10 files changed, 131 insertions, 94 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index e8cfbbe2e3..b6aafc3fa4 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -48,7 +48,7 @@
 	 select_sni_extension/1]).
 
 %% Alert and close handling
--export([encode_alert/3,send_alert/2, close/5]).
+-export([encode_alert/3,send_alert/2, close/5, protocol_name/0]).
 
 %% Data handling
 
@@ -208,6 +208,9 @@ setopts(Transport, Socket, Other) ->
 getopts(Transport, Socket, Tag) ->
     dtls_socket:getopts(Transport, Socket, Tag).
 
+protocol_name() ->
+    "DTLS".
+        
 %%====================================================================
 %% tls_connection_sup API
 %%====================================================================
diff --git a/lib/ssl/src/ssl_alert.erl b/lib/ssl/src/ssl_alert.erl
index 696a55e4b9..b923785e17 100644
--- a/lib/ssl/src/ssl_alert.erl
+++ b/lib/ssl/src/ssl_alert.erl
@@ -57,16 +57,16 @@ decode(Bin) ->
 reason_code(#alert{description = ?CLOSE_NOTIFY}, _) ->
     closed;
 reason_code(#alert{description = Description}, _) ->
-    {tls_alert, description_txt(Description)}.
+    {tls_alert, string:to_lower(description_txt(Description))}.
 
 %%--------------------------------------------------------------------
 -spec alert_txt(#alert{}) -> string().
 %%
 %% Description: Returns the error string for given alert.
 %%--------------------------------------------------------------------
-alert_txt(#alert{level = Level, description = Description, where = {Mod,Line}, reason = undefined}) ->
-    Mod ++ ":" ++ integer_to_list(Line) ++ ":" ++ 
-        level_txt(Level) ++" "++ description_txt(Description);
+alert_txt(#alert{level = Level, description = Description, where = {Mod,Line}, reason = undefined, role = Role}) ->
+    "at " ++ Mod ++ ":" ++ integer_to_list(Line) ++ " " ++ string:to_upper(atom_to_list(Role)) ++ " ALERT: " ++
+        level_txt(Level) ++ description_txt(Description);
 alert_txt(#alert{reason = Reason} = Alert) ->
     BaseTxt = alert_txt(Alert#alert{reason = undefined}),
     FormatDepth = 9, % Some limit on printed representation of an error
@@ -93,73 +93,73 @@ decode(<<>>, Acc, _) ->
     lists:reverse(Acc, []).
 
 level_txt(?WARNING) ->
-    "Warning:";
+    "Warning - ";
 level_txt(?FATAL) ->
-    "Fatal error:".
+    "Fatal - ".
 
