4 files changed, 84 insertions, 74 deletions
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 57963fd44b..1be43c56c4 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -364,6 +364,16 @@ init_per_testcase(TestCase, Config) when TestCase == psk_cipher_suites;
     ct:timetrap({seconds, 60}),
     Config;
 
+init_per_testcase(version_option, Config) ->
+    ssl_test_lib:ct_log_supported_protocol_versions(Config),
+    ct:timetrap({seconds, 10}),
+    Config;
+
+init_per_testcase(reuse_session, Config) ->
+    ssl_test_lib:ct_log_supported_protocol_versions(Config),
+    ct:timetrap({seconds, 10}),
+    Config;
+
 init_per_testcase(rizzo, Config) ->
     ssl_test_lib:ct_log_supported_protocol_versions(Config),
     ct:timetrap({seconds, 40}),
@@ -2171,7 +2181,7 @@ anonymous_cipher_suites()->
     [{doc,"Test the anonymous ciphersuites"}].
 anonymous_cipher_suites(Config) when is_list(Config) ->
     Version = ssl_test_lib:protocol_version(Config),
-    Ciphers = ssl_test_lib:anonymous_suites(),
+    Ciphers = ssl_test_lib:anonymous_suites(Version),
     run_suites(Ciphers, Version, Config, anonymous).
 %%-------------------------------------------------------------------
 psk_cipher_suites() ->
@@ -2272,8 +2282,8 @@ default_reject_anonymous(Config) when is_list(Config) ->
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
     ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
-
-    [Cipher | _] = ssl_test_lib:anonymous_suites(),
+    Version = tls_record:highest_protocol_version(tls_record:supported_protocol_versions()),
+    [CipherSuite | _] = ssl_test_lib:anonymous_suites(Version),
 
     Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0},
 					      {from, self()},
@@ -2283,7 +2293,7 @@ default_reject_anonymous(Config) when is_list(Config) ->
 					{host, Hostname},
 			   {from, self()},
 			   {options,
-			    [{ciphers,[Cipher]} |
+			    [{ciphers,[CipherSuite]} |
 			     ClientOpts]}]),
 
     ssl_test_lib:check_result(Server, {error, {tls_alert, "insufficient security"}},
@@ -4437,7 +4447,7 @@ run_suites(Ciphers, Version, Config, Type) ->
 	    anonymous ->
 		%% No certs in opts!
 		{ssl_test_lib:ssl_options(client_verification_opts, Config),
-		 ssl_test_lib:ssl_options(server_anon, Config)};
+		 [{reuseaddr, true}, {ciphers, ssl_test_lib:anonymous_suites(Version)}]};
 	    psk ->
 		{ssl_test_lib:ssl_options(client_psk, Config),
 		 ssl_test_lib:ssl_options(server_psk, Config)};
diff --git a/lib/ssl/test/ssl_crl_SUITE.erl b/lib/ssl/test/ssl_crl_SUITE.erl
index bc2822f0c4..e293d183f7 100644
--- a/lib/ssl/test/ssl_crl_SUITE.erl
+++ b/lib/ssl/test/ssl_crl_SUITE.erl
@@ -99,32 +99,37 @@ init_per_group(check_peer, Config) ->
 init_per_group(check_best_effort, Config) ->
     [{crl_check, best_effort} | Config];
 init_per_group(Group, Config0) ->
-    case is_idp(Group) of
-	true ->
-	    [{idp_crl, true} | Config0];
-	false ->
-	    DataDir = proplists:get_value(data_dir, Config0), 
-	    CertDir = filename:join(proplists:get_value(priv_dir, Config0), Group),
-	    {CertOpts, Config} = init_certs(CertDir, Group, Config0),
-	    {ok, _} =  make_certs:all(DataDir, CertDir, CertOpts),
-	    case Group of
-		crl_hash_dir ->
-		    CrlDir = filename:join(CertDir, "crls"),
-		    %% Copy CRLs to their hashed filenames.
-		    %% Find the hashes with 'openssl crl -noout -hash -in crl.pem'.
-		    populate_crl_hash_dir(CertDir, CrlDir,
-					  [{"erlangCA", "d6134ed3"},
-					   {"otpCA", "d4c8d7e5"}],
-					  replace),
-		    CrlCacheOpts = [{crl_cache,
-				     {ssl_crl_hash_dir,
-				      {internal, [{dir, CrlDir}]}}}];
-		_ ->
-		    CrlCacheOpts = []
-	    end,
-	    [{crl_cache_opts, CrlCacheOpts},
-	     {cert_dir, CertDir},
-	     {idp_crl, false} | Config]
+    try 
+	case is_idp(Group) of
+	    true ->
+		[{idp_crl, true} | Config0];
+	    false ->
+		DataDir = proplists:get_value(data_dir, Config0), 
+		CertDir = filename:join(proplists:get_value(priv_dir, Config0), Group),
+		{CertOpts, Config} = init_certs(CertDir, Group, Config0),
+		{ok, _} =  make_certs:all(DataDir, CertDir, CertOpts),
+		CrlCacheOpts = case Group of
+				   crl_hash_dir ->
+				       CrlDir = filename:join(CertDir, "crls"),
+				       %% Copy CRLs to their hashed filenames.
+				       %% Find the hashes with 'openssl crl -noout -hash -in crl.pem'.
+				       populate_crl_hash_dir(CertDir, CrlDir,
+							     [{"erlangCA", "d6134ed3"},
+							      {"otpCA", "d4c8d7e5"}],
+							     replace),
+				       [{crl_cache,
+					 {ssl_crl_hash_dir,
+					  {internal, [{dir, CrlDir}]}}}];
+				   _ ->
+				       []
+			       end,
+		[{crl_cache_opts, CrlCacheOpts},
+		 {cert_dir, CertDir},
+		 {idp_crl, false} | Config]
+	end
+    catch
+	_:_ ->
+	    {skip, "Unable to create crls"}
     end.
 
