+static const char *sn_client;
+static const char *sn_server1;
+static const char *sn_server2;
+static int sn_expect = 0;
+static int s_ticket1 = 0;
+static int s_ticket2 = 0;
+static int c_ticket = 0;
+static int ticket_expect = -1;
+static int sni_in_cert_cb = 0;
+static const char *client_sigalgs = NULL;
+static const char *server_digest_expect = NULL;
+
+static int servername_cb(SSL *s, int *ad, void *arg)
+{
+ const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+ if (sn_server2 == NULL) {
+ BIO_printf(bio_stdout, "Servername 2 is NULL\n");
+ return SSL_TLSEXT_ERR_NOACK;
+ }
+
+ if (servername != NULL) {
+ if (s_ctx2 != NULL && sn_server2 != NULL &&
+ !strcasecmp(servername, sn_server2)) {
+ BIO_printf(bio_stdout, "Switching server context.\n");
+ SSL_set_SSL_CTX(s, s_ctx2);
+ /* Copy over all the SSL_CTX options */
+ SSL_clear_options(s, 0xFFFFFFFFL);
+ SSL_set_options(s, SSL_CTX_get_options(s_ctx2));
+ }
+ }
+ return SSL_TLSEXT_ERR_OK;
+}
+static int verify_servername(SSL *client, SSL *server)
+{
+ /* just need to see if sn_context is what we expect */
+ SSL_CTX* ctx = SSL_get_SSL_CTX(server);
+ if (sn_expect == 0)
+ return 0;
+ if (sn_expect == 1 && ctx == s_ctx)
+ return 0;
+ if (sn_expect == 2 && ctx == s_ctx2)
+ return 0;
+ BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
+ if (ctx == s_ctx2)
+ BIO_printf(bio_stdout, "Servername: context is 2\n");
+ else if (ctx == s_ctx)
+ BIO_printf(bio_stdout, "Servername: context is 1\n");
+ else
+ BIO_printf(bio_stdout, "Servername: context is unknown\n");
+ return -1;
+}
+static int cert_cb(SSL *ssl, void *arg)
+{
+ int unused;
+ return servername_cb(ssl, &unused, NULL) != SSL_TLSEXT_ERR_ALERT_FATAL;
+}
+
+static int verify_ticket(SSL* ssl)
+{
+ if (ticket_expect == -1)
+ return 0;
+ if (ticket_expect == 0 &&
+ (ssl->session->tlsext_tick == NULL ||
+ ssl->session->tlsext_ticklen == 0))
+ return 1;
+ if (ticket_expect == 1 &&
+ (ssl->session->tlsext_tick != NULL &&
+ ssl->session->tlsext_ticklen != 0))
+ return 1;
+ return -1;
+}
+
+static int verify_server_digest(SSL* ssl)
+{
+ int nid = NID_undef;
+
+ if (server_digest_expect == NULL)
+ return 0;
+ SSL_get_peer_signature_nid(ssl, &nid);
+ if (strcmp(server_digest_expect, OBJ_nid2sn(nid)) == 0)
+ return 1;
+ BIO_printf(bio_stdout, "Expected server digest %s, got %s.\n",
+ server_digest_expect, OBJ_nid2sn(nid));
+ return -1;
+}