 description_txt(?CLOSE_NOTIFY) ->
-    "close notify";
+    "Close Notify";
 description_txt(?UNEXPECTED_MESSAGE) ->
-    "unexpected message";
+    "Unexpected Message";
 description_txt(?BAD_RECORD_MAC) ->
-    "bad record mac";
+    "Bad Record MAC";
 description_txt(?DECRYPTION_FAILED) ->
-    "decryption failed";
+    "Decryption Failed";
 description_txt(?RECORD_OVERFLOW) ->
-    "record overflow";
+    "Record Overflow";
 description_txt(?DECOMPRESSION_FAILURE) ->
-    "decompression failure";
+    "Decompression Failure";
 description_txt(?HANDSHAKE_FAILURE) ->
-    "handshake failure";
+    "Handshake Failure";
 description_txt(?NO_CERTIFICATE_RESERVED) ->
-    "No certificate reserved";
+    "No Certificate Reserved";
 description_txt(?BAD_CERTIFICATE) ->
-    "bad certificate";
+    "Bad Certificate";
 description_txt(?UNSUPPORTED_CERTIFICATE) ->
-    "unsupported certificate";
+    "Unsupported Certificate";
 description_txt(?CERTIFICATE_REVOKED) ->
-    "certificate revoked";
+    "Certificate Revoked";
 description_txt(?CERTIFICATE_EXPIRED) ->
-    "certificate expired";
+    "Certificate Expired";
 description_txt(?CERTIFICATE_UNKNOWN) ->
-    "certificate unknown";
+    "Certificate Unknown";
 description_txt(?ILLEGAL_PARAMETER) ->
-    "illegal parameter";
+    "Illegal Parameter";
 description_txt(?UNKNOWN_CA) ->
-    "unknown ca";
+    "Unknown CA";
 description_txt(?ACCESS_DENIED) ->
-    "access denied";
+    "Access Denied";
 description_txt(?DECODE_ERROR) ->
-    "decode error";
+    "Decode Error";
 description_txt(?DECRYPT_ERROR) ->
-    "decrypt error";
+    "Decrypt Error";
 description_txt(?EXPORT_RESTRICTION) ->
-    "export restriction";
+    "Export Restriction";
 description_txt(?PROTOCOL_VERSION) ->
-    "protocol version";
+    "Protocol Version";
 description_txt(?INSUFFICIENT_SECURITY) ->
-    "insufficient security";
+    "Insufficient Security";
 description_txt(?INTERNAL_ERROR) ->
-    "internal error";
+    "Internal Error";
 description_txt(?USER_CANCELED) ->
-    "user canceled";
+    "User Canceled";
 description_txt(?NO_RENEGOTIATION) ->
-    "no renegotiation";
+    "No Renegotiation";
 description_txt(?UNSUPPORTED_EXTENSION) ->
-    "unsupported extension";
+    "Unsupported Extension";
 description_txt(?CERTIFICATE_UNOBTAINABLE) ->
-    "certificate unobtainable";
+    "Certificate Unobtainable";
 description_txt(?UNRECOGNISED_NAME) ->
-    "unrecognised name";
+    "Unrecognised Name";
 description_txt(?BAD_CERTIFICATE_STATUS_RESPONSE) ->
-    "bad certificate status response";
+    "Bad Certificate Status Response";
 description_txt(?BAD_CERTIFICATE_HASH_VALUE) ->
-    "bad certificate hash value";
+    "Bad Certificate Hash Value";
 description_txt(?UNKNOWN_PSK_IDENTITY) ->
-    "unknown psk identity";
+    "Unknown Psk Identity";
 description_txt(?INAPPROPRIATE_FALLBACK) ->
-    "inappropriate fallback";
+    "Inappropriate Fallback";
 description_txt(?NO_APPLICATION_PROTOCOL) ->
-    "no application protocol";
+    "No application protocol";
 description_txt(Enum) ->
     lists:flatten(io_lib:format("unsupported/unknown alert: ~p", [Enum])).
diff --git a/lib/ssl/src/ssl_alert.hrl b/lib/ssl/src/ssl_alert.hrl
index f3743ba0f0..1aabb6c55a 100644
--- a/lib/ssl/src/ssl_alert.hrl
+++ b/lib/ssl/src/ssl_alert.hrl
@@ -118,6 +118,7 @@
 	  level,
 	  description,
           where = {?FILE, ?LINE},
+          role,
           reason
 	 }).
 -endif. % -ifdef(ssl_alert).
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index fb87662c7b..0163d08f2a 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1143,7 +1143,7 @@ handle_alert(#alert{level = ?FATAL} = Alert, StateName,
 		    port = Port, session = Session, user_application = {_Mon, Pid},
 		    role = Role, socket_options = Opts, tracker = Tracker}) ->
     invalidate_session(Role, Host, Port, Session),
-    log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
+    log_alert(SslOpts#ssl_options.log_alert,  Connection:protocol_name(), StateName, Alert#alert{role = opposite_role(Role)}),
     alert_user(Transport, Tracker, Socket, StateName, Opts, Pid, From, Alert, Role, Connection),
     {stop, normal};
 
