1 files changed, 37 insertions, 2 deletions

diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index be9849b9e6..77c21d9b57 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -498,12 +498,12 @@ make_rsa_cert_chains(ChainConf, Config, Suffix) ->
      [{reuseaddr, true}, {verify, verify_peer} | ServerConf]
     }.
 
-make_ec_cert_chains(ClientChainType, ServerChainType, Config) ->
+make_ec_cert_chains(ChainConf, ClientChainType, ServerChainType, Config) ->
     CryptoSupport = crypto:supports(),
     KeyGenSpec = key_gen_info(ClientChainType, ServerChainType),
     ClientFileBase = filename:join([proplists:get_value(priv_dir, Config), atom_to_list(ClientChainType)]),
     ServerFileBase = filename:join([proplists:get_value(priv_dir, Config), atom_to_list(ServerChainType)]),
-    GenCertData = x509_test:gen_test_certs([{digest, appropriate_sha(CryptoSupport)} | KeyGenSpec]),
+    GenCertData = x509_test:gen_test_certs([{digest, appropriate_sha(CryptoSupport)} | KeyGenSpec] ++ ChainConf),
     [{server_config, ServerConf}, 
      {client_config, ClientConf}] = 
         x509_test:gen_pem_config_files(GenCertData, ClientFileBase, ServerFileBase),               
@@ -1009,6 +1009,12 @@ openssl_ecdh_rsa_suites() ->
     lists:filter(fun(Str) -> string_regex_filter(Str, "ECDH-RSA")
 		 end, Ciphers).
 
+openssl_filter(FilterStr) ->
+    Ciphers = string:tokens(os:cmd("openssl ciphers"), ":"),
+    lists:filter(fun(Str) -> string_regex_filter(Str, FilterStr)
+		 end, Ciphers).
+
+
 string_regex_filter(Str, Search) when is_list(Str) ->
     case re:run(Str, Search, []) of
 	nomatch ->
@@ -1174,6 +1180,21 @@ sufficient_crypto_support(Group) when Group == ciphers_ec;     %% From ssl_basic
 sufficient_crypto_support(_) ->
     true.
 
+check_key_exchange_send_active(Socket, false) ->
+    send_recv_result_active(Socket);
+check_key_exchange_send_active(Socket, KeyEx) ->
+    {ok, [{cipher_suite, Suite}]} = ssl:connection_information(Socket, [cipher_suite]),
+    true = check_key_exchange(Suite, KeyEx), 
+    send_recv_result_active(Socket).
+
+check_key_exchange({KeyEx,_, _}, KeyEx) ->
+    true;
+check_key_exchange({KeyEx,_,_,_}, KeyEx) ->
+    true;
+check_key_exchange(KeyEx1, KeyEx2) ->
+    ct:pal("Negotiated ~p  Expected ~p", [KeyEx1, KeyEx2]),
+    false.
+
 send_recv_result_active(Socket) ->
     ssl:send(Socket, "Hello world"),
     receive
@@ -1394,6 +1415,18 @@ portable_open_port(Exe, Args) ->
     open_port({spawn_executable, AbsPath}, 
 	      [{args, Args}, stderr_to_stdout]). 
 
+supports_ssl_tls_version(sslv2 = Version) ->
+    case os:cmd("openssl version") of
+	"OpenSSL 1" ++ _ -> 
+	    false;
+	_ ->
+            VersionFlag = version_flag(Version),
+            Exe = "openssl",
+            Args = ["s_client", VersionFlag],
+            Port = ssl_test_lib:portable_open_port(Exe, Args),
+            do_supports_ssl_tls_version(Port)
+    end;
+
 supports_ssl_tls_version(Version) ->
     VersionFlag = version_flag(Version),
     Exe = "openssl",
@@ -1403,6 +1436,8 @@ supports_ssl_tls_version(Version) ->
 
 do_supports_ssl_tls_version(Port) ->
     receive 
+        {Port, {data, "u"}} -> 
+	    false;
 	{Port, {data, "unknown option"  ++ _}} -> 
 	    false;
 	{Port, {data, Data}} ->