 end_per_group(_GroupName, Config) ->
@@ -187,7 +192,7 @@ crl_verify_valid(Config) when is_list(Config) ->
 			   {crl_cache, {ssl_crl_cache, {internal, [{http, 5000}]}}},
 			   {verify, verify_peer}];
 		      false ->
-			  ?config(crl_cache_opts, Config) ++
+			  proplists:get_value(crl_cache_opts, Config) ++
 			      [{cacertfile, filename:join([PrivDir, "server", "cacerts.pem"])},
 			       {crl_check, Check},
 			       {verify, verify_peer}]
@@ -220,7 +225,7 @@ crl_verify_revoked(Config)  when is_list(Config) ->
 			   {crl_check, Check},
 			   {verify, verify_peer}];
 		      false ->
-			  ?config(crl_cache_opts, Config) ++
+			  proplists:get_value(crl_cache_opts, Config) ++
 			      [{cacertfile, filename:join([PrivDir, "revoked", "cacerts.pem"])},
 			       {crl_check, Check},
 			       {verify, verify_peer}]
@@ -279,8 +284,8 @@ crl_verify_no_crl(Config) when is_list(Config) ->
 crl_hash_dir_collision() ->
     [{doc,"Verify ssl_crl_hash_dir behaviour with hash collisions"}].
 crl_hash_dir_collision(Config) when is_list(Config) ->
-    PrivDir = ?config(cert_dir, Config),
-    Check = ?config(crl_check, Config),
+    PrivDir = proplists:get_value(cert_dir, Config),
+    Check = proplists:get_value(crl_check, Config),
 
     %% Create two CAs whose names hash to the same value
     CA1 = "hash-collision-0000000000",
@@ -307,13 +312,17 @@ crl_hash_dir_collision(Config) when is_list(Config) ->
 			   {CA2, "b68fc624"}],
 			 replace),
 
-    ClientOpts = ?config(crl_cache_opts, Config) ++
-	[{cacertfile, filename:join([PrivDir, "erlangCA", "cacerts.pem"])},
+    NewCA = new_ca(filename:join([PrivDir, "new_ca"]),
+		   filename:join([PrivDir, "erlangCA", "cacerts.pem"]),
+		   filename:join([PrivDir, "server", "cacerts.pem"])),
+    
+    ClientOpts = proplists:get_value(crl_cache_opts, Config) ++
+	[{cacertfile, NewCA},
 	 {crl_check, Check},
 	 {verify, verify_peer}],
-
+    
     {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
-
+    
     %% Neither certificate revoked; both succeed.
     crl_verify_valid(Hostname, ServerNode, ServerOpts1, ClientNode, ClientOpts),
     crl_verify_valid(Hostname, ServerNode, ServerOpts2, ClientNode, ClientOpts),
@@ -346,8 +355,8 @@ crl_hash_dir_collision(Config) when is_list(Config) ->
 crl_hash_dir_expired() ->
     [{doc,"Verify ssl_crl_hash_dir behaviour with expired CRLs"}].
 crl_hash_dir_expired(Config) when is_list(Config) ->
-    PrivDir = ?config(cert_dir, Config),
-    Check = ?config(crl_check, Config),
+    PrivDir = proplists:get_value(cert_dir, Config),
+    Check = proplists:get_value(crl_check, Config),
 