@@ -1153,15 +1153,16 @@ handle_alert(#alert{level = ?WARNING, description = ?CLOSE_NOTIFY} = Alert,
     {stop, {shutdown, peer_close}};
 
 handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName, 
-	     #state{ssl_options = SslOpts, renegotiation = {true, internal}} = State) ->
-    log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
+	     #state{role = Role, ssl_options = SslOpts, protocol_cb = Connection, renegotiation = {true, internal}} = State) ->
+    log_alert(SslOpts#ssl_options.log_alert, Connection:protocol_name(), StateName, Alert#alert{role = opposite_role(Role)}),
     handle_normal_shutdown(Alert, StateName, State),
     {stop, {shutdown, peer_close}};
 
 handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName, 
-	     #state{ssl_options = SslOpts, renegotiation = {true, From},
+	     #state{role = Role,
+                    ssl_options = SslOpts, renegotiation = {true, From},
 		    protocol_cb = Connection} = State0) ->
-    log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
+    log_alert(SslOpts#ssl_options.log_alert,  Connection:protocol_name(), StateName, Alert#alert{role = opposite_role(Role)}),
     gen_statem:reply(From, {error, renegotiation_rejected}),
     {Record, State} = Connection:next_record(State0),
     %% Go back to connection!
@@ -1169,8 +1170,8 @@ handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert,
 
 %% Gracefully log and ignore all other warning alerts
 handle_alert(#alert{level = ?WARNING} = Alert, StateName,
-	     #state{ssl_options = SslOpts, protocol_cb = Connection} = State0) ->
-    log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
+	     #state{ssl_options = SslOpts, protocol_cb = Connection, role = Role} = State0) ->
+    log_alert(SslOpts#ssl_options.log_alert,  Connection:protocol_name(), StateName, Alert#alert{role = opposite_role(Role)}),
     {Record, State} = Connection:next_record(State0),
     Connection:next_event(StateName, Record, State).
 
@@ -2370,18 +2371,19 @@ alert_user(Transport, Tracker, Socket, Active, Pid, From, Alert, Role, Connectio
 							Transport, Socket, Connection, Tracker), ReasonCode})
     end.
 
-log_alert(true, Info, Alert) ->
+log_alert(true, ProtocolName, StateName, Alert) ->
     Txt = ssl_alert:alert_txt(Alert),
-    error_logger:format("SSL: ~p: ~s\n", [Info, Txt]);
-log_alert(false, _, _) ->
+    error_logger:format("~s: In state ~p ~s\n", [ProtocolName, StateName, Txt]);
+log_alert(false, _, _, _) ->
     ok.
 
 handle_own_alert(Alert, Version, StateName, 
-		 #state{transport_cb = Transport,
-			socket = Socket,
-			protocol_cb = Connection,
-			connection_states = ConnectionStates,
-			ssl_options = SslOpts} = State) ->
+		 #state{role = Role,
+                        transport_cb = Transport,
+                        socket = Socket,
+                        protocol_cb = Connection,
+                        connection_states = ConnectionStates,
+                        ssl_options = SslOpts} = State) ->
     try %% Try to tell the other side
 	{BinMsg, _} =
 	Connection:encode_alert(Alert, Version, ConnectionStates),
@@ -2390,7 +2392,7 @@ handle_own_alert(Alert, Version, StateName,
 	    ignore
     end,
     try %% Try to tell the local user
-	log_alert(SslOpts#ssl_options.log_alert, StateName, Alert),
+	log_alert(SslOpts#ssl_options.log_alert, Connection:protocol_name(), StateName, Alert#alert{role = Role}),
 	handle_normal_shutdown(Alert,StateName, State)
     catch _:_ ->
 	    ok
diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index 3cf466e78f..b1661624b5 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -415,9 +415,11 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,
 		path_validation_alert(Reason)
 	end
     catch
-	error:_ ->
+	error:{badmatch,{asn1, Asn1Reason}} ->
 	    %% ASN-1 decode of certificate somehow failed
-            ?ALERT_REC(?FATAL, ?CERTIFICATE_UNKNOWN, failed_to_decode_certificate)
+            ?ALERT_REC(?FATAL, ?CERTIFICATE_UNKNOWN, {failed_to_decode_certificate, Asn1Reason});
+        error:OtherReason ->
+            ?ALERT_REC(?FATAL, ?INTERNAL_ERROR, {unexpected_error, OtherReason})
     end.
 
