5 files changed, 136 insertions, 52 deletions

diff --git a/lib/ssl/src/dtls_packet_demux.erl b/lib/ssl/src/dtls_packet_demux.erl
index c6431b55a9..94b350eaa5 100644
--- a/lib/ssl/src/dtls_packet_demux.erl
+++ b/lib/ssl/src/dtls_packet_demux.erl
@@ -154,9 +154,9 @@ handle_info({Transport, Socket, IP, InPortNo, _} = Msg, #state{listener = Socket
 handle_info({PassiveTag, Socket},
             #state{active_n = N,
                    listener = Socket,
-                   transport = {_,_,_, udp_error, PassiveTag}}) ->
-    next_datagram(Socket, N);
-
+                   transport = {_, _, _, _, PassiveTag}} = State) ->
+    next_datagram(Socket, N),
+    {noreply, State}; 
 %% UDP socket does not have a connection and should not receive an econnreset
 %% This does however happens on some windows versions. Just ignoring it
 %% appears to make things work as expected! 
diff --git a/lib/ssl/src/ssl_alert.erl b/lib/ssl/src/ssl_alert.erl
index 06b1b005a5..2d57b72f7b 100644
--- a/lib/ssl/src/ssl_alert.erl
+++ b/lib/ssl/src/ssl_alert.erl
@@ -32,7 +32,11 @@
 -include("ssl_record.hrl").
 -include("ssl_internal.hrl").
 
--export([decode/1, own_alert_txt/1, alert_txt/1, reason_code/2]).
+-export([decode/1, 
+         own_alert_txt/1, 
+         alert_txt/1,
+         alert_txt/4, 
+         reason_code/4]).
 
 %%====================================================================
 %% Internal application API
@@ -48,20 +52,29 @@ decode(Bin) ->
     decode(Bin, [], 0).
 
 %%--------------------------------------------------------------------
-%% -spec reason_code(#alert{}, client | server) ->
-%%                          {tls_alert, unicode:chardata()} | closed.
-%-spec reason_code(#alert{}, client | server) -> closed | {essl, string()}.
+-spec reason_code(#alert{}, client | server, ProtocolName::string(), StateName::atom()) ->
+                         {tls_alert, {atom(), unicode:chardata()}} | closed.
 %%
 %% Description: Returns the error reason that will be returned to the
 %% user.
 %%--------------------------------------------------------------------
 
-reason_code(#alert{description = ?CLOSE_NOTIFY}, _) ->
+reason_code(#alert{description = ?CLOSE_NOTIFY}, _, _, _) ->
     closed;
-reason_code(#alert{description = Description, role = Role} = Alert, Role) ->
-    {tls_alert, {description_atom(Description), own_alert_txt(Alert)}};
-reason_code(#alert{description = Description} = Alert, Role) ->
-    {tls_alert, {description_atom(Description), alert_txt(Alert#alert{role = Role})}}.
+reason_code(#alert{description = Description, role = Role} = Alert, Role, ProtocolName, StateName) ->
+    Txt = lists:flatten(alert_txt(ProtocolName, Role, StateName, own_alert_txt(Alert))),
+    {tls_alert, {description_atom(Description), Txt}};
+reason_code(#alert{description = Description} = Alert, Role, ProtocolName, StateName) ->
+    Txt = lists:flatten(alert_txt(ProtocolName, Role, StateName, alert_txt(Alert))),
+    {tls_alert, {description_atom(Description), Txt}}.
+
+%%--------------------------------------------------------------------
+-spec alert_txt(string(), server | client, StateNam::atom(), string()) -> string().
+%%
+%% Description: Generates alert text for log or string part of error return.
+%%--------------------------------------------------------------------
+alert_txt(ProtocolName, Role, StateName, Txt) ->
+    io_lib:format("~s ~p: In state ~p ~s\n", [ProtocolName, Role, StateName, Txt]).
 
