7 files changed, 119 insertions, 15 deletions
diff --git a/lib/ssl/test/Makefile b/lib/ssl/test/Makefile
index cb919baf4e..244eb5ce0a 100644
--- a/lib/ssl/test/Makefile
+++ b/lib/ssl/test/Makefile
@@ -57,6 +57,7 @@ ERL_FILES = $(MODULES:%=%.erl)
 HRL_FILES =
 
 HRL_FILES_SRC = \
+	ssl_api.hrl\
 	ssl_internal.hrl\
 	ssl_alert.hrl \
 	tls_handshake.hrl \
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index b8849d5cbd..1006b23a30 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2013. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2014. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -27,6 +27,7 @@
 -include_lib("common_test/include/ct.hrl").
 -include_lib("public_key/include/public_key.hrl").
 
+-include("ssl_api.hrl").
 -include("ssl_internal.hrl").
 -include("ssl_alert.hrl").
 -include("ssl_internal.hrl").
@@ -129,7 +130,8 @@ api_tests() ->
      listen_socket,
      ssl_accept_timeout,
      ssl_recv_timeout,
-     versions_option
+     versions_option,
+     server_name_indication_option
     ].
 
 session_tests() ->
@@ -142,6 +144,7 @@ session_tests() ->
 renegotiate_tests() ->
     [client_renegotiate,
      server_renegotiate,
+     client_secure_renegotiate,
      client_renegotiate_reused_session,
      server_renegotiate_reused_session,
      client_no_wrap_sequence_number,
@@ -1977,6 +1980,37 @@ client_renegotiate(Config) when is_list(Config) ->
     ssl_test_lib:close(Client).
 
 %%--------------------------------------------------------------------
+client_secure_renegotiate() ->
+    [{doc,"Test ssl:renegotiate/1 on client."}].
+client_secure_renegotiate(Config) when is_list(Config) ->
+    ServerOpts = ?config(server_opts, Config),
+    ClientOpts = ?config(client_opts, Config),
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Data = "From erlang to erlang",
+
+    Server =
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+				   {from, self()},
+				   {mfa, {?MODULE, erlang_ssl_receive, [Data]}},
+				   {options, [{secure_renegotiate, true} | ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+					{host, Hostname},
+					{from, self()},
+					{mfa, {?MODULE,
+					       renegotiate, [Data]}},
+					{options, [{reuse_sessions, false},
+						   {secure_renegotiate, true}| ClientOpts]}]),
+    
+    ssl_test_lib:check_result(Client, ok, Server, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
+
+
+%%--------------------------------------------------------------------
 server_renegotiate() ->
     [{doc,"Test ssl:renegotiate/1 on server."}].
 server_renegotiate(Config) when is_list(Config) ->
@@ -2489,7 +2523,10 @@ ssl_accept_timeout(Config) ->
 	    ssl_test_lib:check_result(Server, {error, timeout}),
 	    receive
 		{'EXIT', Server, _} ->
-		    [] = supervisor:which_children(ssl_connection_sup)
+		    %% Make sure supervisor had time to react on process exit
+		    %% Could we come up with a better solution to this?
+		    ct:sleep(500), 
+		    [] = supervisor:which_children(tls_connection_sup)
 	    end
     end.
 
@@ -2645,7 +2682,7 @@ tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
     {status, _, _, StatusInfo} = sys:get_status(Pid),
     [_, _,_, _, Prop] = StatusInfo,
     State = ssl_test_lib:state(Prop),
-    Socket = element(10, State),
+    Socket = element(11, State),
 