 %%--------------------------------------------------------------------
@@ -1611,8 +1613,11 @@ path_validation_alert({bad_cert, unknown_critical_extension}) ->
     ?ALERT_REC(?FATAL, ?UNSUPPORTED_CERTIFICATE);
 path_validation_alert({bad_cert, {revoked, _}}) ->
     ?ALERT_REC(?FATAL, ?CERTIFICATE_REVOKED);
-path_validation_alert({bad_cert, revocation_status_undetermined}) ->
-    ?ALERT_REC(?FATAL, ?BAD_CERTIFICATE);
+%%path_validation_alert({bad_cert, revocation_status_undetermined}) ->
+%%   ?ALERT_REC(?FATAL, ?BAD_CERTIFICATE);
+path_validation_alert({bad_cert, {revocation_status_undetermined, Details}}) ->
+    Alert = ?ALERT_REC(?FATAL, ?BAD_CERTIFICATE),
+    Alert#alert{reason = Details};
 path_validation_alert({bad_cert, selfsigned_peer}) ->
     ?ALERT_REC(?FATAL, ?BAD_CERTIFICATE);
 path_validation_alert({bad_cert, unknown_ca}) ->
@@ -2189,7 +2194,8 @@ crl_check(OtpCert, Check, CertDbHandle, CertDbRef, {Callback, CRLDbHandle}, _, C
 				     ssl_crl:trusted_cert_and_path(CRL, Issuer, {CertPath,
                                                                                  DBInfo})
 			     end, {CertDbHandle, CertDbRef}}}, 
-	       {update_crl, fun(DP, CRL) -> Callback:fresh_crl(DP, CRL) end}
+	       {update_crl, fun(DP, CRL) -> Callback:fresh_crl(DP, CRL) end},
+               {undetermined_details, true}
 	      ],
     case dps_and_crls(OtpCert, Callback, CRLDbHandle, ext) of
 	no_dps ->
@@ -2199,7 +2205,7 @@ crl_check(OtpCert, Check, CertDbHandle, CertDbRef, {Callback, CRLDbHandle}, _, C
 	DpsAndCRLs ->  %% This DP list may be empty if relevant CRLs existed 
 	    %% but could not be retrived, will result in {bad_cert, revocation_status_undetermined}
 	    case public_key:pkix_crls_validate(OtpCert, DpsAndCRLs, Options) of
-		{bad_cert, revocation_status_undetermined} ->
+		{bad_cert, {revocation_status_undetermined, _}} ->
 		    crl_check_same_issuer(OtpCert, Check, dps_and_crls(OtpCert, Callback, 
 								       CRLDbHandle, same_issuer), Options);
 		Other ->
@@ -2209,7 +2215,7 @@ crl_check(OtpCert, Check, CertDbHandle, CertDbRef, {Callback, CRLDbHandle}, _, C
 
 crl_check_same_issuer(OtpCert, best_effort, Dps, Options) ->		
     case public_key:pkix_crls_validate(OtpCert, Dps, Options) of 
-	{bad_cert, revocation_status_undetermined}  ->
+	{bad_cert, {revocation_status_undetermined, _}}   ->
 	    valid;
 	Other ->
 	    Other
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 352874c77d..e3ffbea3d3 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -56,7 +56,7 @@
 	 reinit_handshake_data/1,  select_sni_extension/1]).
 
 %% Alert and close handling
--export([send_alert/2, close/5]).
+-export([send_alert/2, close/5, protocol_name/0]).
 
 %% Data handling
 -export([passive_receive/2, next_record_if_active/1, handle_common_event/4, send/3,
@@ -164,6 +164,8 @@ encode_data(Data, Version, ConnectionStates0)->
 encode_alert(#alert{} = Alert, Version, ConnectionStates) ->
     tls_record:encode_alert_record(Alert, Version, ConnectionStates).
 
+protocol_name() ->
+    "TLS".
 %%====================================================================
 %% tls_connection_sup API
 %%====================================================================
@@ -719,7 +721,7 @@ close(downgrade, _,_,_,_) ->
 %% Other
 close(_, Socket, Transport, _,_) -> 
     Transport:close(Socket).
-	       
+
 convert_state(#state{ssl_options = Options} = State, up, "5.3.5", "5.3.6") ->
     State#state{ssl_options = convert_options_partial_chain(Options, up)};
 convert_state(#state{ssl_options = Options} = State, down, "5.3.6", "5.3.5") ->
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 64f9927901..8a4d827456 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -388,22 +388,27 @@ init_per_testcase(reuse_session, Config) ->
 
