1 files changed, 130 insertions, 51 deletions
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 59f10d53a6..d6fbb73249 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2008-2014. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2015. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -67,7 +67,16 @@ run_server(Opts) ->
     run_server(ListenSocket, Opts).
 
 run_server(ListenSocket, Opts) ->
-    do_run_server(ListenSocket, connect(ListenSocket, Opts), Opts).
+    Accepters = proplists:get_value(accepters, Opts, 1),
+    run_server(ListenSocket, Opts, Accepters). 
+    
+run_server(ListenSocket, Opts, 1) ->
+    do_run_server(ListenSocket, connect(ListenSocket, Opts), Opts);
+run_server(ListenSocket, Opts, N) ->
+    Pid = proplists:get_value(from, Opts),
+    Server = spawn(?MODULE, run_server, [ListenSocket, Opts, 1]),
+    Pid ! {accepter, N, Server},
+    run_server(ListenSocket, Opts, N-1).
 
 do_run_server(_, {error, timeout} = Result, Opts)  ->
     Pid = proplists:get_value(from, Opts),
@@ -106,7 +115,7 @@ connect(#sslsocket{} = ListenSocket, Opts) ->
     Node = proplists:get_value(node, Opts),
     ReconnectTimes =  proplists:get_value(reconnect_times, Opts, 0),
     Timeout = proplists:get_value(timeout, Opts, infinity),
-    SslOpts = proplists:get_value(ssl_opts, Opts, []),
+    SslOpts = proplists:get_value(ssl_extra_opts, Opts, []),
     AcceptSocket = connect(ListenSocket, Node, 1 + ReconnectTimes, dummy, Timeout, SslOpts),
     case ReconnectTimes of
 	0 ->
@@ -177,10 +186,8 @@ run_client(Opts) ->
     Pid = proplists:get_value(from, Opts),
     Transport =  proplists:get_value(transport, Opts, ssl),
     Options = proplists:get_value(options, Opts),
-    ct:log("~p:~p~nssl:connect(~p, ~p, ~p)~n", [?MODULE,?LINE, Host, Port, Options]),
-ct:log("~p:~p~nnet_adm:ping(~p)=~p",[?MODULE,?LINE, Node,net_adm:ping(Node)]),
-%%ct:log("~p:~p~n~p:connect(~p, ~p, ~p)@~p~n", [?MODULE,?LINE, Transport, Host, Port, Options, Node]),
-ct:log("~p:~p~n~p:connect(~p, ~p, ...)@~p~n", [?MODULE,?LINE, Transport, Host, Port, Node]),
+    ct:log("~p:~p~n~p:connect(~p, ~p)@~p~n", [?MODULE,?LINE, Transport, Host, Port, Node]),
+    ct:log("SSLOpts: ~p", [Options]),
     case rpc:call(Node, Transport, connect, [Host, Port, Options]) of
 	{ok, Socket} ->
 	    Pid ! {connected, Socket},
@@ -290,7 +297,16 @@ wait_for_result(Server, ServerMsg, Client, ClientMsg) ->
 	%%     Unexpected
     end.
 
-
+check_ok([]) ->
+    ok;
+check_ok(Pids) ->
+    receive 
+	{Pid, ok} ->
+	    check_ok(lists:delete(Pid, Pids));
+	Other ->
+	    ct:fail({expected, {"pid()", ok}, got, Other})
+    end.
+	
 wait_for_result(Pid, Msg) -> 
     receive 
 	{Pid, Msg} -> 
@@ -435,7 +451,7 @@ make_ecdsa_cert(Config) ->
 				  {cacertfile, ServerCaCertFile},
 				  {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
 	     {server_ecdsa_verify_opts, [{ssl_imp, new},{reuseaddr, true},
-					 {cacertfile, ClientCaCertFile},
+					 {cacertfile, ServerCaCertFile},
 					 {certfile, ServerCertFile}, {keyfile, ServerKeyFile},
 					 {verify, verify_peer}]},
 	     {client_ecdsa_opts, [{ssl_imp, new},{reuseaddr, true},
@@ -460,7 +476,7 @@ make_ecdh_rsa_cert(Config) ->
 				     {cacertfile, ServerCaCertFile},
 				     {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
 	     {server_ecdh_rsa_verify_opts, [{ssl_imp, new},{reuseaddr, true},
-					    {cacertfile, ClientCaCertFile},
+					    {cacertfile, ServerCaCertFile},
 					    {certfile, ServerCertFile}, {keyfile, ServerKeyFile},
 					    {verify, verify_peer}]},
 	     {client_ecdh_rsa_opts, [{ssl_imp, new},{reuseaddr, true},
@@ -679,6 +695,17 @@ run_client_error(Opts) ->
     Error = rpc:call(Node, Transport, connect, [Host, Port, Options]),
     Pid ! {self(), Error}.
 