     %% Fake tcp error
     Pid ! {tcp_error, Socket, etimedout},
@@ -2800,6 +2837,47 @@ versions_option(Config) when is_list(Config) ->
     end,	    
    
     ssl_test_lib:check_result(ErrClient, {error, {tls_alert, "protocol version"}}).
+
+
+%%--------------------------------------------------------------------
+
+server_name_indication_option() ->
+    [{doc,"Test API server_name_indication option to connect."}].
+server_name_indication_option(Config) when is_list(Config) ->
+    ClientOpts = ?config(client_opts, Config),
+    ServerOpts = ?config(server_opts, Config),  
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+					{from, self()}, 
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+    
+    Client0 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+					 {host, Hostname},
+					 {from, self()}, 
+					 {mfa, {ssl_test_lib, send_recv_result_active, []}},
+					 {options,  
+					  [{server_name_indication, disable} | 
+					   ClientOpts]}
+					]),
+    
+    ssl_test_lib:check_result(Server, ok, Client0, ok),
+    Server ! listen,				       
+    
+    Client1 = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+					 {host, Hostname},
+					 {from, self()}, 
+					 {mfa, {ssl_test_lib, send_recv_result_active, []}},
+					 {options,
+					  [{server_name_indication, Hostname} | ClientOpts]
+					 }]),    
+    ssl_test_lib:check_result(Server, ok, Client1, ok),
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client0),
+    ssl_test_lib:close(Client1).
+
 %%--------------------------------------------------------------------
 %% Internal functions ------------------------------------------------
 %%--------------------------------------------------------------------
diff --git a/lib/ssl/test/ssl_certificate_verify_SUITE.erl b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
index f76c55f670..14047c6e9c 100644
--- a/lib/ssl/test/ssl_certificate_verify_SUITE.erl
+++ b/lib/ssl/test/ssl_certificate_verify_SUITE.erl
@@ -250,10 +250,15 @@ server_require_peer_cert_fail(Config) when is_list(Config) ->
 					      {host, Hostname},
 					      {from, self()},
 					      {options, [{active, false} | BadClientOpts]}]),
-
-    ssl_test_lib:check_result(Server, {error, {tls_alert, "handshake failure"}},
-			      Client, {error, {tls_alert, "handshake failure"}}).
-
+    receive
+	{Server, {error, {tls_alert, "handshake failure"}}} ->
+	    receive
+		{Client, {error, {tls_alert, "handshake failure"}}} ->
+		    ok;
+		{Client, {error, closed}} ->
+		    ok
+	    end
+    end.
 
 %%--------------------------------------------------------------------
 verify_fun_always_run_client() ->
@@ -827,9 +832,16 @@ unknown_server_ca_fail(Config) when is_list(Config) ->
 					       [{verify, verify_peer},
 						{verify_fun, FunAndState}
 						| ClientOpts]}]),
+    receive
+	{Server, {error, {tls_alert, "unknown ca"}}} ->
+	    receive
+		{Client, {error, {tls_alert, "unknown ca"}}} ->
+		    ok;
+		{Client, {error, closed}} ->
+		    ok
+	    end
+    end.
 
-    ssl_test_lib:check_result(Server, {error, {tls_alert, "unknown ca"}},
-			      Client, {error, {tls_alert, "unknown ca"}}).
 
 %%--------------------------------------------------------------------
 unknown_server_ca_accept_verify_none() ->
diff --git a/lib/ssl/test/ssl_dist_SUITE.erl b/lib/ssl/test/ssl_dist_SUITE.erl
index 7bfd678f4b..d3b523ca8c 100644
--- a/lib/ssl/test/ssl_dist_SUITE.erl
+++ b/lib/ssl/test/ssl_dist_SUITE.erl
@@ -95,7 +95,7 @@ common_init(Case, Config) ->
 
 end_per_testcase(Case, Config) when is_list(Config) ->
     Flags = proplists:get_value(old_flags, Config),
-    os:putenv("ERL_FLAGS", Flags),
+    catch os:putenv("ERL_FLAGS", Flags),
     common_end(Case, Config).
 