 init_per_testcase(rizzo, Config) ->
     ssl_test_lib:ct_log_supported_protocol_versions(Config),
-    ct:timetrap({seconds, 40}),
+    ct:timetrap({seconds, 60}),
+    Config;
+
+init_per_testcase(no_rizzo_rc4, Config) ->
+    ssl_test_lib:ct_log_supported_protocol_versions(Config),
+    ct:timetrap({seconds, 60}),
     Config;
 
 init_per_testcase(rizzo_one_n_minus_one, Config) ->
     ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
-    ct:timetrap({seconds, 40}),
+    ct:timetrap({seconds, 60}),
     rizzo_add_mitigation_option(one_n_minus_one, Config);
 
 init_per_testcase(rizzo_zero_n, Config) ->
     ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
-    ct:timetrap({seconds, 40}),
+    ct:timetrap({seconds, 60}),
     rizzo_add_mitigation_option(zero_n, Config);
 
 init_per_testcase(rizzo_disabled, Config) ->
     ct:log("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()]),
-    ct:timetrap({seconds, 40}),
+    ct:timetrap({seconds, 60}),
     rizzo_add_mitigation_option(disabled, Config);
 
 init_per_testcase(prf, Config) ->
diff --git a/lib/ssl/test/ssl_crl_SUITE.erl b/lib/ssl/test/ssl_crl_SUITE.erl
index e293d183f7..668c76e38d 100644
--- a/lib/ssl/test/ssl_crl_SUITE.erl
+++ b/lib/ssl/test/ssl_crl_SUITE.erl
@@ -155,9 +155,15 @@ init_per_testcase(Case, Config0) ->
 	    DataDir = proplists:get_value(data_dir, Config), 
 	    CertDir = filename:join(proplists:get_value(priv_dir, Config0), idp_crl),
 	    {CertOpts, Config} = init_certs(CertDir, idp_crl, Config),
-	    {ok, _} =  make_certs:all(DataDir, CertDir, CertOpts),
-	    ct:timetrap({seconds, 6}),
-	    [{cert_dir, CertDir} | Config];
+	    case make_certs:all(DataDir, CertDir, CertOpts) of
+                {ok, _} ->
+                    ct:timetrap({seconds, 6}),
+                    [{cert_dir, CertDir} | Config];
+                _ ->
+                    end_per_testcase(Case, Config0),
+                    ssl_test_lib:clean_start(),
+                    {skip, "Unable to create IDP crls"}
+            end;
 	false ->
 	    end_per_testcase(Case, Config0),
 	    ssl_test_lib:clean_start(),
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index aa1cb57e5c..e61993598e 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1294,6 +1294,8 @@ check_sane_openssl_version(Version) ->
     case supports_ssl_tls_version(Version) of 
 	true ->
 	    case {Version, os:cmd("openssl version")} of
+                {'sslv3', "OpenSSL 1.0.2" ++ _} ->
+                    false;
 		{_, "OpenSSL 1.0.2" ++ _} ->
 		    true;
 		{_, "OpenSSL 1.0.1" ++ _} ->
@@ -1310,8 +1312,6 @@ check_sane_openssl_version(Version) ->
 		    false;
 		{'dtlsv1.2', "OpenSSL 0" ++ _} ->
 		    false;
-                {'sslv3', "OpenSSL 1.0.2" ++ _} ->
-                    false;
 		{_, _} ->
 		    true
 	    end;
diff --git a/lib/ssl/test/ssl_to_openssl_SUITE.erl b/lib/ssl/test/ssl_to_openssl_SUITE.erl
index 5093ef3728..04c86ccbb6 100644
--- a/lib/ssl/test/ssl_to_openssl_SUITE.erl
+++ b/lib/ssl/test/ssl_to_openssl_SUITE.erl
@@ -338,7 +338,7 @@ basic_erlang_server_openssl_client(Config) when is_list(Config) ->
     ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
     V2Compat = proplists:get_value(v2_hello_compatible, Config), 
 
-    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     
     Data = "From openssl to erlang",
     ct:pal("v2_hello_compatible: ~p", [V2Compat]),
@@ -351,7 +351,8 @@ basic_erlang_server_openssl_client(Config) when is_list(Config) ->
     Port = ssl_test_lib:inet_port(Server),
     
