1 files changed, 128 insertions, 15 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index b5c6a1da49..10bbd4d88b 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -126,7 +126,8 @@ api_tests() ->
      hibernate,
      listen_socket,
      ssl_accept_timeout,
-     ssl_recv_timeout
+     ssl_recv_timeout,
+     versions_option
     ].
 
 session_tests() ->
@@ -153,6 +154,13 @@ cipher_tests() ->
      ciphers_dsa_signed_certs,
      ciphers_dsa_signed_certs_openssl_names,
      anonymous_cipher_suites,
+     psk_cipher_suites,
+     psk_with_hint_cipher_suites,
+     psk_anon_cipher_suites,
+     psk_anon_with_hint_cipher_suites,
+     srp_cipher_suites,
+     srp_anon_cipher_suites,
+     srp_dsa_cipher_suites,
      default_reject_anonymous].
 
 error_handling_tests()->
@@ -1194,12 +1202,12 @@ tcp_connect(Config) when is_list(Config) ->
     {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     TcpOpts = [binary, {reuseaddr, true}],
 
-    Server = ssl_test_lib:start_upgrade_server([{node, ServerNode}, {port, 0},
-						{from, self()},
-						{timeout, 5000},
-						{mfa, {?MODULE, dummy, []}},
-						{tcp_options, TcpOpts},
-						{ssl_options, ServerOpts}]),
+    Server = ssl_test_lib:start_upgrade_server_error([{node, ServerNode}, {port, 0},
+						      {from, self()},
+						      {timeout, 5000},
+						      {mfa, {?MODULE, dummy, []}},
+						      {tcp_options, TcpOpts},
+						      {ssl_options, ServerOpts}]),
     Port = ssl_test_lib:inet_port(Server),
 
     {ok, Socket} = gen_tcp:connect(Hostname, Port, [binary, {packet, 0}]),
@@ -1222,12 +1230,12 @@ tcp_connect_big(Config) when is_list(Config) ->
     {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     TcpOpts = [binary, {reuseaddr, true}],
 
-    Server = ssl_test_lib:start_upgrade_server([{node, ServerNode}, {port, 0},
-						{from, self()},
-						{timeout, 5000},
-						{mfa, {?MODULE, dummy, []}},
-						{tcp_options, TcpOpts},
-						{ssl_options, ServerOpts}]),
+    Server = ssl_test_lib:start_upgrade_server_error([{node, ServerNode}, {port, 0},
+						      {from, self()},
+						      {timeout, 5000},
+						      {mfa, {?MODULE, dummy, []}},
+						      {tcp_options, TcpOpts},
+						      {ssl_options, ServerOpts}]),
     Port = ssl_test_lib:inet_port(Server),
 
