test/ssl-tests/05-sni.conf

   1 # Generated with generate_ssl_tests.pl
   2
   3 num_tests = 9
   4
   5 test-0 = 0-SNI-switch-context
   6 test-1 = 1-SNI-keep-context
   7 test-2 = 2-SNI-no-server-support
   8 test-3 = 3-SNI-no-client-support
   9 test-4 = 4-SNI-bad-sni-ignore-mismatch
  10 test-5 = 5-SNI-bad-sni-reject-mismatch
  11 test-6 = 6-SNI-bad-clienthello-sni-ignore-mismatch
  12 test-7 = 7-SNI-bad-clienthello-sni-reject-mismatch
  13 test-8 = 8-SNI-clienthello-disable-v12
  14 # ===========================================================
  15
  16 [0-SNI-switch-context]
  17 ssl_conf = 0-SNI-switch-context-ssl
  18
  19 [0-SNI-switch-context-ssl]
  20 server = 0-SNI-switch-context-server
  21 client = 0-SNI-switch-context-client
  22 server2 = 0-SNI-switch-context-server
  23
  24 [0-SNI-switch-context-server]
  25 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  26 CipherString = DEFAULT
  27 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  28
  29 [0-SNI-switch-context-client]
  30 CipherString = DEFAULT
  31 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  32 VerifyMode = Peer
  33
  34 [test-0]
  35 ExpectedResult = Success
  36 ExpectedServerName = server2
  37 server = 0-SNI-switch-context-server-extra
  38 server2 = 0-SNI-switch-context-server-extra
  39 client = 0-SNI-switch-context-client-extra
  40
  41 [0-SNI-switch-context-server-extra]
  42 ServerNameCallback = IgnoreMismatch
  43
  44 [0-SNI-switch-context-client-extra]
  45 ServerName = server2
  46
  47
  48 # ===========================================================
  49
  50 [1-SNI-keep-context]
  51 ssl_conf = 1-SNI-keep-context-ssl
  52
  53 [1-SNI-keep-context-ssl]
  54 server = 1-SNI-keep-context-server
  55 client = 1-SNI-keep-context-client
  56 server2 = 1-SNI-keep-context-server
  57
  58 [1-SNI-keep-context-server]
  59 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  60 CipherString = DEFAULT
  61 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  62
  63 [1-SNI-keep-context-client]
  64 CipherString = DEFAULT
  65 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  66 VerifyMode = Peer
  67
  68 [test-1]
  69 ExpectedResult = Success
  70 ExpectedServerName = server1
  71 server = 1-SNI-keep-context-server-extra
  72 server2 = 1-SNI-keep-context-server-extra
  73 client = 1-SNI-keep-context-client-extra
  74
  75 [1-SNI-keep-context-server-extra]
  76 ServerNameCallback = IgnoreMismatch
  77
  78 [1-SNI-keep-context-client-extra]
  79 ServerName = server1
  80
  81
  82 # ===========================================================
  83
  84 [2-SNI-no-server-support]
  85 ssl_conf = 2-SNI-no-server-support-ssl
  86
  87 [2-SNI-no-server-support-ssl]
  88 server = 2-SNI-no-server-support-server
  89 client = 2-SNI-no-server-support-client
  90
  91 [2-SNI-no-server-support-server]
  92 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  93 CipherString = DEFAULT
  94 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  95
  96 [2-SNI-no-server-support-client]
  97 CipherString = DEFAULT
  98 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  99 VerifyMode = Peer
 100
 101 [test-2]
 102 ExpectedResult = Success
 103 client = 2-SNI-no-server-support-client-extra
 104
 105 [2-SNI-no-server-support-client-extra]
 106 ServerName = server1
 107
 108
 109 # ===========================================================
 110
 111 [3-SNI-no-client-support]
 112 ssl_conf = 3-SNI-no-client-support-ssl
 113
 114 [3-SNI-no-client-support-ssl]
 115 server = 3-SNI-no-client-support-server
 116 client = 3-SNI-no-client-support-client
 117 server2 = 3-SNI-no-client-support-server
 118
 119 [3-SNI-no-client-support-server]
 120 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 121 CipherString = DEFAULT
 122 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 123
 124 [3-SNI-no-client-support-client]
 125 CipherString = DEFAULT
 126 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 127 VerifyMode = Peer
 128
 129 [test-3]
 130 ExpectedResult = Success
 131 ExpectedServerName = server1
 132 server = 3-SNI-no-client-support-server-extra
 133 server2 = 3-SNI-no-client-support-server-extra
 134
 135 [3-SNI-no-client-support-server-extra]
 136 ServerNameCallback = IgnoreMismatch
 137
 138
 139 # ===========================================================
 140
 141 [4-SNI-bad-sni-ignore-mismatch]
 142 ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl
 143
 144 [4-SNI-bad-sni-ignore-mismatch-ssl]
 145 server = 4-SNI-bad-sni-ignore-mismatch-server
 146 client = 4-SNI-bad-sni-ignore-mismatch-client
 147 server2 = 4-SNI-bad-sni-ignore-mismatch-server
 148
 149 [4-SNI-bad-sni-ignore-mismatch-server]
 150 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 151 CipherString = DEFAULT
 152 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 153
 154 [4-SNI-bad-sni-ignore-mismatch-client]
 155 CipherString = DEFAULT
 156 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 157 VerifyMode = Peer
 158
 159 [test-4]
 160 ExpectedResult = Success
 161 ExpectedServerName = server1
 162 server = 4-SNI-bad-sni-ignore-mismatch-server-extra
 163 server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra
