9 files changed, 128 insertions, 72 deletions
diff --git a/lib/ssl/src/dtls_handshake.erl b/lib/ssl/src/dtls_handshake.erl
index 26e8ce7503..d0f9649f9f 100644
--- a/lib/ssl/src/dtls_handshake.erl
+++ b/lib/ssl/src/dtls_handshake.erl
@@ -46,7 +46,7 @@ client_hello(Host, Port, Cookie, ConnectionStates,
     SecParams = Pending#connection_state.security_parameters,
     CipherSuites = ssl_handshake:available_suites(UserSuites, Version),
 
-    Extensions = ssl_handshake:client_hello_extensions(Version, CipherSuites,
+    Extensions = ssl_handshake:client_hello_extensions(Host, Version, CipherSuites,
 						SslOpts, ConnectionStates, Renegotiation),
 
     Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, OwnCert),
diff --git a/lib/ssl/src/inet_tls_dist.erl b/lib/ssl/src/inet_tls_dist.erl
index 57c859bf24..7367b5c224 100644
--- a/lib/ssl/src/inet_tls_dist.erl
+++ b/lib/ssl/src/inet_tls_dist.erl
@@ -95,11 +95,6 @@ do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) ->
     end.
 
 close(Socket) ->
-    try
-	erlang:error(foo)
-    catch _:_ ->
-	    io:format("close called ~p ~p~n",[Socket, erlang:get_stacktrace()])
-    end,
     gen_tcp:close(Socket),
     ok.
 
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 6513042e98..e6ed0d8626 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -34,7 +34,7 @@
 
 -export([security_parameters/2, security_parameters/3, suite_definition/1,
 	 decipher/5, cipher/5,
-	 suite/1, suites/1, anonymous_suites/0, psk_suites/1, srp_suites/0,
+	 suite/1, suites/1, ec_keyed_suites/0, anonymous_suites/0, psk_suites/1, srp_suites/0,
 	 openssl_suite/1, openssl_suite_name/1, filter/2, filter_suites/1,
 	 hash_algorithm/1, sign_algorithm/1, is_acceptable_hash/2]).
 
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 29a8996bd6..9142a260b1 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -49,13 +49,13 @@
 	]).
 
 %% Cipher suites handling
--export([available_suites/2, available_suites/3, cipher_suites/2,
-	 select_session/10]).
+-export([available_suites/2, cipher_suites/2,
+	 select_session/10, supported_ecc/1]).
 
 %% Extensions handling
--export([client_hello_extensions/5,
+-export([client_hello_extensions/6,
 	 handle_client_hello_extensions/8, %% Returns server hello extensions
-	 handle_server_hello_extensions/9
+	 handle_server_hello_extensions/9, select_curve/2
 	]).
 
 %% MISC
@@ -85,11 +85,11 @@ hello_request() ->
 server_hello_done() ->
     #server_hello_done{}.
 
-client_hello_extensions(Version, CipherSuites, SslOpts, ConnectionStates, Renegotiation) ->
+client_hello_extensions(Host, Version, CipherSuites, SslOpts, ConnectionStates, Renegotiation) ->
     {EcPointFormats, EllipticCurves} =
 	case advertises_ec_ciphers(lists:map(fun ssl_cipher:suite_definition/1, CipherSuites)) of
 	    true ->
-		ecc_extensions(tls_v1, Version);
+		client_ecc_extensions(tls_v1, Version);
 	    false ->
 		{undefined, undefined}
 	end,
@@ -104,7 +104,8 @@ client_hello_extensions(Version, CipherSuites, SslOpts, ConnectionStates, Renego
        elliptic_curves = EllipticCurves,
        next_protocol_negotiation =
 	   encode_client_protocol_negotiation(SslOpts#ssl_options.next_protocol_selector,
-					      Renegotiation)}.
+					      Renegotiation),
+       sni = sni(Host, SslOpts#ssl_options.server_name_indication)}.
 
