Clean up following new SNI tests

- Only send SNI in SNI tests. This allows us to test handshakes without
  the SNI extension as well.
- Move all handshake-specific machinery to handshake_helper.c
- Use enum types to represent the enum everywhere
  (Resorting to plain ints can end in sign mismatch when the enum is
  represented by an unsigned type.)

Reviewed-by: Rich Salz <rsalz@openssl.org>

1 files changed, 7 insertions, 33 deletions

diff --git a/test/ssl_test.c b/test/ssl_test.c
index 56dcef5510..0062c51a4d 100644
--- a/test/ssl_test.c
+++ b/test/ssl_test.c
@@ -125,7 +125,8 @@ static int check_protocol(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
 
 static int check_servername(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
 {
-    if (result.servername != test_ctx->servername) {
+    if (test_ctx->servername != SSL_TEST_SERVERNAME_NONE
+        && result.servername != test_ctx->servername) {
         fprintf(stderr, "Client ServerName mismatch, expected %s, got %s\n.",
                 ssl_servername_name(test_ctx->servername),
                 ssl_servername_name(result.servername));
@@ -134,7 +135,7 @@ static int check_servername(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
     return 1;
 }
 
-static int check_session_ticket_expected(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
+static int check_session_ticket(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
 {
     if (test_ctx->session_ticket_expected == SSL_TEST_SESSION_TICKET_IGNORE)
         return 1;
@@ -143,8 +144,8 @@ static int check_session_ticket_expected(HANDSHAKE_RESULT result, SSL_TEST_CTX *
         return 1;
     if (result.session_ticket != test_ctx->session_ticket_expected) {
         fprintf(stderr, "Client SessionTicketExpected mismatch, expected %s, got %s\n.",
-                ssl_session_ticket_expected_name(test_ctx->session_ticket_expected),
-                ssl_session_ticket_expected_name(result.session_ticket));
+                ssl_session_ticket_name(test_ctx->session_ticket_expected),
+                ssl_session_ticket_name(result.session_ticket));
         return 0;
     }
     return 1;
@@ -163,29 +164,12 @@ static int check_test(HANDSHAKE_RESULT result, SSL_TEST_CTX *test_ctx)
     if (result.result == SSL_TEST_SUCCESS) {
         ret &= check_protocol(result, test_ctx);
         ret &= check_servername(result, test_ctx);
-        ret &= check_session_ticket_expected(result, test_ctx);
+        ret &= check_session_ticket(result, test_ctx);
         ret &= (result.session_ticket_do_not_call == 0);
     }
     return ret;
 }
 
-static int servername_callback(SSL *s, int *ad, void *arg)
-{
-    const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
-    if (servername != NULL && !strcmp(servername, "server2")) {
-        SSL_CTX *new_ctx = (SSL_CTX*)arg;
-        SSL_set_SSL_CTX(s, new_ctx);
-        /*
-         * Copy over all the SSL_CTX options - reasonable behavior
-         * allows testing of cases where the options between two
-         * contexts differ/conflict
-         */
-        SSL_clear_options(s, 0xFFFFFFFFL);
-        SSL_set_options(s, SSL_CTX_get_options(new_ctx));
-    }
-    return SSL_TLSEXT_ERR_OK;
-}
-
 static int execute_test(SSL_TEST_FIXTURE fixture)
 {
     int ret = 0;
@@ -206,21 +190,11 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
         goto err;
     }
 
-    /* link the two contexts for SNI purposes */
-    SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_callback);
-    SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx);
-    /*
-     * The initial_ctx/session_ctx always handles the encrypt/decrypt of the
-     * session ticket. This ticket_key callback is assigned to the second
-     * session (assigned via SNI), and should never be invoked
-     */
-    SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx, do_not_call_session_ticket_callback);
-
     test_ctx = SSL_TEST_CTX_create(conf, fixture.test_app);
     if (test_ctx == NULL)
         goto err;
 
-    result = do_handshake(server_ctx, client_ctx, test_ctx);
+    result = do_handshake(server_ctx, server2_ctx, client_ctx, test_ctx);
 
     ret = check_test(result, test_ctx);