 %%--------------------------------------------------------------------
 -spec own_alert_txt(#alert{}) -> string().
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index a5f754d2e3..a8cb9ea815 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -124,7 +124,7 @@ handshake(#sslsocket{pid = [Pid|_]} = Socket, Timeout) ->
 	connected ->
 	    {ok, Socket};
         {ok, Ext} ->
-            {ok, Socket, Ext};
+            {ok, Socket, no_records(Ext)};
  	Error ->
 	    Error
     end.
@@ -328,34 +328,33 @@ prf(ConnectionPid, Secret, Label, Seed, WantedLength) ->
 %%====================================================================
 %% Alert and close handling
 %%====================================================================
-handle_own_alert(Alert, _, StateName,
+handle_own_alert(Alert0, _, StateName,
 		 #state{static_env = #static_env{role = Role,
                                                  protocol_cb = Connection},
                         ssl_options = SslOpts} = State) ->
     try %% Try to tell the other side
-        send_alert(Alert, StateName, State)
+        send_alert(Alert0, StateName, State)
     catch _:_ ->  %% Can crash if we are in a uninitialized state
 	    ignore
     end,
     try %% Try to tell the local user
-	log_alert(SslOpts#ssl_options.log_level, Role,
-	          Connection:protocol_name(), StateName,
-	          Alert#alert{role = Role}),
+        Alert = Alert0#alert{role = Role},
+	log_alert(SslOpts#ssl_options.log_level, Role, Connection:protocol_name(), StateName, Alert),
 	handle_normal_shutdown(Alert,StateName, State)
     catch _:_ ->
 	    ok
     end,
     {stop, {shutdown, own_alert}, State}.
 
-handle_normal_shutdown(Alert, _, #state{static_env = #static_env{role = Role,
-                                                                 socket = Socket,
-                                                                 transport_cb = Transport,
-                                                                 protocol_cb = Connection,
-                                                                 tracker = Tracker},
-                                        handshake_env = #handshake_env{renegotiation = {false, first}},
-					start_or_recv_from = StartFrom} = State) ->
+handle_normal_shutdown(Alert, StateName, #state{static_env = #static_env{role = Role,
+                                                                         socket = Socket,
+                                                                         transport_cb = Transport,
+                                                                         protocol_cb = Connection,
+                                                                         tracker = Tracker},
+                                                handshake_env = #handshake_env{renegotiation = {false, first}},
+                                                start_or_recv_from = StartFrom} = State) ->
     Pids = Connection:pids(State),
-    alert_user(Pids, Transport, Tracker,Socket, StartFrom, Alert, Role, Connection);
+    alert_user(Pids, Transport, Tracker,Socket, StartFrom, Alert, Role, StateName, Connection);
 
 handle_normal_shutdown(Alert, StateName, #state{static_env = #static_env{role = Role,
                                                                          socket = Socket,
@@ -366,9 +365,9 @@ handle_normal_shutdown(Alert, StateName, #state{static_env = #static_env{role =
                                                 socket_options = Opts,
 						start_or_recv_from = RecvFrom} = State) ->
     Pids = Connection:pids(State),
-    alert_user(Pids, Transport, Tracker, Socket, StateName, Opts, Pid, RecvFrom, Alert, Role, Connection).
+    alert_user(Pids, Transport, Tracker, Socket, StateName, Opts, Pid, RecvFrom, Alert, Role, StateName, Connection).
 
-handle_alert(#alert{level = ?FATAL} = Alert, StateName,
+handle_alert(#alert{level = ?FATAL} = Alert0, StateName,
 	     #state{static_env = #static_env{role = Role,
                                              socket = Socket,
                                              host = Host,
@@ -382,11 +381,11 @@ handle_alert(#alert{level = ?FATAL} = Alert, StateName,
                     session = Session, 
 		    socket_options = Opts} = State) ->
     invalidate_session(Role, Host, Port, Session),
+    Alert = Alert0#alert{role = opposite_role(Role)},
     log_alert(SslOpts#ssl_options.log_level, Role, Connection:protocol_name(), 
-              StateName, Alert#alert{role = opposite_role(Role)}),
+              StateName, Alert),
     Pids = Connection:pids(State),
-    alert_user(Pids, Transport, Tracker, Socket, StateName, Opts, Pid, From, Alert,
-               opposite_role(Role), Connection),
+    alert_user(Pids, Transport, Tracker, Socket, StateName, Opts, Pid, From, Alert, Role, StateName, Connection),
     {stop, {shutdown, normal}, State};
 