 %%--------------------------------------------------------------------
 -spec certificate(der_cert(), db_handle(), certdb_ref(), client | server) -> #certificate{} | #alert{}.
@@ -641,7 +642,19 @@ encode_hello_extensions([#hash_sign_algos{hash_sign_algos = HashSignAlgos} | Res
     ListLen = byte_size(SignAlgoList),
     Len = ListLen + 2,
     encode_hello_extensions(Rest, <<?UINT16(?SIGNATURE_ALGORITHMS_EXT),
-				 ?UINT16(Len), ?UINT16(ListLen), SignAlgoList/binary, Acc/binary>>).
+				 ?UINT16(Len), ?UINT16(ListLen), SignAlgoList/binary, Acc/binary>>);
+encode_hello_extensions([#sni{hostname = Hostname} | Rest], Acc) ->
+    HostLen = length(Hostname),
+    HostnameBin = list_to_binary(Hostname),
+    % Hostname type (1 byte) + Hostname length (2 bytes) + Hostname (HostLen bytes)
+    ServerNameLength = 1 + 2 + HostLen,
+    % ServerNameListSize (2 bytes) + ServerNameLength
+    ExtLength = 2 + ServerNameLength,
+    encode_hello_extensions(Rest, <<?UINT16(?SNI_EXT), ?UINT16(ExtLength),
+				    ?UINT16(ServerNameLength),
+				    ?BYTE(?SNI_NAMETYPE_HOST_NAME),
+				    ?UINT16(HostLen), HostnameBin/binary,
+				    Acc/binary>>).
 
 enc_server_key_exchange(Version, Params, {HashAlgo, SignAlgo},
 			ClientRandom, ServerRandom, PrivateKey) ->
@@ -861,22 +874,29 @@ available_suites(UserSuites, Version) ->
 	    UserSuites
     end.
 
-available_suites(ServerCert, UserSuites, Version) ->
-    ssl_cipher:filter(ServerCert, available_suites(UserSuites, Version)).
+available_suites(ServerCert, UserSuites, Version, Curve) ->
+    ssl_cipher:filter(ServerCert, available_suites(UserSuites, Version))
+	-- unavailable_ecc_suites(Curve).
+
+unavailable_ecc_suites(no_curve) ->
+    ssl_cipher:ec_keyed_suites();
+unavailable_ecc_suites(_) ->
+    [].
 
 cipher_suites(Suites, false) ->
     [?TLS_EMPTY_RENEGOTIATION_INFO_SCSV | Suites];
 cipher_suites(Suites, true) ->
     Suites.
 
-select_session(SuggestedSessionId, CipherSuites, Compressions, Port, Session, Version,
+select_session(SuggestedSessionId, CipherSuites, Compressions, Port, #session{ecc = ECCCurve} = 
+		   Session, Version,
 	       #ssl_options{ciphers = UserSuites} = SslOpts, Cache, CacheCb, Cert) ->
     {SessionId, Resumed} = ssl_session:server_id(Port, SuggestedSessionId,
 						 SslOpts, Cert,
 						 Cache, CacheCb),
-    Suites = ssl_handshake:available_suites(Cert, UserSuites, Version),
     case Resumed of
         undefined ->
+	    Suites = available_suites(Cert, UserSuites, Version, ECCCurve),
 	    CipherSuite = select_cipher_suite(CipherSuites, Suites),
 	    Compression = select_compression(Compressions),
 	    {new, Session#session{session_id = SessionId,
@@ -886,6 +906,13 @@ select_session(SuggestedSessionId, CipherSuites, Compressions, Port, Session, Ve
 	    {resumed, Resumed}
     end.
 
