1 files changed, 68 insertions, 34 deletions

diff --git a/lib/ssl/test/openssl_reject_SUITE.erl b/lib/ssl/test/openssl_reject_SUITE.erl
index deefd11823..e231a5ab99 100644
--- a/lib/ssl/test/openssl_reject_SUITE.erl
+++ b/lib/ssl/test/openssl_reject_SUITE.erl
@@ -21,10 +21,31 @@
 
 -module(openssl_reject_SUITE).
 
-%% Note: This directive should only be used in test suites.
--compile(export_all).
-
 -include_lib("common_test/include/ct.hrl").
+%% Common test
+-export([all/0,
+         groups/0,
+         init_per_suite/1,
+         init_per_group/2,
+         init_per_testcase/2,
+         end_per_suite/1,
+         end_per_group/2,
+         end_per_testcase/2
+        ]).
+
+%% Test cases
+-export([erlang_client_bad_openssl_server/0,
+         erlang_client_bad_openssl_server/1,
+         ssl2_erlang_server_openssl_client/0,
+         ssl2_erlang_server_openssl_client/1,
+         ssl3_erlang_server_openssl_client/0,
+         ssl3_erlang_server_openssl_client/1
+        ]).
+
+%% Apply export
+-export([server_sent_garbage/1
+        ]).
+
 
 -define(SLEEP, 1000).
 -define(OPENSSL_GARBAGE, "P\n").
@@ -36,20 +57,20 @@
 all() -> 
     [{group, 'tlsv1.2'},
      {group, 'tlsv1.1'},
-     {group, 'tlsv1'},
-     {group, 'sslv3'}].
+     {group, 'tlsv1'}
+     ].
 
 groups() ->
     [{'tlsv1.2', [], all_versions_tests()},
      {'tlsv1.1', [], all_versions_tests()},
-     {'tlsv1', [], all_versions_tests()},
-     {'sslv3', [], all_versions_tests()}
+     {'tlsv1', [], all_versions_tests()}
     ].
- 
+
 all_versions_tests() ->
-    [    
+    [
      erlang_client_bad_openssl_server,
-     ssl2_erlang_server_openssl_client
+     ssl2_erlang_server_openssl_client,
+     ssl3_erlang_server_openssl_client
     ].
 
 init_per_suite(Config0) ->
@@ -74,30 +95,10 @@ end_per_suite(_Config) ->
     ssl_test_lib:kill_openssl().
 
 init_per_group(GroupName, Config) ->
-    case ssl_test_lib:is_tls_version(GroupName) of
-        true ->
-            case ssl_test_lib:supports_ssl_tls_version(GroupName) of
-                 true ->
-                    case ssl_test_lib:check_sane_openssl_version(GroupName) of
-                         true ->
-                            ssl_test_lib:init_tls_version(GroupName, Config);
-                         false ->
-                            {skip, openssl_does_not_support_version}
-                    end;
-                false ->
-                    {skip, openssl_does_not_support_version}
-            end; 
-         _ ->
-            Config
-    end.
+    ssl_test_lib:init_per_group_openssl(GroupName, Config).
 
 end_per_group(GroupName, Config) ->
-    case ssl_test_lib:is_tls_version(GroupName) of
-        true ->
-            ssl_test_lib:clean_tls_version(Config);
-       false ->
-            Config
-    end.
+    ssl_test_lib:end_per_group(GroupName, Config).
 
 init_per_testcase(TestCase, Config) ->
     ct:timetrap({seconds, 10}),
@@ -110,6 +111,14 @@ special_init(ssl2_erlang_server_openssl_client, Config) ->
         false ->
             {skip, "sslv2 not supported by openssl"}
      end;
+special_init(ssl3_erlang_server_openssl_client, Config) ->
+    case ssl_test_lib:supports_ssl_tls_version(sslv3) of
+        true ->
+            Config;
+        false ->
+            {skip, "sslv3 not supported by openssl"}
+     end;
+
 special_init(_, Config) ->
      Config.
 
@@ -193,12 +202,37 @@ ssl2_erlang_server_openssl_client(Config) when is_list(Config) ->
 
     ct:log("Ports ~p~n", [[erlang:port_info(P) || P <- erlang:ports()]]), 
     ssl_test_lib:consume_port_exit(OpenSslPort),
-    ssl_test_lib:check_server_alert(Server, unexpected_message),
+    ssl_test_lib:check_server_alert(Server, bad_record_mac),
     process_flag(trap_exit, false).
 
+%%--------------------------------------------------------------------
+ssl3_erlang_server_openssl_client() ->
+    [{doc,"Test that ssl v3 clients are rejected"}].
+
+ssl3_erlang_server_openssl_client(Config) when is_list(Config) ->
+    process_flag(trap_exit, true),
+    ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config),
+
+    {_, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+
+    Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, 
+                                              {from, self()},
+                                              {options, ServerOpts}]),
+    Port = ssl_test_lib:inet_port(Server),
+
+    Exe = "openssl",
+    Args = ["s_client", "-connect", ssl_test_lib:hostname_format(Hostname) ++ ":" ++ integer_to_list(Port), 
+            "-ssl3", "-msg"],
+
+    OpenSslPort = ssl_test_lib:portable_open_port(Exe, Args),  
+
+    ct:log("Ports ~p~n", [[erlang:port_info(P) || P <- erlang:ports()]]), 
+    ssl_test_lib:consume_port_exit(OpenSslPort),
+    ssl_test_lib:check_server_alert(Server, bad_record_mac),
+    process_flag(trap_exit, false).
 
 %%--------------------------------------------------------------------
-%% Internal functions ------------------------------------------------
+%% Callback functions ------------------------------------------------
 %%--------------------------------------------------------------------
 
 server_sent_garbage(Socket) ->