3 files changed, 71 insertions, 32 deletions
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 8c2b84bc1e..c3bdeb1a54 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -626,7 +626,7 @@ handle_options(Opts0, _Role) ->
 		    user_lookup_fun = handle_option(user_lookup_fun, Opts, undefined),
 		    psk_identity = handle_option(psk_identity, Opts, undefined),
 		    srp_identity = handle_option(srp_identity, Opts, undefined),
-		    ciphers    = handle_option(ciphers, Opts, []),
+		    ciphers    = handle_cipher_option(proplists:get_value(ciphers, Opts, []), hd(Versions)),
 		    %% Server side option
 		    reuse_session = handle_option(reuse_session, Opts, ReuseSessionFun),
 		    reuse_sessions = handle_option(reuse_sessions, Opts, true),
@@ -712,7 +712,7 @@ validate_option(certfile, undefined = Value) ->
 validate_option(certfile, Value) when is_binary(Value) ->
     Value;
 validate_option(certfile, Value) when is_list(Value) ->
-    list_to_binary(Value);
+    binary_filename(Value);
 
 validate_option(key, undefined) ->
     undefined;
@@ -729,7 +729,7 @@ validate_option(keyfile, undefined) ->
 validate_option(keyfile, Value) when is_binary(Value) ->
     Value;
 validate_option(keyfile, Value) when is_list(Value), Value =/= "" ->
-    list_to_binary(Value);
+    binary_filename(Value);
 validate_option(password, Value) when is_list(Value) ->
     Value;
 
@@ -743,7 +743,7 @@ validate_option(cacertfile, undefined) ->
 validate_option(cacertfile, Value) when is_binary(Value) ->
     Value;
 validate_option(cacertfile, Value) when is_list(Value), Value =/= ""->
-    list_to_binary(Value);
+    binary_filename(Value);
 validate_option(dh, Value) when Value == undefined;
 				is_binary(Value) ->
     Value;
@@ -752,12 +752,12 @@ validate_option(dhfile, undefined = Value)  ->
 validate_option(dhfile, Value) when is_binary(Value) ->
     Value;
 validate_option(dhfile, Value) when is_list(Value), Value =/= "" ->
-    list_to_binary(Value);
+    binary_filename(Value);
 validate_option(psk_identity, undefined) ->
     undefined;
 validate_option(psk_identity, Identity)
   when is_list(Identity), Identity =/= "", length(Identity) =< 65535 ->
-    list_to_binary(Identity);
+    binary_filename(Identity);
 validate_option(user_lookup_fun, undefined) ->
     undefined;
 validate_option(user_lookup_fun, {Fun, _} = Value) when is_function(Fun, 3) ->
@@ -766,17 +766,9 @@ validate_option(srp_identity, undefined) ->
     undefined;
 validate_option(srp_identity, {Username, Password})
   when is_list(Username), is_list(Password), Username =/= "", length(Username) =< 255 ->
-    {list_to_binary(Username), list_to_binary(Password)};
+    {unicode:characters_to_binary(Username),
+     unicode:characters_to_binary(Password)};
 
-validate_option(ciphers, Value)  when is_list(Value) ->
-    Version = tls_record:highest_protocol_version([]),
-    try cipher_suites(Version, Value)
-    catch
-	exit:_ ->
-	    throw({error, {options, {ciphers, Value}}});
-	error:_->
-	    throw({error, {options, {ciphers, Value}}})
-    end;
 validate_option(reuse_session, Value) when is_function(Value) ->
     Value;
 validate_option(reuse_sessions, Value) when is_boolean(Value) ->
@@ -936,16 +928,26 @@ emulated_options([Opt|Opts], Inet, Emulated) ->
 emulated_options([], Inet,Emulated) ->
     {Inet, Emulated}.
 
-cipher_suites(Version, []) ->
+handle_cipher_option(Value, Version)  when is_list(Value) ->
+    try binary_cipher_suites(Version, Value) of
+	Suites ->
+	    Suites
+    catch
+	exit:_ ->
+	    throw({error, {options, {ciphers, Value}}});
+	error:_->
+	    throw({error, {options, {ciphers, Value}}})
+    end.
+binary_cipher_suites(Version, []) -> %% Defaults to all supported suits
     ssl_cipher:suites(Version);
-cipher_suites(Version, [{_,_,_,_}| _] = Ciphers0) -> %% Backwards compatibility
+binary_cipher_suites(Version, [{_,_,_,_}| _] = Ciphers0) -> %% Backwards compatibility
     Ciphers = [{KeyExchange, Cipher, Hash} || {KeyExchange, Cipher, Hash, _} <- Ciphers0],
-    cipher_suites(Version, Ciphers);
-cipher_suites(Version, [{_,_,_}| _] = Ciphers0) ->
+    binary_cipher_suites(Version, Ciphers);
+binary_cipher_suites(Version, [{_,_,_}| _] = Ciphers0) ->
     Ciphers = [ssl_cipher:suite(C) || C <- Ciphers0],
-    cipher_suites(Version, Ciphers);
+    binary_cipher_suites(Version, Ciphers);
 
