/* Make sure we can defer processing and get called back. */
if ((*ctr)++ == 0)
- return -1;
+ return SSL_CLIENT_HELLO_RETRY;
len = SSL_client_hello_get0_ciphers(s, &p);
if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers))
|| !TEST_size_t_eq(
SSL_client_hello_get0_compression_methods(s, &p), 1)
|| !TEST_int_eq(*p, 0))
- return 0;
+ return SSL_CLIENT_HELLO_ERROR;
if (!SSL_client_hello_get1_extensions_present(s, &exts, &len))
- return 0;
+ return SSL_CLIENT_HELLO_ERROR;
if (len != OSSL_NELEM(expected_extensions) ||
memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
printf("ClientHello callback expected extensions mismatch\n");
OPENSSL_free(exts);
- return 0;
+ return SSL_CLIENT_HELLO_ERROR;
}
OPENSSL_free(exts);
- return 1;
+ return SSL_CLIENT_HELLO_SUCCESS;
}
static int test_client_hello_cb(void)
NULL, NULL)))
return 0;
+ /*
+ * For one of the run throughs (doesn't matter which one), we'll try sending
+ * some SNI data in the initial ClientHello. This will be ignored (because
+ * there is no SNI cb set up by the server), so it should not impact
+ * early_data.
+ */
+ if (idx == 1
+ && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost")))
+ return 0;
+
if (idx == 2) {
/* Create the PSK */
const SSL_CIPHER *cipher = NULL;
static const char *servalpn;
-static int alpn_select_cb (SSL *ssl, const unsigned char **out, unsigned char *outlen,
- const unsigned char *in, unsigned int inlen, void *arg)
+static int alpn_select_cb(SSL *ssl, const unsigned char **out,
+ unsigned char *outlen, const unsigned char *in,
+ unsigned int inlen, void *arg)
{
- unsigned int i, protlen = 0;
+ unsigned int protlen = 0;
const unsigned char *prot;
- for (i = 0, prot = in; i < inlen; i += protlen, prot += protlen) {
- protlen = *(prot++);
- if (inlen - i < protlen)
+ for (prot = in; prot < in + inlen; prot += protlen) {
+ protlen = *prot++;
+ if (in + inlen - prot < protlen)
return SSL_TLSEXT_ERR_NOACK;
if (protlen == strlen(servalpn)
- && memcmp(prot, "goodalpn", protlen) == 0) {
+ && memcmp(prot, servalpn, protlen) == 0) {
*out = prot;
*outlen = protlen;
return SSL_TLSEXT_ERR_OK;