|
Packit |
c4476c |
# -*- mode: perl; -*-
|
|
Packit |
c4476c |
# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
#
|
|
Packit |
c4476c |
# Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit |
c4476c |
# this file except in compliance with the License. You can obtain a copy
|
|
Packit |
c4476c |
# in the file LICENSE in the source distribution or at
|
|
Packit |
c4476c |
# https://www.openssl.org/source/license.html
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
## SSL test configurations
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
use strict;
|
|
Packit |
c4476c |
use warnings;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
package ssltests;
|
|
Packit |
c4476c |
use OpenSSL::Test::Utils;
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
our @tests = (
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
name => "SNI-switch-context",
|
|
Packit |
c4476c |
server => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerNameCallback" => "IgnoreMismatch",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
client => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerName" => "server2",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
test => {
|
|
Packit |
c4476c |
"ExpectedServerName" => "server2",
|
|
Packit |
c4476c |
"ExpectedResult" => "Success"
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
name => "SNI-keep-context",
|
|
Packit |
c4476c |
server => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerNameCallback" => "IgnoreMismatch",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
client => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerName" => "server1",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
test => {
|
|
Packit |
c4476c |
"ExpectedServerName" => "server1",
|
|
Packit |
c4476c |
"ExpectedResult" => "Success"
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
name => "SNI-no-server-support",
|
|
Packit |
c4476c |
server => { },
|
|
Packit |
c4476c |
client => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerName" => "server1",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
test => { "ExpectedResult" => "Success" },
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
name => "SNI-no-client-support",
|
|
Packit |
c4476c |
server => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerNameCallback" => "IgnoreMismatch",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
client => { },
|
|
Packit |
c4476c |
test => {
|
|
Packit |
c4476c |
# We expect that the callback is still called
|
|
Packit |
c4476c |
# to let the application decide whether they tolerate
|
|
Packit |
c4476c |
# missing SNI (as our test callback does).
|
|
Packit |
c4476c |
"ExpectedServerName" => "server1",
|
|
Packit |
c4476c |
"ExpectedResult" => "Success"
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
name => "SNI-bad-sni-ignore-mismatch",
|
|
Packit |
c4476c |
server => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerNameCallback" => "IgnoreMismatch",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
client => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerName" => "invalid",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
test => {
|
|
Packit |
c4476c |
"ExpectedServerName" => "server1",
|
|
Packit |
c4476c |
"ExpectedResult" => "Success"
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
name => "SNI-bad-sni-reject-mismatch",
|
|
Packit |
c4476c |
server => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerNameCallback" => "RejectMismatch",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
client => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerName" => "invalid",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
test => {
|
|
Packit |
c4476c |
"ExpectedResult" => "ServerFail",
|
|
Packit |
c4476c |
"ExpectedServerAlert" => "UnrecognizedName"
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
name => "SNI-bad-clienthello-sni-ignore-mismatch",
|
|
Packit |
c4476c |
server => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerNameCallback" => "ClientHelloIgnoreMismatch",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
client => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerName" => "invalid",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
test => {
|
|
Packit |
c4476c |
"ExpectedServerName" => "server1",
|
|
Packit |
c4476c |
"ExpectedResult" => "Success"
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
name => "SNI-bad-clienthello-sni-reject-mismatch",
|
|
Packit |
c4476c |
server => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerNameCallback" => "ClientHelloRejectMismatch",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
client => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerName" => "invalid",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
test => {
|
|
Packit |
c4476c |
"ExpectedResult" => "ServerFail",
|
|
Packit |
c4476c |
"ExpectedServerAlert" => "UnrecognizedName"
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
our @tests_tls_1_1 = (
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
name => "SNI-clienthello-disable-v12",
|
|
Packit |
c4476c |
server => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerNameCallback" => "ClientHelloNoV12",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
client => {
|
|
Packit |
c4476c |
extra => {
|
|
Packit |
c4476c |
"ServerName" => "server2",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
test => {
|
|
Packit |
c4476c |
"ExpectedProtocol" => "TLSv1.1",
|
|
Packit |
c4476c |
"ExpectedServerName" => "server2",
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
},
|
|
Packit |
c4476c |
);
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
push @tests, @tests_tls_1_1 unless disabled("tls1_1");
|