     Exe = "openssl",
-    Args = ["s_client", "-connect", "localhost:" ++ integer_to_list(Port) | workaround_openssl_s_clinent()],
+    Args = ["s_client", "-connect", hostname_format(Hostname) ++
+                ":" ++ integer_to_list(Port) | workaround_openssl_s_clinent()],
     
     OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), 
     true = port_command(OpenSslPort, Data),
@@ -410,7 +411,7 @@ erlang_server_openssl_client(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
 
-    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     
     Data = "From openssl to erlang",
 
@@ -422,7 +423,7 @@ erlang_server_openssl_client(Config) when is_list(Config) ->
     Version = ssl_test_lib:protocol_version(Config),
 
     Exe = "openssl",
-    Args = ["s_client", "-connect", "localhost: " ++ integer_to_list(Port), 
+    Args = ["s_client", "-connect", hostname_format(Hostname) ++":" ++ integer_to_list(Port), 
 	    ssl_test_lib:version_flag(Version)],
 
     OpenSslPort =  ssl_test_lib:portable_open_port(Exe, Args), 
@@ -486,7 +487,7 @@ erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
     ClientOpts = ssl_test_lib:ssl_options(client_dsa_opts, Config),
     ServerOpts = ssl_test_lib:ssl_options(server_dsa_verify_opts, Config),
 
-    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
     Data = "From openssl to erlang",
     CaCertFile =  proplists:get_value(cacertfile, ClientOpts),
@@ -500,7 +501,7 @@ erlang_server_openssl_client_dsa_cert(Config) when is_list(Config) ->
     Port = ssl_test_lib:inet_port(Server),
     Version = ssl_test_lib:protocol_version(Config),
     Exe = "openssl",
-    Args = ["s_client", "-connect", "localhost: " ++ integer_to_list(Port),
+    Args = ["s_client", "-connect", hostname_format(Hostname) ++ ":" ++ integer_to_list(Port),
 	    ssl_test_lib:version_flag(Version),
 	    "-cert", CertFile,
 	    "-CAfile", CaCertFile,
@@ -525,7 +526,7 @@ erlang_server_openssl_client_reuse_session(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
 
-    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     
     Data = "From openssl to erlang",
 
@@ -538,7 +539,8 @@ erlang_server_openssl_client_reuse_session(Config) when is_list(Config) ->
     Version = ssl_test_lib:protocol_version(Config),
     
     Exe = "openssl",
-    Args = ["s_client", "-connect",  "localhost:" ++ integer_to_list(Port),
+    Args = ["s_client", "-connect", hostname_format(Hostname)
+            ++ ":" ++ integer_to_list(Port),
 	    ssl_test_lib:version_flag(Version),
 	    "-reconnect"],
     
@@ -655,7 +657,7 @@ erlang_server_openssl_client_nowrap_seqnum(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
 
-    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     
     Data = "From openssl to erlang",
     
@@ -669,7 +671,7 @@ erlang_server_openssl_client_nowrap_seqnum(Config) when is_list(Config) ->
     Port = ssl_test_lib:inet_port(Server),
     Version = ssl_test_lib:protocol_version(Config),
     Exe = "openssl", 
-    Args = ["s_client","-connect", "localhost: " ++ integer_to_list(Port),
+    Args = ["s_client","-connect", hostname_format(Hostname) ++ ":" ++ integer_to_list(Port),
 	    ssl_test_lib:version_flag(Version),
 	    "-msg"],
     
@@ -779,7 +781,7 @@ erlang_server_openssl_client_client_cert(Config) when is_list(Config) ->
     ServerOpts = ssl_test_lib:ssl_options(server_verification_opts, Config),
     ClientOpts = ssl_test_lib:ssl_options(client_verification_opts, Config),
 
-    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     
     Data = "From openssl to erlang",
 