     {ok, Socket} = gen_tcp:connect(Hostname, Port, [binary, {packet, 0}]),
@@ -1574,7 +1582,55 @@ anonymous_cipher_suites(Config) when is_list(Config) ->
     Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
     Ciphers = ssl_test_lib:anonymous_suites(),
     run_suites(Ciphers, Version, Config, anonymous).
-
+%%-------------------------------------------------------------------
+psk_cipher_suites() ->
+    [{doc, "Test the PSK ciphersuites WITHOUT server supplied identity hint"}].
+psk_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:psk_suites(),
+    run_suites(Ciphers, Version, Config, psk).
+%%-------------------------------------------------------------------
+psk_with_hint_cipher_suites()->
+    [{doc, "Test the PSK ciphersuites WITH server supplied identity hint"}].
+psk_with_hint_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:psk_suites(),
+    run_suites(Ciphers, Version, Config, psk_with_hint).
+%%-------------------------------------------------------------------
+psk_anon_cipher_suites() ->
+    [{doc, "Test the anonymous PSK ciphersuites WITHOUT server supplied identity hint"}].
+psk_anon_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:psk_anon_suites(),
+    run_suites(Ciphers, Version, Config, psk_anon).
+%%-------------------------------------------------------------------
+psk_anon_with_hint_cipher_suites()->
+    [{doc, "Test the anonymous PSK ciphersuites WITH server supplied identity hint"}].
+psk_anon_with_hint_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:psk_anon_suites(),
+    run_suites(Ciphers, Version, Config, psk_anon_with_hint).
+%%-------------------------------------------------------------------
+srp_cipher_suites()->
+    [{doc, "Test the SRP ciphersuites"}].
+srp_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:srp_suites(),
+    run_suites(Ciphers, Version, Config, srp).
+%%-------------------------------------------------------------------
+srp_anon_cipher_suites()->
+    [{doc, "Test the anonymous SRP ciphersuites"}].
+srp_anon_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:srp_anon_suites(),
+    run_suites(Ciphers, Version, Config, srp_anon).
+%%-------------------------------------------------------------------
+srp_dsa_cipher_suites()->
+    [{doc, "Test the SRP DSA ciphersuites"}].
+srp_dsa_cipher_suites(Config) when is_list(Config) ->
+    Version = ssl_record:protocol_version(ssl_record:highest_protocol_version([])),
+    Ciphers = ssl_test_lib:srp_dss_suites(),
+    run_suites(Ciphers, Version, Config, srp_dsa).
 %%--------------------------------------------------------------------
 default_reject_anonymous()->
     [{doc,"Test that by default anonymous cipher suites are rejected "}].
@@ -2659,6 +2715,42 @@ session_cache_process_mnesia(Config) when is_list(Config) ->
     session_cache_process(mnesia,Config).
 
 %%--------------------------------------------------------------------
+
+versions_option() ->
+    [{doc,"Test API versions option to connect/listen."}].
+versions_option(Config) when is_list(Config) ->
+    ClientOpts = ?config(client_opts, Config),
+    ServerOpts = ?config(server_opts, Config),  
+
+    Supported = proplists:get_value(supported, ssl:versions()),
+    Available = proplists:get_value(available, ssl:versions()),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+					{from, self()}, 
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, [{versions, Supported} | ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+    
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+					{host, Hostname},
+					{from, self()}, 
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, ClientOpts}]),
+    
+    ssl_test_lib:check_result(Server, ok, Client, ok),
+    Server ! listen,				       
+    
+    ErrClient = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port}, 
+						 {host, Hostname},
+						 {from, self()},
+						 {options, [{versions , Available -- Supported} | ClientOpts]}]),
+    receive
+	{Server, _} ->
+	    ok
+    end,	    
+   
+    ssl_test_lib:check_result(ErrClient, {error, {tls_alert, "protocol version"}}).
+%%--------------------------------------------------------------------
 %% Internal functions ------------------------------------------------
 %%--------------------------------------------------------------------
 send_recv_result(Socket) ->
@@ -3076,7 +3168,28 @@ run_suites(Ciphers, Version, Config, Type) ->
 	    anonymous ->
 		%% No certs in opts!
 		{?config(client_opts, Config),
-		 ?config(server_anon, Config)}
+		 ?config(server_anon, Config)};
+	    psk ->
+		{?config(client_psk, Config),
+		 ?config(server_psk, Config)};
+	    psk_with_hint ->
+		{?config(client_psk, Config),
+		 ?config(server_psk_hint, Config)};
+	    psk_anon ->
+		{?config(client_psk, Config),
+		 ?config(server_psk_anon, Config)};
+	    psk_anon_with_hint ->
+		{?config(client_psk, Config),
+		 ?config(server_psk_anon_hint, Config)};
+	    srp ->
+		{?config(client_srp, Config),
+		 ?config(server_srp, Config)};
+	    srp_anon ->
+		{?config(client_srp, Config),
+		 ?config(server_srp_anon, Config)};
+	    srp_dsa ->
+		{?config(client_srp_dsa, Config),
+		 ?config(server_srp_dsa, Config)}
 	    end,
 
     Result =  lists:map(fun(Cipher) ->