+supported_ecc(Version) ->
+    case tls_v1:ecc_curves(Version) of
+	[] ->
+	    undefined;
+	Curves ->
+	    #elliptic_curves{elliptic_curve_list = Curves}
+    end.
 %%-------------certificate handling --------------------------------
 
 certificate_types({KeyExchange, _, _, _})
@@ -926,9 +953,8 @@ certificate_authorities_from_db(CertDbHandle, CertDbRef) ->
 handle_client_hello_extensions(RecordCB, Random,
 			#hello_extensions{renegotiation_info = Info,
 					  srp = SRP,
-					  next_protocol_negotiation = NextProtocolNegotiation,
-					  ec_point_formats = EcPointFormats0,
-					  elliptic_curves = EllipticCurves0}, Version,
+					  ec_point_formats = ECCFormat,
+					  next_protocol_negotiation = NextProtocolNegotiation}, Version,
 			#ssl_options{secure_renegotiate = SecureRenegotation} = Opts,
 			#session{cipher_suite = CipherSuite, compression_method = Compression} = Session0,
 			ConnectionStates0, Renegotiation) ->
@@ -937,12 +963,11 @@ handle_client_hello_extensions(RecordCB, Random,
 						      Random, CipherSuite, Compression,
 						      ConnectionStates0, Renegotiation, SecureRenegotation),
     ProtocolsToAdvertise = handle_next_protocol_extension(NextProtocolNegotiation, Renegotiation, Opts),
-    {EcPointFormats, EllipticCurves} = handle_ecc_extensions(Version, EcPointFormats0, EllipticCurves0),
+   
     ServerHelloExtensions =  #hello_extensions{
 				renegotiation_info = renegotiation_info(RecordCB, server,
 									ConnectionStates, Renegotiation),
-				ec_point_formats = EcPointFormats,
-				elliptic_curves = EllipticCurves,
+				ec_point_formats = server_ecc_extension(Version, ECCFormat),
 				next_protocol_negotiation =
 				    encode_protocols_advertised_on_server(ProtocolsToAdvertise)
 			       },
@@ -1069,16 +1094,17 @@ hello_extensions_list(#hello_extensions{renegotiation_info = RenegotiationInfo,
 					hash_signs = HashSigns,
 					ec_point_formats = EcPointFormats,
 					elliptic_curves = EllipticCurves,
-					next_protocol_negotiation = NextProtocolNegotiation}) ->
+					next_protocol_negotiation = NextProtocolNegotiation,
+					sni = Sni}) ->
     [Ext || Ext <- [RenegotiationInfo, SRP, HashSigns,
-		    EcPointFormats,EllipticCurves, NextProtocolNegotiation], Ext =/= undefined].
+		    EcPointFormats, EllipticCurves, NextProtocolNegotiation, Sni], Ext =/= undefined].
 
 srp_user(#ssl_options{srp_identity = {UserName, _}}) ->
     #srp{username = UserName};
 srp_user(_) ->
     undefined.
 
-ecc_extensions(Module, Version) ->
+client_ecc_extensions(Module, Version) ->
     CryptoSupport = proplists:get_value(public_keys, crypto:supports()),
     case proplists:get_bool(ecdh, CryptoSupport) of
 	true ->
@@ -1089,15 +1115,13 @@ ecc_extensions(Module, Version) ->
 	    {undefined, undefined}
     end.
 
-handle_ecc_extensions(Version, EcPointFormats0, EllipticCurves0) ->
+server_ecc_extension(_Version, EcPointFormats) ->
     CryptoSupport = proplists:get_value(public_keys, crypto:supports()),
     case proplists:get_bool(ecdh, CryptoSupport) of
 	true ->
-	    EcPointFormats1 = handle_ecc_point_fmt_extension(EcPointFormats0),
-	    EllipticCurves1 = handle_ecc_curves_extension(Version, EllipticCurves0),
-	    {EcPointFormats1, EllipticCurves1};
-	_ ->
-	    {undefined, undefined}
+	    handle_ecc_point_fmt_extension(EcPointFormats);
+	false ->
+	    undefined
     end.
 
 handle_ecc_point_fmt_extension(undefined) ->
@@ -1105,11 +1129,6 @@ handle_ecc_point_fmt_extension(undefined) ->
 handle_ecc_point_fmt_extension(_) ->
     #ec_point_formats{ec_point_format_list = [?ECPOINT_UNCOMPRESSED]}.
 
