diff options
| author | Matt Caswell <matt@openssl.org> | 2017-02-13 13:26:37 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-04-27 11:43:55 +0100 |
| commit | 11ba87f2ff8e2455c6627a83aa458384fe7de70a (patch) | |
| tree | cd641aa5f04e490b101ff22b287552f05cc48653 /test | |
| parent | 37659ea43053f5db951962bd1100b490bd4f7e5e (diff) | |
Ensure s_client sends an SNI extension by default
Enforcement of an SNI extension in the initial ClientHello is becoming
increasingly common (e.g. see GitHub issue #2580). This commit changes
s_client so that it adds SNI be default, unless explicitly told not to via
the new "-noservername" option.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2614)
Diffstat (limited to 'test')
| -rw-r--r-- | test/recipes/70-test_sslmessages.t | 12 | ||||
| -rw-r--r-- | test/recipes/70-test_tls13messages.t | 11 | ||||
| -rw-r--r-- | test/testlib/checkhandshake.pm | 4 |
3 files changed, 14 insertions, 13 deletions
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index a6278dc630..a763486f5b 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -222,22 +222,23 @@ checkhandshake($proxy, checkhandshake::RENEG_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS, "Rengotiation handshake test"); -#Test 8: Server name handshake (client request only) +#Test 8: Server name handshake (no client request) $proxy->clear(); -$proxy->clientflags("-no_tls1_3 -servername testhost"); +$proxy->clientflags("-no_tls1_3 -noservername"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS - | checkhandshake::SERVER_NAME_CLI_EXTENSION, + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (client)"); #Test 9: Server name handshake (server support only) $proxy->clear(); -$proxy->clientflags("-no_tls1_3"); +$proxy->clientflags("-no_tls1_3 -noservername"); $proxy->serverflags("-servername testhost"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, - checkhandshake::DEFAULT_EXTENSIONS, + checkhandshake::DEFAULT_EXTENSIONS + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (server)"); #Test 10: Server name handshake (client and server) @@ -247,7 +248,6 @@ $proxy->serverflags("-servername testhost"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS - | checkhandshake::SERVER_NAME_CLI_EXTENSION | checkhandshake::SERVER_NAME_SRV_EXTENSION, "Server name handshake test"); diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 0d25beffa9..c4e20b7614 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -200,21 +200,23 @@ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS, "Client auth handshake test"); -#Test 7: Server name handshake (client request only) +#Test 7: Server name handshake (no client request) $proxy->clear(); -$proxy->clientflags("-servername testhost"); +$proxy->clientflags("-noservername"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS - | checkhandshake::SERVER_NAME_CLI_EXTENSION, + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (client)"); #Test 8: Server name handshake (server support only) $proxy->clear(); +$proxy->clientflags("-noservername"); $proxy->serverflags("-servername testhost"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, - checkhandshake::DEFAULT_EXTENSIONS, + checkhandshake::DEFAULT_EXTENSIONS + & ~checkhandshake::SERVER_NAME_CLI_EXTENSION, "Server name handshake test (server)"); #Test 9: Server name handshake (client and server) @@ -224,7 +226,6 @@ $proxy->serverflags("-servername testhost"); $proxy->start(); checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE, checkhandshake::DEFAULT_EXTENSIONS - | checkhandshake::SERVER_NAME_CLI_EXTENSION | checkhandshake::SERVER_NAME_SRV_EXTENSION, "Server name handshake test"); diff --git a/test/testlib/checkhandshake.pm b/test/testlib/checkhandshake.pm index 43efe81327..d5d0e29ee5 100644 --- a/test/testlib/checkhandshake.pm +++ b/test/testlib/checkhandshake.pm @@ -31,8 +31,8 @@ use constant { }; use constant { - #DEFAULT ALSO INCLUDES SESSION_TICKET_SRV_EXTENSION - DEFAULT_EXTENSIONS => 0x00000003, + #DEFAULT also includes SESSION_TICKET_SRV_EXTENSION and SERVER_NAME_CLI + DEFAULT_EXTENSIONS => 0x00000007, SESSION_TICKET_SRV_EXTENSION => 0x00000002, SERVER_NAME_CLI_EXTENSION => 0x00000004, SERVER_NAME_SRV_EXTENSION => 0x00000008, |