* time. It could be any value as long as it is not within tolerance.
* This should mean the ticket is rejected.
*/
- if (!TEST_true(SSL_SESSION_set_time(sess, time(NULL) - 20)))
+ if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20))))
goto end;
}
return testresult;
}
-static const char *servhostname;
-
static int hostname_cb(SSL *s, int *al, void *arg)
{
const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
- if (hostname != NULL && strcmp(hostname, servhostname) == 0)
+ if (hostname != NULL && strcmp(hostname, "goodhost") == 0)
return SSL_TLSEXT_ERR_OK;
return SSL_TLSEXT_ERR_NOACK;
for (prot = in; prot < in + inlen; prot += protlen) {
protlen = *prot++;
- if (in + inlen - prot < protlen)
+ if (in + inlen < prot + protlen)
return SSL_TLSEXT_ERR_NOACK;
if (protlen == strlen(servalpn)
&serverssl, &sess, 2)))
goto end;
- servhostname = "goodhost";
servalpn = "goodalpn";
/*
* Set inconsistent SNI (server detected). In this case the connection
* will succeed but reject early_data.
*/
- servhostname = "badhost";
+ SSL_SESSION_free(serverpsk);
+ serverpsk = SSL_SESSION_dup(clientpsk);
+ if (!TEST_ptr(serverpsk)
+ || !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost")))
+ goto end;
edstatus = SSL_EARLY_DATA_REJECTED;
readearlyres = SSL_READ_EARLY_DATA_FINISH;
/* Fall through */