1 files changed, 36 insertions, 43 deletions

diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index f22eb4ecdf..07abddbcf7 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -181,16 +181,6 @@ end_per_suite(_Config) ->
     ssl:stop(),
     application:stop(crypto).
 
-init_per_group(basic, Config0) ->
-    case ssl_test_lib:supports_ssl_tls_version('tlsv1.2')
-        orelse ssl_test_lib:supports_ssl_tls_version('tlsv1.1')
-        orelse ssl_test_lib:supports_ssl_tls_version('tlsv1')
-    of
-        true ->
-            ssl_test_lib:clean_tls_version(Config0);
-        false ->
-            {skip, "only sslv3 supported by OpenSSL"}
-    end;
 
 init_per_group(GroupName, Config) ->
     case ssl_test_lib:is_tls_version(GroupName) of
@@ -233,7 +223,7 @@ init_per_testcase(TestCase, Config) when
       TestCase == erlang_server_openssl_client_dsa_cert;
        TestCase == erlang_client_openssl_server_dsa_cert;
       TestCase ==  erlang_server_openssl_client_dsa_cert ->
-    case ssl_test_lib:openssl_dsa_support() of
+    case ssl_test_lib:openssl_dsa_support() andalso ssl_test_lib:is_sane_oppenssl_client() of
         true ->
             special_init(TestCase, Config);
         false ->
@@ -334,7 +324,16 @@ special_init(TestCase, Config0)
                                                 ]}
                                   ]}]} | Config0], 
     check_openssl_sni_support(Config);
-
+special_init(TestCase, Config)
+  when TestCase == erlang_server_openssl_client;       
+       TestCase == erlang_server_openssl_client_client_cert;
+       TestCase == erlang_server_openssl_client_reuse_session ->
+    case ssl_test_lib:is_sane_oppenssl_client() of
+        true ->
+            Config;
+        false ->
+            {skip, "Broken OpenSSL client"}
+    end;
 special_init(_, Config) ->
      Config.
 
@@ -1073,7 +1072,7 @@ erlang_client_bad_openssl_server(Config) when is_list(Config) ->
     Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
                                          {host, Hostname},
                                          {from, self()},
-                                         {mfa, {ssl_test_lib, no_result_msg, []}},
+                                         {mfa, {ssl_test_lib, no_result, []}},
                                          {options,
                                           [{versions, [Version]} | ClientOpts]}]),
 
@@ -1161,7 +1160,7 @@ ssl2_erlang_server_openssl_client(Config) when is_list(Config) ->
 
     ct:log("Ports ~p~n", [[erlang:port_info(P) || P <- erlang:ports()]]), 
     ssl_test_lib:consume_port_exit(OpenSslPort),
-    ssl_test_lib:check_server_alert(Server, bad_record_mac),
+    ssl_test_lib:check_server_alert(Server, unexpected_message),
     process_flag(trap_exit, false).
 
 %%--------------------------------------------------------------------
@@ -1462,6 +1461,7 @@ send_and_hostname(SSLSocket) ->
     end.
 
 erlang_server_openssl_client_sni_test(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) ->
+    Version = ssl_test_lib:protocol_version(Config),
     ct:log("Start running handshake, Config: ~p, SNIHostname: ~p, ExpectedSNIHostname: ~p, ExpectedCN: ~p", [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]),
     ServerOptions = proplists:get_value(sni_server_opts, Config) ++ proplists:get_value(server_rsa_opts, Config),
     {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -1472,9 +1472,9 @@ erlang_server_openssl_client_sni_test(Config, SNIHostname, ExpectedSNIHostname,
     Exe = "openssl",
     ClientArgs = case SNIHostname of
 		     undefined ->
-			 openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname,Port);
+			 openssl_client_args(Version, Hostname,Port);
 		     _ ->
-			 openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname, Port, SNIHostname)
+			 openssl_client_args(Version, Hostname, Port, SNIHostname)
 		 end,       
     ClientPort = ssl_test_lib:portable_open_port(Exe, ClientArgs),  
   