 handle_alert(#alert{level = ?WARNING, description = ?CLOSE_NOTIFY} = Alert, 
@@ -396,13 +395,14 @@ handle_alert(#alert{level = ?WARNING, description = ?CLOSE_NOTIFY} = Alert,
 	    StateName, State) -> 
     handle_normal_shutdown(Alert, StateName, State),
     {stop,{shutdown, peer_close}, State};
-handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert, StateName, 
+handle_alert(#alert{level = ?WARNING, description = ?NO_RENEGOTIATION} = Alert0, StateName, 
 	     #state{static_env = #static_env{role = Role,
                                              protocol_cb = Connection},
                     handshake_env = #handshake_env{renegotiation = {true, internal}},
                     ssl_options = SslOpts} = State) ->
+    Alert = Alert0#alert{role = opposite_role(Role)},
     log_alert(SslOpts#ssl_options.log_level, Role, 
-              Connection:protocol_name(), StateName, Alert#alert{role = opposite_role(Role)}),
+              Connection:protocol_name(), StateName, Alert),
     handle_normal_shutdown(Alert, StateName, State),
     {stop,{shutdown, peer_close}, State};
 
@@ -709,6 +709,7 @@ handle_session(#server_hello{cipher_suite = CipherSuite,
 
     {ExpectNPN, Protocol} = case Protocol0 of
 				undefined -> 
+
 				    {false, CurrentProtocol};
 				_ -> 
 				    {ProtoExt =:= npn, Protocol0}
@@ -1445,7 +1446,7 @@ handle_info({ErrorTag, Socket, econnaborted}, StateName,
 		  } = State)  when StateName =/= connection ->
     Pids = Connection:pids(State),
     alert_user(Pids, Transport, Tracker,Socket, 
-	       StartFrom, ?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), Role, Connection),
+	       StartFrom, ?ALERT_REC(?FATAL, ?CLOSE_NOTIFY), Role, StateName, Connection),
     {stop, {shutdown, normal}, State};
 
 handle_info({ErrorTag, Socket, Reason}, StateName, #state{static_env = #static_env{socket = Socket,
@@ -2907,22 +2908,22 @@ send_user(Pid, Msg) ->
     Pid ! Msg,
     ok.
 
-alert_user(Pids, Transport, Tracker, Socket, connection, Opts, Pid, From, Alert, Role, Connection) ->
-    alert_user(Pids, Transport, Tracker, Socket, Opts#socket_options.active, Pid, From, Alert, Role, Connection);
-alert_user(Pids, Transport, Tracker, Socket,_, _, _, From, Alert, Role, Connection) ->
-    alert_user(Pids, Transport, Tracker, Socket, From, Alert, Role, Connection).
+alert_user(Pids, Transport, Tracker, Socket, connection, Opts, Pid, From, Alert, Role, StateName, Connection) ->
+    alert_user(Pids, Transport, Tracker, Socket, Opts#socket_options.active, Pid, From, Alert, Role, StateName, Connection);
+alert_user(Pids, Transport, Tracker, Socket,_, _, _, From, Alert, Role, StateName, Connection) ->
+    alert_user(Pids, Transport, Tracker, Socket, From, Alert, Role, StateName, Connection).
 
-alert_user(Pids, Transport, Tracker, Socket, From, Alert, Role, Connection) ->
-    alert_user(Pids, Transport, Tracker, Socket, false, no_pid, From, Alert, Role, Connection).
+alert_user(Pids, Transport, Tracker, Socket, From, Alert, Role, StateName, Connection) ->
+    alert_user(Pids, Transport, Tracker, Socket, false, no_pid, From, Alert, Role, StateName, Connection).
 
