_filename(FileName) ->
+    Enc = file:native_name_encoding(),
+    unicode:characters_to_binary(FileName, unicode, Enc).