     CA = "CRL-maybe-expired-CA",
     %% Add "issuing distribution point", to ensure that verification
@@ -362,7 +371,7 @@ crl_hash_dir_expired(Config) when is_list(Config) ->
     ServerOpts =  [{keyfile, filename:join([PrivDir, EndUser, "key.pem"])},
 		   {certfile, filename:join([PrivDir, EndUser, "cert.pem"])},
 		   {cacertfile, filename:join([PrivDir, EndUser, "cacerts.pem"])}],
-    ClientOpts = ?config(crl_cache_opts, Config) ++
+    ClientOpts = proplists:get_value(crl_cache_opts, Config) ++
 	[{cacertfile, filename:join([PrivDir, CA, "cacerts.pem"])},
 	 {crl_check, Check},
 	 {verify, verify_peer}],
@@ -492,3 +501,12 @@ find_free_name(CrlDir, Hash, N) ->
 	false ->
 	    Name
     end.
+
+new_ca(FileName, CA1, CA2) ->
+    {ok, P1} = file:read_file(CA1),
+    E1 = public_key:pem_decode(P1),
+    {ok, P2} = file:read_file(CA2),
+    E2 = public_key:pem_decode(P2),
+    Pem = public_key:pem_encode(E1 ++E2),
+    file:write_file(FileName,  Pem),
+    FileName.
diff --git a/lib/ssl/test/ssl_packet_SUITE.erl b/lib/ssl/test/ssl_packet_SUITE.erl
index 81a49776e4..942e68967a 100644
--- a/lib/ssl/test/ssl_packet_SUITE.erl
+++ b/lib/ssl/test/ssl_packet_SUITE.erl
@@ -2011,26 +2011,19 @@ active_once_raw(Socket, Data, N) ->
 
 active_once_raw(_, _, 0, _) ->
     ok;
-active_once_raw(Socket, Data, N, Acc) ->
-    receive 
-	{ssl, Socket, Byte} when length(Byte) == 1 ->
-	    ssl:setopts(Socket, [{active, once}]),
+active_once_raw(Socket, Data, N, Acc0) ->
+    case lists:prefix(Data, Acc0) of
+	true ->
+	    DLen = length(Data),   
+	    Start = DLen + 1,
+	    Len = length(Acc0) - DLen,    
+	    Acc = string:substr(Acc0, Start, Len),   
+	    active_once_raw(Socket, Data, N-1, Acc);
+	false ->	    
 	    receive 
-		{ssl, Socket, _} ->
-		    ssl:setopts(Socket, [{active, once}]),
-		    active_once_raw(Socket, Data, N-1, [])
-	    end;
-	{ssl, Socket, Data} ->
-	    ssl:setopts(Socket, [{active, once}]),
-	    active_once_raw(Socket, Data, N-1, []);
-	{ssl, Socket, Other} ->
-	    case Acc ++ Other of
-		Data ->
-		    ssl:setopts(Socket, [{active, once}]),
-		    active_once_raw(Socket, Data, N-1, []);
-		NewAcc ->
+		{ssl, Socket, Info}  ->
 		    ssl:setopts(Socket, [{active, once}]),
-		    active_once_raw(Socket, Data, N, NewAcc)
+		    active_once_raw(Socket, Data, N, Acc0 ++ Info)
 	    end
     end.
 
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 81f16030f7..cab22a60a8 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -398,7 +398,7 @@ cert_options(Config) ->
 				{ssl_imp, new}]},
      {server_opts, [{ssl_imp, new},{reuseaddr, true}, {cacertfile, ServerCaCertFile}, 
 		    {certfile, ServerCertFile}, {keyfile, ServerKeyFile}]},
-     {server_anon, [{ssl_imp, new},{reuseaddr, true}, {ciphers, anonymous_suites()}]},
+     %%{server_anon, [{ssl_imp, new},{reuseaddr, true}, {ciphers, anonymous_suites()}]},
      {client_psk, [{ssl_imp, new},{reuseaddr, true},
 		   {psk_identity, "Test-User"},
 		   {user_lookup_fun, {fun user_lookup/3, PskSharedSecret}}]},
@@ -908,19 +908,8 @@ string_regex_filter(Str, Search) when is_list(Str) ->
 string_regex_filter(_Str, _Search) ->
     false.
 
-anonymous_suites() ->
-    Suites =
-	[{dh_anon, rc4_128, md5},
-	 {dh_anon, des_cbc, sha},
-	 {dh_anon, '3des_ede_cbc', sha},
-	 {dh_anon, aes_128_cbc, sha},
-	 {dh_anon, aes_256_cbc, sha},
-	 {dh_anon, aes_128_gcm, null, sha256},
-	 {dh_anon, aes_256_gcm, null, sha384},
-	 {ecdh_anon,rc4_128,sha},
-	 {ecdh_anon,'3des_ede_cbc',sha},
-	 {ecdh_anon,aes_128_cbc,sha},
-	 {ecdh_anon,aes_256_cbc,sha}],
+anonymous_suites(Version) ->
+    Suites = ssl_cipher:anonymous_suites(Version),
     ssl_cipher:filter_suites(Suites).
 
 psk_suites() ->