diff options
| author | Emilia Kasper <emilia@openssl.org> | 2016-06-20 17:20:25 +0200 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2016-06-28 17:26:24 +0200 |
| commit | d2b23cd2b077de8507c49f632e20dfcdb653a35b (patch) | |
| tree | 3a8a980e199c680d7e296468439c6f53d05fa1a0 /test/ssl_test.c | |
| parent | 2cdce3e32f0f70470d676352410557b626bc9d01 (diff) | |
SSL test framework: port SNI tests
Observe that the old tests were partly ill-defined:
setting sn_server1 but not sn_server2 in ssltest_old.c does not enable
the SNI callback.
Fix this, and also explicitly test both flavours of SNI mismatch (ignore
/ fatal alert). Tests still pass.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'test/ssl_test.c')
| -rw-r--r-- | test/ssl_test.c | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/test/ssl_test.c b/test/ssl_test.c index 537d4b0e5a..060f73eeba 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -125,14 +125,13 @@ static int check_protocol(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx) static int check_servername(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx) { - if (test_ctx->servername != SSL_TEST_SERVERNAME_NONE - && result.servername != test_ctx->servername) { - fprintf(stderr, "Client ServerName mismatch, expected %s, got %s\n.", - ssl_servername_name(test_ctx->servername), - ssl_servername_name(result.servername)); - return 0; + if (result.servername != test_ctx->expected_servername) { + fprintf(stderr, "Client ServerName mismatch, expected %s, got %s\n.", + ssl_servername_name(test_ctx->expected_servername), + ssl_servername_name(result.servername)); + return 0; } - return 1; + return 1; } static int check_session_ticket(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx) @@ -176,40 +175,42 @@ static int execute_test(SSL_TEST_FIXTURE fixture) SSL_CTX *server_ctx = NULL, *server2_ctx = NULL, *client_ctx = NULL; SSL_TEST_CTX *test_ctx = NULL; HANDSHAKE_RESULT result; - const char *server2; test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app); if (test_ctx == NULL) goto err; - /* Use ServerName to detect if we're testing SNI. */ - server2 = (test_ctx->servername != SSL_TEST_SERVERNAME_NONE) ? "server2" - : "server"; - #ifndef OPENSSL_NO_DTLS if (test_ctx->method == SSL_TEST_METHOD_DTLS) { server_ctx = SSL_CTX_new(DTLS_server_method()); - server2_ctx = SSL_CTX_new(DTLS_server_method()); + if (test_ctx->servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { + server2_ctx = SSL_CTX_new(DTLS_server_method()); + OPENSSL_assert(server2_ctx != NULL); + } client_ctx = SSL_CTX_new(DTLS_client_method()); } #endif if (test_ctx->method == SSL_TEST_METHOD_TLS) { server_ctx = SSL_CTX_new(TLS_server_method()); - server2_ctx = SSL_CTX_new(TLS_server_method()); + if (test_ctx->servername_callback != SSL_TEST_SERVERNAME_CB_NONE) { + server2_ctx = SSL_CTX_new(TLS_server_method()); + OPENSSL_assert(server2_ctx != NULL); + } client_ctx = SSL_CTX_new(TLS_client_method()); } - OPENSSL_assert(server_ctx != NULL && server2_ctx != NULL && - client_ctx != NULL); + OPENSSL_assert(server_ctx != NULL && client_ctx != NULL); OPENSSL_assert(CONF_modules_load(conf, fixture.test_app, 0) > 0); if (!SSL_CTX_config(server_ctx, "server") - || !SSL_CTX_config(server2_ctx, server2) || !SSL_CTX_config(client_ctx, "client")) { goto err; } + if (server2_ctx != NULL && !SSL_CTX_config(server2_ctx, "server2")) + goto err; + result = do_handshake(server_ctx, server2_ctx, client_ctx, test_ctx); ret = check_test(result, test_ctx); |