@@ -1485,6 +1485,7 @@ erlang_server_openssl_client_sni_test(Config, SNIHostname, ExpectedSNIHostname,
 
 
 erlang_server_openssl_client_sni_test_sni_fun(Config, SNIHostname, ExpectedSNIHostname, ExpectedCN) ->
+    Version = ssl_test_lib:protocol_version(Config),
     ct:log("Start running handshake for sni_fun, Config: ~p, SNIHostname: ~p, ExpectedSNIHostname: ~p, ExpectedCN: ~p", [Config, SNIHostname, ExpectedSNIHostname, ExpectedCN]),
     [{sni_hosts, ServerSNIConf}] = proplists:get_value(sni_server_opts, Config),
     SNIFun = fun(Domain) -> proplists:get_value(Domain, ServerSNIConf, undefined) end,
@@ -1497,9 +1498,9 @@ erlang_server_openssl_client_sni_test_sni_fun(Config, SNIHostname, ExpectedSNIHo
     Exe = "openssl",
     ClientArgs = case SNIHostname of
 		     undefined ->
-			 openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname,Port);
+			 openssl_client_args(Version, Hostname,Port);
 		     _ ->
-			 openssl_client_args(ssl_test_lib:supports_ssl_tls_version(sslv2), Hostname, Port, SNIHostname)
+			 openssl_client_args(Version, Hostname, Port, SNIHostname)
 		 end,       
 
     ClientPort = ssl_test_lib:portable_open_port(Exe, ClientArgs), 
@@ -1910,13 +1911,19 @@ send_wait_send(Socket, [ErlData, OpenSslData]) ->
     
 check_openssl_sni_support(Config) ->
     HelpText = os:cmd("openssl s_client --help"),
-    case string:str(HelpText, "-servername") of
-        0 ->
-            {skip, "Current openssl doesn't support SNI"};
-        _ ->
-            Config
+    case ssl_test_lib:is_sane_oppenssl_client() of
+        true ->
+            case string:str(HelpText, "-servername") of
+                0 ->
+                    {skip, "Current openssl doesn't support SNI"};
+                _ ->
+                    Config
+            end;
+        false ->
+            {skip, "Current openssl doesn't support SNI or extension handling is flawed"}
     end.
 
+            
 check_openssl_npn_support(Config) ->
     HelpText = os:cmd("openssl s_client --help"),
     case string:str(HelpText, "nextprotoneg") of
@@ -1982,17 +1989,13 @@ workaround_openssl_s_clinent() ->
 	    []
     end.
 
-openssl_client_args(false, Hostname, Port) ->
-    ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port)];
-openssl_client_args(true, Hostname, Port) ->
-    ["s_client",  "-no_ssl2", "-connect", Hostname ++ ":" ++ integer_to_list(Port)].
+openssl_client_args(Version, Hostname, Port) ->
+    ["s_client", "-connect", Hostname ++ ":" ++ integer_to_list(Port), ssl_test_lib:version_flag(Version)].
 
-openssl_client_args(false, Hostname, Port, ServerName) ->
+openssl_client_args(Version, Hostname, Port, ServerName) ->
     ["s_client",  "-connect", Hostname ++ ":" ++ 
-	 integer_to_list(Port), "-servername", ServerName];
-openssl_client_args(true, Hostname, Port, ServerName) ->
-    ["s_client",  "-no_ssl2", "-connect", Hostname ++ ":" ++ 
-	 integer_to_list(Port), "-servername", ServerName].
+	 integer_to_list(Port), ssl_test_lib:version_flag(Version), "-servername", ServerName].
+
 
 hostname_format(Hostname) ->
     case lists:member($., Hostname) of
@@ -2002,22 +2005,12 @@ hostname_format(Hostname) ->
             "localhost"   
     end.
 
-no_low_flag("-no_ssl2" = Flag) ->
-    case ssl_test_lib:supports_ssl_tls_version(sslv2) of
-        true ->
-            Flag;
-        false ->
-            ""
-    end;
-no_low_flag(Flag) ->
-    Flag.
-
 
 openssl_has_common_ciphers(Ciphers) ->
     OCiphers = ssl_test_lib:common_ciphers(openssl),
     has_common_ciphers(Ciphers, OCiphers).
 
-has_common_ciphers([], OCiphers) ->
+has_common_ciphers([], _) ->
     false;
 has_common_ciphers([Cipher | Rest], OCiphers) ->
     case lists:member(Cipher, OCiphers) of