+accepters(N) ->
+    accepters([], N).
+
+accepters(Acc, 0) ->
+    Acc;
+accepters(Acc, N) ->
+    receive 
+	{accepter, _, Server} ->
+	    accepters([Server| Acc], N-1)
+    end.
+
 inet_port(Pid) when is_pid(Pid)->
     receive
 	{Pid, {port, Port}} ->
@@ -785,48 +812,34 @@ openssl_rsa_suites(CounterPart) ->
 		false ->
 		    "DSS | ECDHE | ECDH"
 		end,
-    lists:filter(fun(Str) ->
-			 case re:run(Str, Names,[]) of
-			     nomatch ->
-				 false;
-			     _ ->
-				 true
-			 end 
-		     end, Ciphers).
+    lists:filter(fun(Str) -> string_regex_filter(Str, Names)
+		 end, Ciphers).
 
 openssl_dsa_suites() ->
     Ciphers = ssl:cipher_suites(openssl),
-    lists:filter(fun(Str) ->
-			 case re:run(Str,"DSS",[]) of
-			     nomatch ->
-				 false;
-			     _ ->
-				 true
-			 end 
+    lists:filter(fun(Str) -> string_regex_filter(Str, "DSS")
 		 end, Ciphers).
 
 openssl_ecdsa_suites() ->
     Ciphers = ssl:cipher_suites(openssl),
-    lists:filter(fun(Str) ->
-			 case re:run(Str,"ECDHE-ECDSA",[]) of
-			     nomatch ->
-				 false;
-			     _ ->
-				 true
-			 end
+    lists:filter(fun(Str) -> string_regex_filter(Str, "ECDHE-ECDSA")
 		 end, Ciphers).
 
 openssl_ecdh_rsa_suites() ->
     Ciphers = ssl:cipher_suites(openssl),
-    lists:filter(fun(Str) ->
-			 case re:run(Str,"ECDH-RSA",[]) of
-			     nomatch ->
-				 false;
-			     _ ->
-				 true
-			 end
+    lists:filter(fun(Str) -> string_regex_filter(Str, "ECDH-RSA")
 		 end, Ciphers).
 
+string_regex_filter(Str, Search) when is_list(Str) ->
+    case re:run(Str, Search, []) of
+	nomatch ->
+	    false;
+	_ ->
+	    true
+    end;
+string_regex_filter(Str, _Search) ->
+    false.
+
 anonymous_suites() ->
     Suites =
 	[{dh_anon, rc4_128, md5},
@@ -834,6 +847,8 @@ anonymous_suites() ->
 	 {dh_anon, '3des_ede_cbc', sha},
 	 {dh_anon, aes_128_cbc, sha},
 	 {dh_anon, aes_256_cbc, sha},
+	 {dh_anon, aes_128_gcm, null},
+	 {dh_anon, aes_256_gcm, null},
 	 {ecdh_anon,rc4_128,sha},
 	 {ecdh_anon,'3des_ede_cbc',sha},
 	 {ecdh_anon,aes_128_cbc,sha},
@@ -846,25 +861,39 @@ psk_suites() ->
 	 {psk, '3des_ede_cbc', sha},
 	 {psk, aes_128_cbc, sha},
 	 {psk, aes_256_cbc, sha},
+	 {psk, aes_128_cbc, sha256},
+	 {psk, aes_256_cbc, sha384},
 	 {dhe_psk, rc4_128, sha},
 	 {dhe_psk, '3des_ede_cbc', sha},
 	 {dhe_psk, aes_128_cbc, sha},
 	 {dhe_psk, aes_256_cbc, sha},
+	 {dhe_psk, aes_128_cbc, sha256},
+	 {dhe_psk, aes_256_cbc, sha384},
 	 {rsa_psk, rc4_128, sha},
 	 {rsa_psk, '3des_ede_cbc', sha},
 	 {rsa_psk, aes_128_cbc, sha},
-	 {rsa_psk, aes_256_cbc, sha}],
+	 {rsa_psk, aes_256_cbc, sha},
+	 {rsa_psk, aes_128_cbc, sha256},
+	 {rsa_psk, aes_256_cbc, sha384},
+	 {psk, aes_128_gcm, null},
+	 {psk, aes_256_gcm, null},
+	 {dhe_psk, aes_128_gcm, null},
+	 {dhe_psk, aes_256_gcm, null},
+	 {rsa_psk, aes_128_gcm, null},
+	 {rsa_psk, aes_256_gcm, null}],
     ssl_cipher:filter_suites(Suites).
 
