Merge branch 'ingela/ssl/openssl-cipher-cuddle' into maint

* ingela/ssl/openssl-cipher-cuddle:
  ssl: Interop fixes

4 files changed, 42 insertions, 15 deletions

diff --git a/lib/ssl/test/openssl_cipher_suite_SUITE.erl b/lib/ssl/test/openssl_cipher_suite_SUITE.erl
index 61297a5f18..fc17827a1b 100644
--- a/lib/ssl/test/openssl_cipher_suite_SUITE.erl
+++ b/lib/ssl/test/openssl_cipher_suite_SUITE.erl
@@ -95,10 +95,13 @@
 %% Common Test interface functions -----------------------------------
 %%--------------------------------------------------------------------
 all() -> 
-    [
-     {group,  openssl_server},
-     {group,  openssl_client}
-    ].
+     case ssl_test_lib:working_openssl_client() of
+         true ->
+             [{group,  openssl_server},
+              {group,  openssl_client}];
+         false ->
+             [{group,  openssl_server}]
+     end.
 
 all_protocol_groups() ->
     [
@@ -955,7 +958,7 @@ cipher_suite_test(CipherSuite, Version, Config) ->
                                     [{ciphers, [CipherSuite]} | SOpts], Config);
         _ ->
             ssl_test_lib:basic_test([{versions, [Version]}, {ciphers, [CipherSuite]} | COpts], 
-                                    [{ciphers, ssl:cipher_suites(all, Version)} | SOpts], Config)
+                                    [{ciphers,  ssl_test_lib:openssl_ciphers()} | SOpts], Config)
     end.
 
 test_ciphers(Kex, Cipher, Version) ->
@@ -978,3 +981,5 @@ test_ciphers(Kex, Cipher, Version) ->
                  end, Ciphers).
 
 
+openssl_suitestr_to_map(OpenSSLSuiteStrs) ->
+    [ssl_cipher_format:suite_openssl_str_to_map(SuiteStr) || SuiteStr <- OpenSSLSuiteStrs].
diff --git a/lib/ssl/test/openssl_client_cert_SUITE.erl b/lib/ssl/test/openssl_client_cert_SUITE.erl
index 7e8d842f14..0248956056 100644
--- a/lib/ssl/test/openssl_client_cert_SUITE.erl
+++ b/lib/ssl/test/openssl_client_cert_SUITE.erl
@@ -156,10 +156,15 @@ init_per_suite(Config) ->
     catch crypto:stop(),
     try crypto:start() of
 	ok ->
-	    ssl_test_lib:clean_start(),
-            Config
+            case ssl_test_lib:working_openssl_client() of
+                true ->
+                    ssl_test_lib:clean_start(),
+                    Config;
+                false ->
+                    {skip, "Broken OpenSSL s_client"}
+            end
     catch _:_ ->
-	    {skip, "Crypto did not start"}
+            {skip, "Crypto did not start"}
     end.
 
 end_per_suite(_Config) ->
@@ -167,9 +172,9 @@ end_per_suite(_Config) ->
     application:unload(ssl),
     application:stop(crypto).
 
-init_per_group(openssl_client, Config0) ->
-    Config = proplists:delete(server_type, proplists:delete(client_type, Config0)),
+init_per_group(openssl_client, Config) ->
     [{client_type, openssl}, {server_type, erlang} | Config];
+
 init_per_group(Group, Config0) when Group == rsa;
                                     Group == rsa_1_3 ->
     Config = ssl_test_lib:make_rsa_cert(Config0),
diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl
index 0bacec9073..52477fe98f 100644
--- a/lib/ssl/test/ssl_api_SUITE.erl
+++ b/lib/ssl/test/ssl_api_SUITE.erl
@@ -1877,7 +1877,7 @@ new_options_in_handshake(Config) when is_list(Config) ->
                                                     (ecdh_rsa) ->
                                                          true;
                                                     (rsa) ->
-                                                         true;
+                                                         false;
                                                     (_) ->
                                                          false
                                                  end
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index f7dc04823b..1268a14eb0 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -120,7 +120,8 @@
          server_msg/2,
          hardcode_rsa_key/1,
          bigger_buffers/0,
-         stop/2
+         stop/2,
+         working_openssl_client/0
         ]).
 
 -export([basic_test/3,
@@ -285,6 +286,20 @@ init_per_group(GroupName, Config0) ->
 	    end
     end.
 
+working_openssl_client() ->
+    case portable_cmd("openssl", ["version"]) of
+        %% Theses versions of OpenSSL has a client that
+        %% can not handle hello extensions. And will
+        %% fail with bad packet length if they are present
+        %% in ServerHello
+        "OpenSSL 0.9.8h" ++ _ ->
+            false;
+        "OpenSSL 0.9.8k" ++ _ ->
+            false;
+        _  ->
+            true
+    end.
+
 init_per_group_openssl(GroupName, Config0) ->
     case is_tls_version(GroupName) andalso sufficient_crypto_support(GroupName) of
 	true ->
@@ -2075,9 +2090,11 @@ cipher_flag('tlsv1.3') ->
 cipher_flag(_) ->
     "-cipher".
 
-ciphers(Ciphers, Version) ->
+ciphers([#{}| _] = Ciphers, Version) ->
     Strs = [ssl_cipher_format:suite_map_to_openssl_str(Cipher) || Cipher <- Ciphers],
-    ciphers_concat(Version, Strs, "").
+    ciphers_concat(Version, Strs, "");
+ciphers(Ciphers, Version) ->
+    ciphers_concat(Version, Ciphers, "").
 
 ciphers_concat(_, [], [":" | Acc]) ->
     lists:append(lists:reverse(Acc));
@@ -2887,7 +2904,7 @@ check_sane_openssl_renegotiate(Config) ->
 	    {skip, "Known renegotiation bug in OpenSSL"};
         "LibreSSL 2." ++ _ ->
 	    {skip, "Known renegotiation bug in LibreSSL"};
-        "LibreSSL 3.1" ++ _ ->
+        "LibreSSL 3." ++ _ ->
 	    {skip, "Known renegotiation bug in LibreSSL"};
 	_ ->
 	    Config