@@ -799,7 +801,7 @@ erlang_server_openssl_client_client_cert(Config) when is_list(Config) ->
     Exe = "openssl",
     Args = ["s_client", "-cert", CertFile,
 	   "-CAfile", CaCertFile, 
-	   "-key", KeyFile,"-connect", "localhost:" ++ integer_to_list(Port),
+	   "-key", KeyFile,"-connect", hostname_format(Hostname) ++ ":" ++ integer_to_list(Port),
 	   ssl_test_lib:version_flag(Version)],
     OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args), 
 
@@ -982,7 +984,7 @@ ssl2_erlang_server_openssl_client(Config) when is_list(Config) ->
     process_flag(trap_exit, true),
     ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
 
-    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     
     Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, 
 					      {from, self()}, 
@@ -990,7 +992,7 @@ ssl2_erlang_server_openssl_client(Config) when is_list(Config) ->
     Port = ssl_test_lib:inet_port(Server),
     
     Exe = "openssl",
-    Args = ["s_client", "-connect", "localhost:" ++ integer_to_list(Port), 
+    Args = ["s_client", "-connect", hostname_format(Hostname) ++ ":" ++ integer_to_list(Port), 
 	"-ssl2", "-msg"],
     
     OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args),  
@@ -1010,7 +1012,7 @@ ssl2_erlang_server_openssl_client_comp(Config) when is_list(Config) ->
 
     ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
 
-    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
     
     Data = "From openssl to erlang",
 
@@ -1020,7 +1022,7 @@ ssl2_erlang_server_openssl_client_comp(Config) when is_list(Config) ->
     Port = ssl_test_lib:inet_port(Server),
     
     Exe = "openssl",
-    Args = ["s_client", "-connect", "localhost:" ++ integer_to_list(Port), 
+    Args = ["s_client", "-connect", hostname_format(Hostname) ++ ":" ++ integer_to_list(Port), 
 	"-ssl2", "-msg"],
     
     OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args),  
@@ -1661,7 +1663,7 @@ start_erlang_server_and_openssl_client_for_npn_negotiation(Config, Data, Callbac
     ServerOpts0 = ssl_test_lib:ssl_options(server_opts, Config),
     ServerOpts = [{next_protocols_advertised, [<<"spdy/2">>]}, ServerOpts0],
 
-    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
 
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -1672,7 +1674,8 @@ start_erlang_server_and_openssl_client_for_npn_negotiation(Config, Data, Callbac
     Version = ssl_test_lib:protocol_version(Config),
 
     Exe = "openssl",
-    Args = ["s_client", "-nextprotoneg", "http/1.0,spdy/2", "-msg", "-connect", "localhost:" 
+    Args = ["s_client", "-nextprotoneg", "http/1.0,spdy/2", "-msg", "-connect", 
+            hostname_format(Hostname) ++ ":" 
 	    ++ integer_to_list(Port), ssl_test_lib:version_flag(Version)],
 
     OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args),  
@@ -1690,7 +1693,7 @@ start_erlang_server_and_openssl_client_with_opts(Config, ErlangServerOpts, OpenS
     ServerOpts0 = ssl_test_lib:ssl_options(server_opts, Config),
     ServerOpts = ErlangServerOpts ++  ServerOpts0,
 
-    {_, ServerNode, _} = ssl_test_lib:run_where(Config),
+    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
 
 
     Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
@@ -1701,8 +1704,9 @@ start_erlang_server_and_openssl_client_with_opts(Config, ErlangServerOpts, OpenS
     Version = ssl_test_lib:protocol_version(Config),
    
     Exe = "openssl",
-    Args = ["s_client"] ++ OpenSSLClientOpts ++ ["-msg",  "-connect", "localhost:" ++ integer_to_list(Port),
-	    ssl_test_lib:version_flag(Version)],
+    Args = ["s_client"] ++ OpenSSLClientOpts ++ ["-msg",  "-connect", 
+                                                 hostname_format(Hostname) ++ ":" ++ integer_to_list(Port),
+                                                 ssl_test_lib:version_flag(Version)],
 
     OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args),
 
@@ -1854,3 +1858,11 @@ consume_port_exit(OpenSSLPort) ->
         {'EXIT', OpenSSLPort, _} ->
             ok
     end.
+
+hostname_format(Hostname) ->
+    case lists:member($., Hostname) of
+        true ->  
+            Hostname;
+        false ->
+            "localhost"   
+    end.