 psk_anon_suites() ->
-    [{psk, rc4_128, sha},
-     {psk, '3des_ede_cbc', sha},
-     {psk, aes_128_cbc, sha},
-     {psk, aes_256_cbc, sha},
-     {dhe_psk, rc4_128, sha},
-     {dhe_psk, '3des_ede_cbc', sha},
-     {dhe_psk, aes_128_cbc, sha},
-     {dhe_psk, aes_256_cbc, sha}].
+    Suites =
+	[{psk, rc4_128, sha},
+	 {psk, '3des_ede_cbc', sha},
+	 {psk, aes_128_cbc, sha},
+	 {psk, aes_256_cbc, sha},
+	 {dhe_psk, rc4_128, sha},
+	 {dhe_psk, '3des_ede_cbc', sha},
+	 {dhe_psk, aes_128_cbc, sha},
+	 {dhe_psk, aes_256_cbc, sha}],
+    ssl_cipher:filter_suites(Suites).
 
 srp_suites() ->
     Suites =
@@ -877,9 +906,11 @@ srp_suites() ->
     ssl_cipher:filter_suites(Suites).
 
 srp_anon_suites() ->
-    [{srp_anon, '3des_ede_cbc', sha},
-     {srp_anon, aes_128_cbc, sha},
-     {srp_anon, aes_256_cbc, sha}].
+    Suites =
+	[{srp_anon, '3des_ede_cbc', sha},
+	 {srp_anon, aes_128_cbc, sha},
+	 {srp_anon, aes_256_cbc, sha}],
+    ssl_cipher:filter_suites(Suites).
 
 srp_dss_suites() ->
     Suites =
@@ -888,6 +919,10 @@ srp_dss_suites() ->
 	 {srp_dss, aes_256_cbc, sha}],
     ssl_cipher:filter_suites(Suites).
 
+rc4_suites(Version) ->
+    Suites = ssl_cipher:rc4_suites(Version),
+    ssl_cipher:filter_suites(Suites).
+
 pem_to_der(File) ->
     {ok, PemBin} = file:read_file(File),
     public_key:pem_decode(PemBin).
@@ -1089,3 +1124,47 @@ version_flag('tlsv1.2') ->
     " -tls1_2 ";
 version_flag(sslv3) ->
     " -ssl3 ".
+
+filter_suites(Ciphers0) ->
+    Version = tls_record:highest_protocol_version([]),
+    Supported0 = ssl_cipher:suites(Version)
+	++ ssl_cipher:anonymous_suites(Version)
+	++ ssl_cipher:psk_suites(Version)
+	++ ssl_cipher:srp_suites() 
+	++ ssl_cipher:rc4_suites(Version),
+    Supported1 = ssl_cipher:filter_suites(Supported0),
+    Supported2 = [ssl:suite_definition(S) || S <- Supported1],
+    [Cipher || Cipher <- Ciphers0, lists:member(Cipher, Supported2)].
+
+-define(OPENSSL_QUIT, "Q\n").
+close_port(Port) ->
+    catch port_command(Port, ?OPENSSL_QUIT),
+    close_loop(Port, 500, false).
+
+close_loop(Port, Time, SentClose) ->
+    receive 
+	{Port, {data,Debug}} when is_port(Port) ->
+	    ct:log("openssl ~s~n",[Debug]),
+	    close_loop(Port, Time, SentClose);	
+	{ssl,_,Msg} ->
+	    ct:log("ssl Msg ~s~n",[Msg]),
+	    close_loop(Port, Time, SentClose);	
+	{Port, closed} -> 
+	    ct:log("Port Closed~n",[]),
+	    ok;
+	{'EXIT', Port, Reason} ->
+	    ct:log("Port Closed ~p~n",[Reason]),
+	    ok;
+	Msg ->
+	    ct:log("Port Msg ~p~n",[Msg]),
+	    close_loop(Port, Time, SentClose)
+    after Time ->
+	    case SentClose of
+		false -> 
+		    ct:log("Closing port ~n",[]),
+		    catch erlang:port_close(Port),
+		    close_loop(Port, Time, true);
+		true ->
+		    ct:log("Timeout~n",[])
+	    end
+    end.