-handle_ecc_curves_extension(_Version, undefined) ->
-    undefined;
-handle_ecc_curves_extension(Version, _) ->
-    #elliptic_curves{elliptic_curve_list = tls_v1:ecc_curves(Version)}.
-
 advertises_ec_ciphers([]) ->
     false;
 advertises_ec_ciphers([{ecdh_ecdsa, _,_,_} | _]) ->
@@ -1124,7 +1143,36 @@ advertises_ec_ciphers([{ecdh_anon, _,_,_} | _]) ->
     true;
 advertises_ec_ciphers([_| Rest]) ->
     advertises_ec_ciphers(Rest).
-
+select_curve(#elliptic_curves{elliptic_curve_list = ClientCurves}, 
+	     #elliptic_curves{elliptic_curve_list = ServerCurves}) -> 
+    select_curve(ClientCurves, ServerCurves);
+select_curve(undefined, _) ->
+    %% Client did not send ECC extension use default curve if 
+    %% ECC cipher is negotiated
+    {namedCurve, ?secp256k1};
+select_curve(_, []) ->
+    no_curve;
+select_curve(Curves, [Curve| Rest]) ->
+    case lists:member(Curve, Curves) of
+	true ->
+	    {namedCurve, Curve};
+	false ->
+	    select_curve(Curves, Rest)
+    end.
+%% RFC 6066, Section 3: Currently, the only server names supported are
+%% DNS hostnames
+sni(_, disable) ->
+    undefined;
+sni(Host, undefined) ->
+    sni1(Host);
+sni(_Host, SNIOption) ->
+    sni1(SNIOption).
+
+sni1(Hostname) ->
+    case inet_parse:domain(Hostname) of
+        false -> undefined;
+        true -> #sni{hostname = Hostname}
+    end.
 %%--------------------------------------------------------------------
 %%% Internal functions
 %%--------------------------------------------------------------------
@@ -1648,3 +1696,4 @@ advertised_hash_signs({Major, Minor}) when Major >= 3 andalso Minor >= 3 ->
 					 ({Hash, _}) -> proplists:get_bool(Hash, Hashs) end, HashSigns)};
 advertised_hash_signs(_) ->
     undefined.
+
diff --git a/lib/ssl/src/ssl_handshake.hrl b/lib/ssl/src/ssl_handshake.hrl
index 3a3ad8cf35..75160526b9 100644
--- a/lib/ssl/src/ssl_handshake.hrl
+++ b/lib/ssl/src/ssl_handshake.hrl
@@ -45,7 +45,8 @@
 	  master_secret,
 	  srp_username,
 	  is_resumable,
-	  time_stamp
+	  time_stamp,
+	  ecc
 	  }).
 
 -define(NUM_OF_SESSION_ID_BYTES, 32).  % TSL 1.1 & SSL 3
@@ -97,7 +98,8 @@
 	  next_protocol_negotiation = undefined, % [binary()]
 	  srp,
 	  ec_point_formats,
-	  elliptic_curves
+	  elliptic_curves,
+	  sni
 	 }).
 
 -record(server_hello, {
@@ -338,6 +340,19 @@
 -define(NAMED_CURVE, 3).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% Server name indication RFC 6066 section 3
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+-define(SNI_EXT, 16#0000).
+
+%% enum { host_name(0), (255) } NameType;
+-define(SNI_NAMETYPE_HOST_NAME, 0).
+
+-record(sni, {
+          hostname = undefined
+        }).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Dialyzer types
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
@@ -352,6 +367,3 @@
 
 
 -endif. % -ifdef(ssl_handshake).
-
-
-     
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 96e3280fb5..a582b8c290 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -115,7 +115,8 @@
 	  erl_dist = false,
 	  next_protocols_advertised = undefined, %% [binary()],
 	  next_protocol_selector = undefined,  %% fun([binary()]) -> binary())
-	  log_alert
+	  log_alert,
+	  server_name_indication = undefined
 	  }).
 
