# -*- mode: perl; -*-
# Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
#
-# Licensed under the OpenSSL license (the "License"). You may not use
+# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use warnings;
package ssltests;
+use OpenSSL::Test::Utils;
our @tests = (
{
- name => "SNI-default",
+ name => "SNI-switch-context",
+ server => {
+ extra => {
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "server2",
+ },
+ },
+ test => {
+ "ExpectedServerName" => "server2",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "SNI-keep-context",
+ server => {
+ extra => {
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "server1",
+ },
+ },
+ test => {
+ "ExpectedServerName" => "server1",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "SNI-no-server-support",
server => { },
- server2 => { },
+ client => {
+ extra => {
+ "ServerName" => "server1",
+ },
+ },
+ test => { "ExpectedResult" => "Success" },
+ },
+ {
+ name => "SNI-no-client-support",
+ server => {
+ extra => {
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
client => { },
- test => { "ServerName" => "server2",
- "ExpectedResult" => "Success" },
+ test => {
+ # We expect that the callback is still called
+ # to let the application decide whether they tolerate
+ # missing SNI (as our test callback does).
+ "ExpectedServerName" => "server1",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "SNI-bad-sni-ignore-mismatch",
+ server => {
+ extra => {
+ "ServerNameCallback" => "IgnoreMismatch",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "invalid",
+ },
+ },
+ test => {
+ "ExpectedServerName" => "server1",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "SNI-bad-sni-reject-mismatch",
+ server => {
+ extra => {
+ "ServerNameCallback" => "RejectMismatch",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "invalid",
+ },
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
+ "ExpectedServerAlert" => "UnrecognizedName"
+ },
+ },
+ {
+ name => "SNI-bad-clienthello-sni-ignore-mismatch",
+ server => {
+ extra => {
+ "ServerNameCallback" => "ClientHelloIgnoreMismatch",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "invalid",
+ },
+ },
+ test => {
+ "ExpectedServerName" => "server1",
+ "ExpectedResult" => "Success"
+ },
+ },
+ {
+ name => "SNI-bad-clienthello-sni-reject-mismatch",
+ server => {
+ extra => {
+ "ServerNameCallback" => "ClientHelloRejectMismatch",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "invalid",
+ },
+ },
+ test => {
+ "ExpectedResult" => "ServerFail",
+ "ExpectedServerAlert" => "UnrecognizedName"
+ },
},
);
+
+our @tests_tls_1_1 = (
+ {
+ name => "SNI-clienthello-disable-v12",
+ server => {
+ extra => {
+ "ServerNameCallback" => "ClientHelloNoV12",
+ },
+ },
+ client => {
+ extra => {
+ "ServerName" => "server2",
+ },
+ },
+ test => {
+ "ExpectedProtocol" => "TLSv1.1",
+ "ExpectedServerName" => "server2",
+ },
+ },
+);
+
+push @tests, @tests_tls_1_1 unless disabled("tls1_1");
projects / openssl.git / blobdiff