 164 client = 4-SNI-bad-sni-ignore-mismatch-client-extra
 165
 166 [4-SNI-bad-sni-ignore-mismatch-server-extra]
 167 ServerNameCallback = IgnoreMismatch
 168
 169 [4-SNI-bad-sni-ignore-mismatch-client-extra]
 170 ServerName = invalid
 171
 172
 173 # ===========================================================
 174
 175 [5-SNI-bad-sni-reject-mismatch]
 176 ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl
 177
 178 [5-SNI-bad-sni-reject-mismatch-ssl]
 179 server = 5-SNI-bad-sni-reject-mismatch-server
 180 client = 5-SNI-bad-sni-reject-mismatch-client
 181 server2 = 5-SNI-bad-sni-reject-mismatch-server
 182
 183 [5-SNI-bad-sni-reject-mismatch-server]
 184 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 185 CipherString = DEFAULT
 186 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 187
 188 [5-SNI-bad-sni-reject-mismatch-client]
 189 CipherString = DEFAULT
 190 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 191 VerifyMode = Peer
 192
 193 [test-5]
 194 ExpectedResult = ServerFail
 195 ExpectedServerAlert = UnrecognizedName
 196 server = 5-SNI-bad-sni-reject-mismatch-server-extra
 197 server2 = 5-SNI-bad-sni-reject-mismatch-server-extra
 198 client = 5-SNI-bad-sni-reject-mismatch-client-extra
 199
 200 [5-SNI-bad-sni-reject-mismatch-server-extra]
 201 ServerNameCallback = RejectMismatch
 202
 203 [5-SNI-bad-sni-reject-mismatch-client-extra]
 204 ServerName = invalid
 205
 206
 207 # ===========================================================
 208
 209 [6-SNI-bad-clienthello-sni-ignore-mismatch]
 210 ssl_conf = 6-SNI-bad-clienthello-sni-ignore-mismatch-ssl
 211
 212 [6-SNI-bad-clienthello-sni-ignore-mismatch-ssl]
 213 server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
 214 client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client
 215 server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
 216
 217 [6-SNI-bad-clienthello-sni-ignore-mismatch-server]
 218 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 219 CipherString = DEFAULT
 220 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 221
 222 [6-SNI-bad-clienthello-sni-ignore-mismatch-client]
 223 CipherString = DEFAULT
 224 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 225 VerifyMode = Peer
 226
 227 [test-6]
 228 ExpectedResult = Success
 229 ExpectedServerName = server1
 230 server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
 231 server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
 232 client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra
 233
 234 [6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra]
 235 ServerNameCallback = ClientHelloIgnoreMismatch
 236
 237 [6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra]
 238 ServerName = invalid
 239
 240
 241 # ===========================================================
 242
 243 [7-SNI-bad-clienthello-sni-reject-mismatch]
 244 ssl_conf = 7-SNI-bad-clienthello-sni-reject-mismatch-ssl
 245
 246 [7-SNI-bad-clienthello-sni-reject-mismatch-ssl]
 247 server = 7-SNI-bad-clienthello-sni-reject-mismatch-server
 248 client = 7-SNI-bad-clienthello-sni-reject-mismatch-client
 249 server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server
 250
 251 [7-SNI-bad-clienthello-sni-reject-mismatch-server]
 252 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 253 CipherString = DEFAULT
 254 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 255
 256 [7-SNI-bad-clienthello-sni-reject-mismatch-client]
 257 CipherString = DEFAULT
 258 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 259 VerifyMode = Peer
 260
 261 [test-7]
 262 ExpectedResult = ServerFail
 263 ExpectedServerAlert = UnrecognizedName
 264 server = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
 265 server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
 266 client = 7-SNI-bad-clienthello-sni-reject-mismatch-client-extra
 267
 268 [7-SNI-bad-clienthello-sni-reject-mismatch-server-extra]
 269 ServerNameCallback = ClientHelloRejectMismatch
 270
 271 [7-SNI-bad-clienthello-sni-reject-mismatch-client-extra]
 272 ServerName = invalid
 273
 274
 275 # ===========================================================
 276
 277 [8-SNI-clienthello-disable-v12]
 278 ssl_conf = 8-SNI-clienthello-disable-v12-ssl
 279
 280 [8-SNI-clienthello-disable-v12-ssl]
 281 server = 8-SNI-clienthello-disable-v12-server
 282 client = 8-SNI-clienthello-disable-v12-client
 283 server2 = 8-SNI-clienthello-disable-v12-server
 284
 285 [8-SNI-clienthello-disable-v12-server]
 286 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 287 CipherString = DEFAULT
 288 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
 289
 290 [8-SNI-clienthello-disable-v12-client]
 291 CipherString = DEFAULT
 292 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
 293 VerifyMode = Peer
 294
 295 [test-8]
 296 ExpectedProtocol = TLSv1.1
 297 ExpectedServerName = server2
 298 server = 8-SNI-clienthello-disable-v12-server-extra
 299 server2 = 8-SNI-clienthello-disable-v12-server-extra
 300 client = 8-SNI-clienthello-disable-v12-client-extra
 301
 302 [8-SNI-clienthello-disable-v12-server-extra]
 303 ServerNameCallback = ClientHelloNoV12
 304
 305 [8-SNI-clienthello-disable-v12-client-extra]
 306 ServerName = server2
 307
 308