 -record(socket_options,
diff --git a/lib/ssl/src/tls.erl b/lib/ssl/src/tls.erl
index b220a48f73..f1747dc69e 100644
--- a/lib/ssl/src/tls.erl
+++ b/lib/ssl/src/tls.erl
@@ -664,7 +664,8 @@ handle_options(Opts0, _Role) ->
       next_protocol_selector = 
 			make_next_protocol_selector(
 			  handle_option(client_preferred_next_protocols, Opts, undefined)),
-      log_alert = handle_option(log_alert, Opts, true)
+      log_alert = handle_option(log_alert, Opts, true),
+      server_name_indication = handle_option(server_name_indication, Opts, undefined)
      },
 
     CbInfo  = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}),    
@@ -855,6 +856,12 @@ validate_option(next_protocols_advertised = Opt, Value) when is_list(Value) ->
 
 validate_option(next_protocols_advertised, undefined) ->
     undefined;
+validate_option(server_name_indication, Value) when is_list(Value) ->
+    Value;
+validate_option(server_name_indication, disable) ->
+    disable;
+validate_option(server_name_indication, undefined) ->
+    undefined;
 validate_option(Opt, Value) ->
     throw({error, {options, {Opt, Value}}}).
 
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 5618837506..39595b4f95 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -97,8 +97,7 @@
 	  terminated = false,  %
 	  allow_renegotiate = true,
           expecting_next_protocol_negotiation = false :: boolean(),
-          next_protocol = undefined :: undefined | binary(),
-	  client_ecc          % {Curves, PointFmt}
+          next_protocol = undefined :: undefined | binary()
 	 }).
 
 -define(DEFAULT_DIFFIE_HELLMAN_PARAMS, 
@@ -405,26 +404,24 @@ hello(#server_hello{cipher_suite = CipherSuite,
 hello(Hello = #client_hello{client_version = ClientVersion,
 			    extensions = #hello_extensions{hash_signs = HashSigns}},
       State = #state{connection_states = ConnectionStates0,
-		     port = Port, session = #session{own_certificate = Cert} = Session0,
+		     port = Port, 
+		     session = #session{own_certificate = Cert} = Session0,
 		     renegotiation = {Renegotiation, _},
 		     session_cache = Cache,
 		     session_cache_cb = CacheCb,
 		     ssl_options = SslOpts}) ->
     HashSign = ssl_handshake:select_hashsign(HashSigns, Cert),
     case tls_handshake:hello(Hello, SslOpts, {Port, Session0, Cache, CacheCb,
-				     ConnectionStates0, Cert}, Renegotiation) of
+					      ConnectionStates0, Cert}, Renegotiation) of
         {Version, {Type,  #session{cipher_suite = CipherSuite} = Session},
-	 ConnectionStates,
-	 #hello_extensions{ec_point_formats = EcPointFormats,
-			   elliptic_curves = EllipticCurves} = ServerHelloExt} ->
+	 ConnectionStates, ServerHelloExt} ->
 	    {KeyAlg, _, _, _} = ssl_cipher:suite_definition(CipherSuite),
-	    NegotiatedHashSign = negotiated_hashsign(HashSign, KeyAlg, Version),
-            do_server_hello(Type, ServerHelloExt,
+	    NegotiatedHashSign = negotiated_hashsign(HashSign, KeyAlg, Version),	    
+	    do_server_hello(Type, ServerHelloExt,
 			    State#state{connection_states  = ConnectionStates,
 					negotiated_version = Version,
 					session = Session,
-					hashsign_algorithm = NegotiatedHashSign,
-					client_ecc = {EllipticCurves, EcPointFormats}});
+					hashsign_algorithm = NegotiatedHashSign});
         #alert{} = Alert ->
             handle_own_alert(Alert, ClientVersion, hello, State)
     end;
@@ -1647,12 +1644,13 @@ key_exchange(#state{role = server, key_algorithm = Algo,
 		    negotiated_version = Version,
 		    tls_handshake_history = Handshake0,
 		    socket = Socket,
-		    transport_cb = Transport
+		    transport_cb = Transport,
+		    session = #session{ecc = Curve}
 		   } = State)
   when Algo == ecdhe_ecdsa; Algo == ecdhe_rsa;
        Algo == ecdh_anon ->
 
