diff options
author | Matt Caswell <matt@openssl.org> | 2017-02-13 13:26:37 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-04-27 11:43:55 +0100 |
commit | 11ba87f2ff8e2455c6627a83aa458384fe7de70a (patch) | |
tree | cd641aa5f04e490b101ff22b287552f05cc48653 /test/recipes | |
parent | 37659ea43053f5db951962bd1100b490bd4f7e5e (diff) |
Ensure s_client sends an SNI extension by default
Enforcement of an SNI extension in the initial ClientHello is becoming
increasingly common (e.g. see GitHub issue #2580). This commit changes
s_client so that it adds SNI be default, unless explicitly told not to via
the new "-noservername" option.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2614)
Diffstat (limited to 'test/recipes')
-rw-r--r-- | test/recipes/70-test_sslmessages.t | 12 | ||||
-rw-r--r-- | test/recipes/70-test_tls13messages.t | 11 |
2 files changed, 12 insertions, 11 deletions
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index a6278dc630..a763486f5b 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -222,22 +222,23 @@ checkhandshake($proxy, checkhandshake::RENEG_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS, "Rengotiation handshake test"); -#Test 8: Server name handshake (client request only) +#Test 8: Server name handshake (no client request) $proxy->clear(); -$proxy->clientflags("-no_tls1_3 -servername testhost"); +$proxy->clientflags("-no_tls1_3 -noservername"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS - | checkhandshake::SERVER_NAME_CLI_EXTENSION, + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (client)"); #Test 9: Server name handshake (server support only) $proxy->clear(); -$proxy->clientflags("-no_tls1_3"); +$proxy->clientflags("-no_tls1_3 -noservername"); $proxy->serverflags("-servername testhost"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, - checkhandshake::DEFAULT_EXTENSIONS, + checkhandshake::DEFAULT_EXTENSIONS + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (server)"); #Test 10: Server name handshake (client and server) @@ -247,7 +248,6 @@ $proxy->serverflags("-servername testhost"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS - | checkhandshake::SERVER_NAME_CLI_EXTENSION | checkhandshake::SERVER_NAME_SRV_EXTENSION, "Server name handshake test"); diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 0d25beffa9..c4e20b7614 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -200,21 +200,23 @@ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS, "Client auth handshake test"); -#Test 7: Server name handshake (client request only) +#Test 7: Server name handshake (no client request) $proxy->clear(); -$proxy->clientflags("-servername testhost"); +$proxy->clientflags("-noservername"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS - | checkhandshake::SERVER_NAME_CLI_EXTENSION, + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (client)"); #Test 8: Server name handshake (server support only) $proxy->clear(); +$proxy->clientflags("-noservername"); $proxy->serverflags("-servername testhost"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, - checkhandshake::DEFAULT_EXTENSIONS, + checkhandshake::DEFAULT_EXTENSIONS + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (server)"); #Test 9: Server name handshake (client and server) @@ -224,7 +226,6 @@ $proxy->serverflags("-servername testhost"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS - | checkhandshake::SERVER_NAME_CLI_EXTENSION | checkhandshake::SERVER_NAME_SRV_EXTENSION, "Server name handshake test"); |