-alert_user(_, _, _, _, false = Active, Pid, From,  Alert, Role, _) when From =/= undefined ->
+alert_user(_, _, _, _, false = Active, Pid, From,  Alert, Role, StateName, Connection) when From =/= undefined ->
     %% If there is an outstanding ssl_accept | recv
     %% From will be defined and send_or_reply will
     %% send the appropriate error message.
-    ReasonCode = ssl_alert:reason_code(Alert, Role),
+    ReasonCode = ssl_alert:reason_code(Alert, Role, Connection:protocol_name(), StateName),
     send_or_reply(Active, Pid, From, {error, ReasonCode});
-alert_user(Pids, Transport, Tracker, Socket, Active, Pid, From, Alert, Role, Connection) ->
-    case ssl_alert:reason_code(Alert, Role) of
+alert_user(Pids, Transport, Tracker, Socket, Active, Pid, From, Alert, Role, StateName, Connection) ->
+    case ssl_alert:reason_code(Alert, Role, Connection:protocol_name(), StateName) of
 	closed ->
 	    send_or_reply(Active, Pid, From,
 			  {ssl_closed, Connection:socket(Pids, Transport, Socket, Tracker)});
@@ -2933,11 +2934,11 @@ alert_user(Pids, Transport, Tracker, Socket, Active, Pid, From, Alert, Role, Con
 
 log_alert(Level, Role, ProtocolName, StateName, #alert{role = Role} = Alert) ->
     Txt = ssl_alert:own_alert_txt(Alert),
-    Report = io_lib:format("~s ~p: In state ~p ~s\n", [ProtocolName, Role, StateName, Txt]),
+    Report = ssl_alert:alert_txt(ProtocolName, Role, StateName, Txt),
     ssl_logger:notice(Level, Report);
 log_alert(Level, Role, ProtocolName, StateName, Alert) ->
     Txt = ssl_alert:alert_txt(Alert),
-    Report = io_lib:format("~s ~p: In state ~p ~s\n", [ProtocolName, Role, StateName, Txt]),
+    Report = ssl_alert:alert_txt(ProtocolName, Role, StateName, Txt),
     ssl_logger:notice(Level, Report).
 
 invalidate_session(client, Host, Port, Session) ->
@@ -3000,3 +3001,8 @@ new_emulated([], EmOpts) ->
     EmOpts;
 new_emulated(NewEmOpts, _) ->
     NewEmOpts.
+
+no_records(Extensions) ->
+    maps:map(fun(_, Value) ->
+                     ssl_handshake:extension_value(Value)
+             end, Extensions).  
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 20d9f28512..785ea98fa0 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -164,6 +164,7 @@ api_tests() ->
      prf,
      socket_options,
      active_n,
+     internal_active_1,
      cipher_suites,
      handshake_continue,
      handshake_continue_timeout,
@@ -488,6 +489,15 @@ init_per_testcase(accept_pool, Config) ->
 	    ssl_test_lib:ct_log_supported_protocol_versions(Config),
 	    Config
     end;
+
+init_per_testcase(internal_active_1, Config) ->
+    ssl:stop(),
+    application:load(ssl),
+    application:set_env(ssl, internal_active_n, 1),
+    ssl:start(),
+    ct:timetrap({seconds, 5}),
+    Config;
+
 init_per_testcase(controller_dies, Config) ->
     ct:timetrap({seconds, 10}),
     Config;
@@ -510,6 +520,10 @@ end_per_testcase(reuse_session_expired, Config) ->
     application:unset_env(ssl, session_delay_cleanup_time),
     end_per_testcase(default_action, Config);
 
+end_per_testcase(internal_active_n, Config) ->
+    application:unset_env(ssl, internal_active_n),
+    end_per_testcase(default_action, Config);
+
 end_per_testcase(Case, Config) when Case == protocol_versions;
 				    Case == empty_protocol_versions->
     application:unset_env(ssl, protocol_versions),
@@ -1975,6 +1989,10 @@ recv_active_once(Config) when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
+
+
+
+
 %%--------------------------------------------------------------------
 recv_active_n() ->
     [{doc,"Test recv on active (n) socket"}].
@@ -2001,6 +2019,7 @@ recv_active_n(Config) when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
+
 %%--------------------------------------------------------------------
 %% Test case adapted from gen_tcp_misc_SUITE.
 active_n() ->
@@ -2226,6 +2245,33 @@ upgrade_result(Socket) ->
 	    ok
     end.
 
