From 11ba87f2ff8e2455c6627a83aa458384fe7de70a Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 13 Feb 2017 13:26:37 +0000
Subject: Ensure s_client sends an SNI extension by default

Enforcement of an SNI extension in the initial ClientHello is becoming
increasingly common (e.g. see GitHub issue #2580). This commit changes
s_client so that it adds SNI be default, unless explicitly told not to via
the new "-noservername" option.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2614)
---
 test/recipes/70-test_sslmessages.t   | 12 ++++++------
 test/recipes/70-test_tls13messages.t | 11 ++++++-----
 test/testlib/checkhandshake.pm       |  4 ++--
 3 files changed, 14 insertions(+), 13 deletions(-)

(limited to 'test')

diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t
index a6278dc630..a763486f5b 100644
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -222,22 +222,23 @@ checkhandshake($proxy, checkhandshake::RENEG_HANDSHAKE,
                checkhandshake::DEFAULT_EXTENSIONS,
                "Rengotiation handshake test");
 
-#Test 8: Server name handshake (client request only)
+#Test 8: Server name handshake (no client request)
 $proxy->clear();
-$proxy->clientflags("-no_tls1_3 -servername testhost");
+$proxy->clientflags("-no_tls1_3 -noservername");
 $proxy->start();
 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
                checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::SERVER_NAME_CLI_EXTENSION,
+               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
                "Server name handshake test (client)");
 
 #Test 9: Server name handshake (server support only)
 $proxy->clear();
-$proxy->clientflags("-no_tls1_3");
+$proxy->clientflags("-no_tls1_3 -noservername");
 $proxy->serverflags("-servername testhost");
 $proxy->start();
 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS,
+               checkhandshake::DEFAULT_EXTENSIONS
+               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
                "Server name handshake test (server)");
 
 #Test 10: Server name handshake (client and server)
@@ -247,7 +248,6 @@ $proxy->serverflags("-servername testhost");
 $proxy->start();
 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
                checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::SERVER_NAME_CLI_EXTENSION
                | checkhandshake::SERVER_NAME_SRV_EXTENSION,
                "Server name handshake test");
 
diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t
index 0d25beffa9..c4e20b7614 100644
--- a/test/recipes/70-test_tls13messages.t
+++ b/test/recipes/70-test_tls13messages.t
@@ -200,21 +200,23 @@ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
                checkhandshake::DEFAULT_EXTENSIONS,
                "Client auth handshake test");
 
-#Test 7: Server name handshake (client request only)
+#Test 7: Server name handshake (no client request)
 $proxy->clear();
-$proxy->clientflags("-servername testhost");
+$proxy->clientflags("-noservername");
 $proxy->start();
 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
                checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::SERVER_NAME_CLI_EXTENSION,
+               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
                "Server name handshake test (client)");
 
 #Test 8: Server name handshake (server support only)
 $proxy->clear();
+$proxy->clientflags("-noservername");
 $proxy->serverflags("-servername testhost");
 $proxy->start();
 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
-               checkhandshake::DEFAULT_EXTENSIONS,
+               checkhandshake::DEFAULT_EXTENSIONS
+               & ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
                "Server name handshake test (server)");
 
 #Test 9: Server name handshake (client and server)
@@ -224,7 +226,6 @@ $proxy->serverflags("-servername testhost");
 $proxy->start();
 checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
                checkhandshake::DEFAULT_EXTENSIONS
-               | checkhandshake::SERVER_NAME_CLI_EXTENSION
                | checkhandshake::SERVER_NAME_SRV_EXTENSION,
                "Server name handshake test");
 
diff --git a/test/testlib/checkhandshake.pm b/test/testlib/checkhandshake.pm
index 43efe81327..d5d0e29ee5 100644
--- a/test/testlib/checkhandshake.pm
+++ b/test/testlib/checkhandshake.pm
@@ -31,8 +31,8 @@ use constant {
 };
 
 use constant {
-    #DEFAULT ALSO INCLUDES SESSION_TICKET_SRV_EXTENSION
-    DEFAULT_EXTENSIONS => 0x00000003,
+    #DEFAULT also includes SESSION_TICKET_SRV_EXTENSION and SERVER_NAME_CLI
+    DEFAULT_EXTENSIONS => 0x00000007,
     SESSION_TICKET_SRV_EXTENSION => 0x00000002,
     SERVER_NAME_CLI_EXTENSION => 0x00000004,
     SERVER_NAME_SRV_EXTENSION => 0x00000008,
-- 
cgit v1.2.3