-    ECDHKeys = public_key:generate_key(select_curve(State)),
+    ECDHKeys = public_key:generate_key(Curve),
     ConnectionState =
 	ssl_record:pending_connection_state(ConnectionStates0, read),
     SecParams = ConnectionState#connection_state.security_parameters,
@@ -3086,12 +3084,7 @@ default_hashsign(_Version, KeyExchange)
        KeyExchange == rsa_psk;
        KeyExchange == srp_anon ->
     {null, anon}.
-
-select_curve(#state{client_ecc = {[Curve|_], _}}) ->
-    {namedCurve, Curve};
-select_curve(_) ->
-    {namedCurve, ?secp256k1}.
-
+	
 is_anonymous(Algo) when Algo == dh_anon;
 			Algo == ecdh_anon;
 			Algo == psk;
diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index 02bfa69fc5..262f2d929f 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -56,7 +56,7 @@ client_hello(Host, Port, ConnectionStates,
     SecParams = Pending#connection_state.security_parameters,
     CipherSuites = ssl_handshake:available_suites(UserSuites, Version),
 
-    Extensions = ssl_handshake:client_hello_extensions(Version, CipherSuites,
+    Extensions = ssl_handshake:client_hello_extensions(Host, Version, CipherSuites,
 						SslOpts, ConnectionStates, Renegotiation),
 
     Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, OwnCert),
@@ -70,7 +70,7 @@ client_hello(Host, Port, ConnectionStates,
 		 }.
 
 %%--------------------------------------------------------------------
--spec server_hello(#session{}, tls_version(), #connection_states{},
+-spec server_hello(binary(), tls_version(), #connection_states{},
 		   #hello_extensions{}) -> #server_hello{}.
 %%
 %% Description: Creates a server hello message.
@@ -120,17 +120,16 @@ hello(#client_hello{client_version = ClientVersion,
 		    cipher_suites = CipherSuites,
 		    compression_methods = Compressions,
 		    random = Random,
-		    extensions = HelloExt},
+		    extensions = #hello_extensions{elliptic_curves = Curves} = HelloExt},
       #ssl_options{versions = Versions} = SslOpts,
       {Port, Session0, Cache, CacheCb, ConnectionStates0, Cert}, Renegotiation) ->
     Version = ssl_handshake:select_version(tls_record, ClientVersion, Versions),
     case tls_record:is_acceptable_version(Version, Versions) of
 	true ->
-	    %% TODO: need to take supported Curves into Account when selecting the CipherSuite....
-	    %%       if whe have an ECDSA cert with an unsupported curve, we need to drop ECDSA ciphers
+	    ECCCurve = ssl_handshake:select_curve(Curves, ssl_handshake:supported_ecc(Version)),
 	    {Type, #session{cipher_suite = CipherSuite} = Session1}
 		= ssl_handshake:select_session(SugesstedId, CipherSuites, Compressions,
-					       Port, Session0, Version,
+					       Port, Session0#session{ecc = ECCCurve}, Version,
 					       SslOpts, Cache, CacheCb, Cert),
 	    case CipherSuite of 
 		no_suite ->