SSL test framework: port SNI tests Observe that the old tests were partly ill-defined: setting sn_server1 but not sn_server2 in ssltest_old.c does not enable the SNI callback. Fix this, and also explicitly test both flavours of SNI mismatch (ignore / fatal alert). Tests still pass. Reviewed-by: Rich Salz <rsalz@openssl.org>
diff --git a/test/ssl_test_ctx.h b/test/ssl_test_ctx.h index 492d1d7..c551a9b 100644 --- a/test/ssl_test_ctx.h +++ b/test/ssl_test_ctx.h
@@ -29,10 +29,18 @@ typedef enum { SSL_TEST_SERVERNAME_NONE = 0, /* Default */ SSL_TEST_SERVERNAME_SERVER1, - SSL_TEST_SERVERNAME_SERVER2 + SSL_TEST_SERVERNAME_SERVER2, + SSL_TEST_SERVERNAME_INVALID } ssl_servername_t; typedef enum { + SSL_TEST_SERVERNAME_CB_NONE = 0, /* Default */ + SSL_TEST_SERVERNAME_IGNORE_MISMATCH, + SSL_TEST_SERVERNAME_REJECT_MISMATCH +} ssl_servername_callback_t; + + +typedef enum { SSL_TEST_SESSION_TICKET_IGNORE = 0, /* Default */ SSL_TEST_SESSION_TICKET_YES, SSL_TEST_SESSION_TICKET_NO, @@ -61,6 +69,18 @@ ssl_verify_callback_t client_verify_callback; /* One of a number of predefined server names use by the client */ ssl_servername_t servername; + /* + * The expected SNI context to use. + * We test server-side that the server switched to the expected context. + * Set by the callback upon success, so if the callback wasn't called or + * terminated with an alert, the servername will match with + * SSL_TEST_SERVERNAME_NONE. + * Note: in the event that the servername was accepted, the client should + * also receive an empty SNI extension back but we have no way of probing + * client-side via the API that this was the case. + */ + ssl_servername_t expected_servername; + ssl_servername_callback_t servername_callback; ssl_session_ticket_t session_ticket_expected; /* Whether the server/client CTX should use DTLS or TLS. */ ssl_test_method_t method; @@ -71,6 +91,8 @@ const char *ssl_protocol_name(int protocol); const char *ssl_verify_callback_name(ssl_verify_callback_t verify_callback); const char *ssl_servername_name(ssl_servername_t server); +const char *ssl_servername_callback_name(ssl_servername_callback_t + servername_callback); const char *ssl_session_ticket_name(ssl_session_ticket_t server); const char *ssl_test_method_name(ssl_test_method_t method);