+/* Select the appropriate server CTX.
+ * Returns SSL_TLSEXT_ERR_OK if a match was found.
+ * If |ignore| is 1, returns SSL_TLSEXT_ERR_NOACK on mismatch.
+ * Otherwise, returns SSL_TLSEXT_ERR_ALERT_FATAL on mismatch.
+ * An empty SNI extension also returns SSL_TSLEXT_ERR_NOACK.
+ */
+static int select_server_ctx(SSL *s, void *arg, int ignore)
+{
+ const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+ HANDSHAKE_EX_DATA *ex_data =
+ (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
+
+ if (servername == NULL) {
+ ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
+ return SSL_TLSEXT_ERR_NOACK;
+ }
+
+ if (strcmp(servername, "server2") == 0) {
+ SSL_CTX *new_ctx = (SSL_CTX*)arg;
+ SSL_set_SSL_CTX(s, new_ctx);
+ /*
+ * Copy over all the SSL_CTX options - reasonable behavior
+ * allows testing of cases where the options between two
+ * contexts differ/conflict
+ */
+ SSL_clear_options(s, 0xFFFFFFFFL);
+ SSL_set_options(s, SSL_CTX_get_options(new_ctx));
+
+ ex_data->servername = SSL_TEST_SERVERNAME_SERVER2;
+ return SSL_TLSEXT_ERR_OK;
+ } else if (strcmp(servername, "server1") == 0) {
+ ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
+ return SSL_TLSEXT_ERR_OK;
+ } else if (ignore) {
+ ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
+ return SSL_TLSEXT_ERR_NOACK;
+ } else {
+ /* Don't set an explicit alert, to test library defaults. */
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+}
+
+static int client_hello_select_server_ctx(SSL *s, void *arg, int ignore)
+{
+ const char *servername;
+ const unsigned char *p;
+ size_t len, remaining;
+ HANDSHAKE_EX_DATA *ex_data =
+ (HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
+
+ /*
+ * The server_name extension was given too much extensibility when it
+ * was written, so parsing the normal case is a bit complex.
+ */
+ if (!SSL_client_hello_get0_ext(s, TLSEXT_TYPE_server_name, &p,
+ &remaining) ||
+ remaining <= 2)
+ return 0;
+ /* Extract the length of the supplied list of names. */
+ len = (*(p++) << 8);
+ len += *(p++);
+ if (len + 2 != remaining)
+ return 0;
+ remaining = len;
+ /*
+ * The list in practice only has a single element, so we only consider
+ * the first one.
+ */
+ if (remaining == 0 || *p++ != TLSEXT_NAMETYPE_host_name)
+ return 0;
+ remaining--;
+ /* Now we can finally pull out the byte array with the actual hostname. */
+ if (remaining <= 2)
+ return 0;
+ len = (*(p++) << 8);
+ len += *(p++);
+ if (len + 2 > remaining)
+ return 0;
+ remaining = len;
+ servername = (const char *)p;
+
+ if (len == strlen("server2") && strncmp(servername, "server2", len) == 0) {
+ SSL_CTX *new_ctx = arg;
+ SSL_set_SSL_CTX(s, new_ctx);
+ /*
+ * Copy over all the SSL_CTX options - reasonable behavior
+ * allows testing of cases where the options between two
+ * contexts differ/conflict
+ */
+ SSL_clear_options(s, 0xFFFFFFFFL);
+ SSL_set_options(s, SSL_CTX_get_options(new_ctx));
+
+ ex_data->servername = SSL_TEST_SERVERNAME_SERVER2;
+ return 1;
+ } else if (len == strlen("server1") &&
+ strncmp(servername, "server1", len) == 0) {
+ ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
+ return 1;
+ } else if (ignore) {
+ ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
+ return 1;
+ }
+ return 0;
+}
+/*
+ * (RFC 6066):
+ * If the server understood the ClientHello extension but
+ * does not recognize the server name, the server SHOULD take one of two
+ * actions: either abort the handshake by sending a fatal-level
+ * unrecognized_name(112) alert or continue the handshake.
+ *
+ * This behaviour is up to the application to configure; we test both
+ * configurations to ensure the state machine propagates the result
+ * correctly.
+ */
+static int servername_ignore_cb(SSL *s, int *ad, void *arg)
+{
+ return select_server_ctx(s, arg, 1);
+}
+
+static int servername_reject_cb(SSL *s, int *ad, void *arg)
+{
+ return select_server_ctx(s, arg, 0);
+}
+
+static int client_hello_ignore_cb(SSL *s, int *al, void *arg)
+{
+ if (!client_hello_select_server_ctx(s, arg, 1)) {
+ *al = SSL_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
+ return 1;
+}
+
+static int client_hello_reject_cb(SSL *s, int *al, void *arg)
+{
+ if (!client_hello_select_server_ctx(s, arg, 0)) {
+ *al = SSL_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
+ return 1;
+}
+
+static int client_hello_nov12_cb(SSL *s, int *al, void *arg)
+{
+ int ret;
+ unsigned int v;
+ const unsigned char *p;
+
+ v = SSL_client_hello_get0_legacy_version(s);
+ if (v > TLS1_2_VERSION || v < SSL3_VERSION) {
+ *al = SSL_AD_PROTOCOL_VERSION;
+ return 0;
+ }
+ (void)SSL_client_hello_get0_session_id(s, &p);
+ if (p == NULL ||
+ SSL_client_hello_get0_random(s, &p) == 0 ||
+ SSL_client_hello_get0_ciphers(s, &p) == 0 ||
+ SSL_client_hello_get0_compression_methods(s, &p) == 0) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
+ ret = client_hello_select_server_ctx(s, arg, 0);
+ SSL_set_max_proto_version(s, TLS1_1_VERSION);
+ if (!ret)
+ *al = SSL_AD_UNRECOGNIZED_NAME;
+ return ret;
+}
+
+static unsigned char dummy_ocsp_resp_good_val = 0xff;
+static unsigned char dummy_ocsp_resp_bad_val = 0xfe;
+
+static int server_ocsp_cb(SSL *s, void *arg)
+{
+ unsigned char *resp;
+
+ resp = OPENSSL_malloc(1);
+ if (resp == NULL)
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ /*
+ * For the purposes of testing we just send back a dummy OCSP response
+ */
+ *resp = *(unsigned char *)arg;
+ if (!SSL_set_tlsext_status_ocsp_resp(s, resp, 1))
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+
+ return SSL_TLSEXT_ERR_OK;
+}
+
+static int client_ocsp_cb(SSL *s, void *arg)
+{
+ const unsigned char *resp;
+ int len;
+
+ len = SSL_get_tlsext_status_ocsp_resp(s, &resp);
+ if (len != 1 || *resp != dummy_ocsp_resp_good_val)
+ return 0;
+
+ return 1;
+}
+
+static int verify_reject_cb(X509_STORE_CTX *ctx, void *arg) {