test/ssl-tests/05-sni.cnf.in

   1 # -*- mode: perl; -*-
   2 # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
   3 #
   4 # Licensed under the Apache License 2.0 (the "License").  You may not use
   5 # this file except in compliance with the License.  You can obtain a copy
   6 # in the file LICENSE in the source distribution or at
   7 # https://www.openssl.org/source/license.html
   8
   9
  10 ## SSL test configurations
  11
  12 use strict;
  13 use warnings;
  14
  15 package ssltests;
  16 use OpenSSL::Test::Utils;
  17
  18 our $fips_mode;
  19
  20 our @tests = (
  21     {
  22         name => "SNI-switch-context",
  23         server => {
  24             extra => {
  25                 "ServerNameCallback" => "IgnoreMismatch",
  26             },
  27         },
  28         client => {
  29             extra => {
  30                 "ServerName" => "server2",
  31             },
  32         },
  33         test   => {
  34             "ExpectedServerName" => "server2",
  35             "ExpectedResult" => "Success"
  36         },
  37     },
  38     {
  39         name => "SNI-keep-context",
  40         server => {
  41             extra => {
  42                 "ServerNameCallback" => "IgnoreMismatch",
  43             },
  44         },
  45         client => {
  46             extra => {
  47                 "ServerName" => "server1",
  48             },
  49         },
  50         test   => {
  51             "ExpectedServerName" => "server1",
  52             "ExpectedResult" => "Success"
  53         },
  54     },
  55     {
  56         name => "SNI-no-server-support",
  57         server => { },
  58         client => {
  59             extra => {
  60                 "ServerName" => "server1",
  61             },
  62         },
  63         test   => { "ExpectedResult" => "Success" },
  64     },
  65     {
  66         name => "SNI-no-client-support",
  67         server => {
  68             extra => {
  69                 "ServerNameCallback" => "IgnoreMismatch",
  70             },
  71         },
  72         client => { },
  73         test   => {
  74             # We expect that the callback is still called
  75             # to let the application decide whether they tolerate
  76             # missing SNI (as our test callback does).
  77             "ExpectedServerName" => "server1",
  78             "ExpectedResult" => "Success"
  79         },
  80     },
  81     {
  82         name => "SNI-bad-sni-ignore-mismatch",
  83         server => {
  84             extra => {
  85                 "ServerNameCallback" => "IgnoreMismatch",
  86             },
  87         },
  88         client => {
  89             extra => {
  90                 "ServerName" => "invalid",
  91             },
  92         },
  93         test   => {
  94             "ExpectedServerName" => "server1",
  95             "ExpectedResult" => "Success"
  96         },
  97     },
  98     {
  99         name => "SNI-bad-sni-reject-mismatch",
 100         server => {
 101             extra => {
 102                 "ServerNameCallback" => "RejectMismatch",
 103             },
 104         },
 105         client => {
 106             extra => {
 107                 "ServerName" => "invalid",
 108             },
 109         },
 110         test   => {
 111             "ExpectedResult" => "ServerFail",
 112             "ExpectedServerAlert" => "UnrecognizedName"
 113         },
 114     },
 115     {
 116         name => "SNI-bad-clienthello-sni-ignore-mismatch",
 117         server => {
 118             extra => {
 119                 "ServerNameCallback" => "ClientHelloIgnoreMismatch",
 120             },
 121         },
 122         client => {
 123             extra => {
 124                 "ServerName" => "invalid",
 125             },
 126         },
 127         test   => {
 128             "ExpectedServerName" => "server1",
 129             "ExpectedResult" => "Success"
 130         },
 131     },
 132     {
 133         name => "SNI-bad-clienthello-sni-reject-mismatch",
 134         server => {
 135             extra => {
 136                 "ServerNameCallback" => "ClientHelloRejectMismatch",
 137             },
 138         },
 139         client => {
 140             extra => {
 141                 "ServerName" => "invalid",
 142             },
 143         },
 144         test   => {
 145             "ExpectedResult" => "ServerFail",
 146             "ExpectedServerAlert" => "UnrecognizedName"
 147         },
 148     },
 149 );
 150
 151 our @tests_tls_1_1 = (
 152     {
 153         name => "SNI-clienthello-disable-v12",
 154         server => {
 155             extra => {
 156                 "ServerNameCallback" => "ClientHelloNoV12",
 157             },
 158         },
 159         client => {
 160             extra => {
 161                 "ServerName" => "server2",
 162             },
 163         },
 164         test   => {
 165             "ExpectedProtocol" => "TLSv1.1",
 166             "ExpectedServerName" => "server2",
 167         },
 168     },
 169 );
 170
 171 push @tests, @tests_tls_1_1 unless disabled("tls1_1") || $fips_mode;