-cipher_suites(Version, [Cipher0 | _] = Ciphers0) when is_binary(Cipher0) ->
+binary_cipher_suites(Version, [Cipher0 | _] = Ciphers0) when is_binary(Cipher0) ->
     Supported0 = ssl_cipher:suites(Version)
 	++ ssl_cipher:anonymous_suites()
 	++ ssl_cipher:psk_suites(Version)
@@ -953,18 +955,18 @@ cipher_suites(Version, [Cipher0 | _] = Ciphers0) when is_binary(Cipher0) ->
     Supported = ssl_cipher:filter_suites(Supported0),
     case [Cipher || Cipher <- Ciphers0, lists:member(Cipher, Supported)] of
 	[] ->
-	    Supported;
+	    Supported;  %% Defaults to all supported suits
 	Ciphers ->
 	    Ciphers
     end;
-cipher_suites(Version, [Head | _] = Ciphers0) when is_list(Head) ->
+binary_cipher_suites(Version, [Head | _] = Ciphers0) when is_list(Head) ->
     %% Format: ["RC4-SHA","RC4-MD5"]
     Ciphers = [ssl_cipher:openssl_suite(C) || C <- Ciphers0],
-    cipher_suites(Version, Ciphers);
-cipher_suites(Version, Ciphers0)  ->
+    binary_cipher_suites(Version, Ciphers);
+binary_cipher_suites(Version, Ciphers0)  ->
     %% Format: "RC4-SHA:RC4-MD5"
     Ciphers = [ssl_cipher:openssl_suite(C) || C <- string:tokens(Ciphers0, ":")],
-    cipher_suites(Version, Ciphers).
+    binary_cipher_suites(Version, Ciphers).
 
 unexpected_format(Error) ->
     lists:flatten(io_lib:format("Unexpected error: ~p", [Error])).
@@ -1036,3 +1038,7 @@ connection_sup(tls_connection) ->
     tls_connection_sup;
 connection_sup(dtls_connection) ->
     dtls_connection_sup.
+
+binary_filename(FileName) ->
+    Enc = file:native_name_encoding(),
+    unicode:characters_to_binary(FileName, unicode, Enc).
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 102215119d..64b89e9f95 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2013. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2014. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -82,13 +82,13 @@
 	  validate_extensions_fun, 
 	  depth                :: integer(),
 	  certfile             :: binary(),
-	  cert                 :: der_encoded(),
+	  cert                 :: public_key:der_encoded(),
 	  keyfile              :: binary(),
-	  key	               :: {'RSAPrivateKey' | 'DSAPrivateKey' | 'ECPrivateKey' | 'PrivateKeyInfo', der_encoded()},
+	  key	               :: {'RSAPrivateKey' | 'DSAPrivateKey' | 'ECPrivateKey' | 'PrivateKeyInfo', public_key:der_encoded()},
 	  password	       :: string(),
-	  cacerts              :: [der_encoded()],
+	  cacerts              :: [public_key:der_encoded()],
 	  cacertfile           :: binary(),
-	  dh                   :: der_encoded(),
+	  dh                   :: public_key:der_encoded(),
 	  dhfile               :: binary(),
 	  user_lookup_fun,  % server option, fun to lookup the user
 	  psk_identity         :: binary(),
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index ddc511c652..2e216b32fa 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -86,6 +86,7 @@ basic_tests() ->
     [app,
      alerts,
      send_close,
+     version_option,
      connect_twice,
      connect_dist,
      clear_pem_cache
@@ -1072,6 +1073,13 @@ send_close(Config) when is_list(Config) ->
     {error, _} = ssl:send(SslS, "Hello world").
 
 %%--------------------------------------------------------------------
+version_option() ->
+    [{doc, "Use version option and do no specify ciphers list. Bug specified incorrect ciphers"}].
+version_option(Config) when is_list(Config) -> 
+    Versions = proplists:get_value(supported, ssl:versions()),
+    [version_option_test(Config, Version) || Version <- Versions].
+   
+%%--------------------------------------------------------------------
 close_transport_accept() ->
     [{doc,"Tests closing ssl socket when waiting on ssl:transport_accept/1"}].
 
@@ -3488,3 +3496,28 @@ shutdown_both_result(Socket, client) ->
 
 peername_result(S) ->
     ssl:peername(S).
+
+version_option_test(Config, Version) ->
+    ClientOpts = ?config(client_opts, Config),
+    ServerOpts = ?config(server_opts, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = 
+	ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+				   {from, self()}, 
+				   {mfa, {ssl_test_lib, send_recv_result, []}},
+				   {options,  [{active, false}, {versions, [Version]}| ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+    Client = 
+	ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+				   {host, Hostname},
+				   {from, self()}, 
+				   {mfa, {ssl_test_lib, send_recv_result, []}},
+				   {options, [{active, false}, {versions, [Version]}| ClientOpts]}]),
+    
+    ct:log("Testcase ~p, Client ~p  Server ~p ~n",
+	   [self(), Client, Server]),
+    
+    ssl_test_lib:check_result(Server, ok, Client, ok),
+    
+    ssl_test_lib:close(Server),
+    ssl_test_lib:close(Client).