 common_end(_, Config) ->
diff --git a/lib/ssl/test/ssl_handshake_SUITE.erl b/lib/ssl/test/ssl_handshake_SUITE.erl
index 9695710230..7e8e8d2611 100644
--- a/lib/ssl/test/ssl_handshake_SUITE.erl
+++ b/lib/ssl/test/ssl_handshake_SUITE.erl
@@ -34,7 +34,8 @@ suite() -> [{ct_hooks,[ts_install_cth]}].
 
 all() -> [decode_hello_handshake,
 	  decode_single_hello_extension_correctly,
-	  decode_unknown_hello_extension_correctly].
+	  decode_unknown_hello_extension_correctly,
+	  encode_single_hello_sni_extension_correctly].
 
 %%--------------------------------------------------------------------
 %% Test Cases --------------------------------------------------------
@@ -73,3 +74,12 @@ decode_unknown_hello_extension_correctly(_Config) ->
     Extensions = ssl_handshake:decode_hello_extensions(<<FourByteUnknown/binary, Renegotiation/binary>>),
      #renegotiation_info{renegotiated_connection = <<0>>}
 	= Extensions#hello_extensions.renegotiation_info.
+
+encode_single_hello_sni_extension_correctly(_Config) ->
+    Exts = #hello_extensions{sni = #sni{hostname = "test.com"}},
+    SNI = <<16#00, 16#00, 16#00, 16#0d, 16#00, 16#0b, 16#00, 16#00, 16#08,
+	    $t,    $e,    $s,    $t,    $.,    $c,    $o,    $m>>,
+    ExtSize = byte_size(SNI),
+    HelloExt = <<ExtSize:16/unsigned-big-integer, SNI/binary>>,
+    Encoded = ssl_handshake:encode_hello_extensions(Exts),
+    HelloExt = Encoded.
diff --git a/lib/ssl/test/ssl_npn_hello_SUITE.erl b/lib/ssl/test/ssl_npn_hello_SUITE.erl
index 27e1090114..68ff9172e9 100644
--- a/lib/ssl/test/ssl_npn_hello_SUITE.erl
+++ b/lib/ssl/test/ssl_npn_hello_SUITE.erl
@@ -82,11 +82,11 @@ encode_and_decode_npn_server_hello_test(_Config) ->
 
 %%--------------------------------------------------------------------
 create_server_hello_with_no_advertised_protocols_test(_Config) ->
-    Hello = tls_handshake:server_hello(<<>>, {3, 0}, create_connection_states(), #hello_extensions{}),
+    Hello = ssl_handshake:server_hello(<<>>, {3, 0}, create_connection_states(), #hello_extensions{}),
     undefined = (Hello#server_hello.extensions)#hello_extensions.next_protocol_negotiation.
 %%--------------------------------------------------------------------
 create_server_hello_with_advertised_protocols_test(_Config) ->
-    Hello = tls_handshake:server_hello(<<>>, {3, 0}, create_connection_states(),
+    Hello = ssl_handshake:server_hello(<<>>, {3, 0}, create_connection_states(),
 				       #hello_extensions{next_protocol_negotiation = [<<"spdy/1">>, <<"http/1.0">>, <<"http/1.1">>]}),
     [<<"spdy/1">>, <<"http/1.0">>, <<"http/1.1">>] =
 	(Hello#server_hello.extensions)#hello_extensions.next_protocol_negotiation.
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index b576b8f70d..21f0172dba 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -897,8 +897,11 @@ ssl2_erlang_server_openssl_client(Config) when is_list(Config) ->
     
     OpenSslPort =  open_port({spawn, Cmd}, [stderr_to_stdout]), 
     true = port_command(OpenSslPort, Data),
+    
+    ct:log("Ports ~p~n", [[erlang:port_info(P) || P <- erlang:ports()]]), 
     receive
-	{'EXIT', OpenSslPort, _} ->
+	{'EXIT', OpenSslPort, _} = Exit ->
+	    ct:log("Received: ~p ~n", [Exit]),
 	    ok
 
     end,