+
+%%--------------------------------------------------------------------
+internal_active_1() ->
+    [{doc,"Test internal active 1 (behave as internal active once)"}].
+
+internal_active_1(Config) when is_list(Config) ->
+    ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+    ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = 
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+				   {from, self()}, 
+				   {mfa, {ssl_test_lib, send_recv_result_active, []}},
+				   {options,  [{active, true} | ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+    Client = 
+	ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+				   {host, Hostname},
+				   {from, self()}, 
+				   {mfa, {ssl_test_lib, send_recv_result_active, []}},
+				   {options, [{active, true} | ClientOpts]}]),
+        
+    ssl_test_lib:check_result(Server, ok, Client, ok),
+    
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).
+
 %%--------------------------------------------------------------------
 tls_upgrade_with_timeout() ->
     [{doc,"Test ssl_accept/3"}].
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index 6e15843156..832f8494c6 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -159,6 +159,7 @@ connect(ListenSocket, Node, N, _, Timeout, SslOpts, [_|_] =ContOpts) ->
 
     case ssl:handshake(AcceptSocket, SslOpts, Timeout) of
 	{ok, Socket0, Ext} ->
+            [_|_] = maps:get(sni, Ext),
             ct:log("Ext ~p:~n", [Ext]),            
             ct:log("~p:~p~nssl:handshake_continue(~p,~p,~p)~n", [?MODULE,?LINE, Socket0, ContOpts,Timeout]),            
             case ssl:handshake_continue(Socket0, ContOpts, Timeout) of
@@ -429,14 +430,17 @@ check_result(Pid, Msg) ->
     end.
 check_server_alert(Pid, Alert) ->
     receive
-	{Pid, {error, {tls_alert, {Alert, _}}}} ->
+	{Pid, {error, {tls_alert, {Alert, STxt}}}} ->
+            check_server_txt(STxt),
             ok
     end.
 check_server_alert(Server, Client, Alert) ->
     receive
-	{Server, {error, {tls_alert, {Alert, _}}}} ->
+	{Server, {error, {tls_alert, {Alert, STxt}}}} ->
+            check_server_txt(STxt),
 	    receive
-		{Client, {error, {tls_alert, {Alert, _}}}} ->
+		{Client, {error, {tls_alert, {Alert, CTxt}}}} ->
+                    check_client_txt(CTxt),
 		    ok;
 		{Client, {error, closed}} ->
 		    ok
@@ -444,20 +448,35 @@ check_server_alert(Server, Client, Alert) ->
     end.
 check_client_alert(Pid, Alert) ->
     receive
-	{Pid, {error, {tls_alert, {Alert, _}}}} ->
+	{Pid, {error, {tls_alert, {Alert, CTxt}}}} ->
+            check_client_txt(CTxt),
             ok
     end.
 check_client_alert(Server, Client, Alert) ->
     receive
-	{Client, {error, {tls_alert, {Alert, _}}}} ->
+	{Client, {error, {tls_alert, {Alert, CTxt}}}} ->
+            check_client_txt(CTxt),
 	    receive
-		{Server, {error, {tls_alert, {Alert, _}}}} ->
+		{Server, {error, {tls_alert, {Alert, STxt}}}} ->
+                      check_server_txt(STxt),
 		    ok;
 		{Server, {error, closed}} ->
 		    ok
 	    end
     end.
+check_server_txt("TLS server" ++ _) ->
+    ok;
+check_server_txt("DTLS server" ++ _) ->
+    ok;
+check_server_txt(Txt) ->
+    ct:fail({expected_server, {got, Txt}}).
 
+check_client_txt("TLS client" ++ _) ->
+    ok;
+check_client_txt("DTLS client" ++ _) ->
+    ok;
+check_client_txt(Txt) ->
+    ct:fail({expected_server, {got, Txt}}).
 
 wait_for_result(Server, ServerMsg, Client, ClientMsg) -> 
     receive