05-sni.cnf 8.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308
  1. # Generated with generate_ssl_tests.pl
  2. num_tests = 9
  3. test-0 = 0-SNI-switch-context
  4. test-1 = 1-SNI-keep-context
  5. test-2 = 2-SNI-no-server-support
  6. test-3 = 3-SNI-no-client-support
  7. test-4 = 4-SNI-bad-sni-ignore-mismatch
  8. test-5 = 5-SNI-bad-sni-reject-mismatch
  9. test-6 = 6-SNI-bad-clienthello-sni-ignore-mismatch
  10. test-7 = 7-SNI-bad-clienthello-sni-reject-mismatch
  11. test-8 = 8-SNI-clienthello-disable-v12
  12. # ===========================================================
  13. [0-SNI-switch-context]
  14. ssl_conf = 0-SNI-switch-context-ssl
  15. [0-SNI-switch-context-ssl]
  16. server = 0-SNI-switch-context-server
  17. client = 0-SNI-switch-context-client
  18. server2 = 0-SNI-switch-context-server
  19. [0-SNI-switch-context-server]
  20. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  21. CipherString = DEFAULT
  22. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  23. [0-SNI-switch-context-client]
  24. CipherString = DEFAULT
  25. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  26. VerifyMode = Peer
  27. [test-0]
  28. ExpectedResult = Success
  29. ExpectedServerName = server2
  30. server = 0-SNI-switch-context-server-extra
  31. server2 = 0-SNI-switch-context-server-extra
  32. client = 0-SNI-switch-context-client-extra
  33. [0-SNI-switch-context-server-extra]
  34. ServerNameCallback = IgnoreMismatch
  35. [0-SNI-switch-context-client-extra]
  36. ServerName = server2
  37. # ===========================================================
  38. [1-SNI-keep-context]
  39. ssl_conf = 1-SNI-keep-context-ssl
  40. [1-SNI-keep-context-ssl]
  41. server = 1-SNI-keep-context-server
  42. client = 1-SNI-keep-context-client
  43. server2 = 1-SNI-keep-context-server
  44. [1-SNI-keep-context-server]
  45. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  46. CipherString = DEFAULT
  47. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  48. [1-SNI-keep-context-client]
  49. CipherString = DEFAULT
  50. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  51. VerifyMode = Peer
  52. [test-1]
  53. ExpectedResult = Success
  54. ExpectedServerName = server1
  55. server = 1-SNI-keep-context-server-extra
  56. server2 = 1-SNI-keep-context-server-extra
  57. client = 1-SNI-keep-context-client-extra
  58. [1-SNI-keep-context-server-extra]
  59. ServerNameCallback = IgnoreMismatch
  60. [1-SNI-keep-context-client-extra]
  61. ServerName = server1
  62. # ===========================================================
  63. [2-SNI-no-server-support]
  64. ssl_conf = 2-SNI-no-server-support-ssl
  65. [2-SNI-no-server-support-ssl]
  66. server = 2-SNI-no-server-support-server
  67. client = 2-SNI-no-server-support-client
  68. [2-SNI-no-server-support-server]
  69. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  70. CipherString = DEFAULT
  71. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  72. [2-SNI-no-server-support-client]
  73. CipherString = DEFAULT
  74. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  75. VerifyMode = Peer
  76. [test-2]
  77. ExpectedResult = Success
  78. client = 2-SNI-no-server-support-client-extra
  79. [2-SNI-no-server-support-client-extra]
  80. ServerName = server1
  81. # ===========================================================
  82. [3-SNI-no-client-support]
  83. ssl_conf = 3-SNI-no-client-support-ssl
  84. [3-SNI-no-client-support-ssl]
  85. server = 3-SNI-no-client-support-server
  86. client = 3-SNI-no-client-support-client
  87. server2 = 3-SNI-no-client-support-server
  88. [3-SNI-no-client-support-server]
  89. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  90. CipherString = DEFAULT
  91. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  92. [3-SNI-no-client-support-client]
  93. CipherString = DEFAULT
  94. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  95. VerifyMode = Peer
  96. [test-3]
  97. ExpectedResult = Success
  98. ExpectedServerName = server1
  99. server = 3-SNI-no-client-support-server-extra
  100. server2 = 3-SNI-no-client-support-server-extra
  101. [3-SNI-no-client-support-server-extra]
  102. ServerNameCallback = IgnoreMismatch
  103. # ===========================================================
  104. [4-SNI-bad-sni-ignore-mismatch]
  105. ssl_conf = 4-SNI-bad-sni-ignore-mismatch-ssl
  106. [4-SNI-bad-sni-ignore-mismatch-ssl]
  107. server = 4-SNI-bad-sni-ignore-mismatch-server
  108. client = 4-SNI-bad-sni-ignore-mismatch-client
  109. server2 = 4-SNI-bad-sni-ignore-mismatch-server
  110. [4-SNI-bad-sni-ignore-mismatch-server]
  111. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  112. CipherString = DEFAULT
  113. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  114. [4-SNI-bad-sni-ignore-mismatch-client]
  115. CipherString = DEFAULT
  116. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  117. VerifyMode = Peer
  118. [test-4]
  119. ExpectedResult = Success
  120. ExpectedServerName = server1
  121. server = 4-SNI-bad-sni-ignore-mismatch-server-extra
  122. server2 = 4-SNI-bad-sni-ignore-mismatch-server-extra
  123. client = 4-SNI-bad-sni-ignore-mismatch-client-extra
  124. [4-SNI-bad-sni-ignore-mismatch-server-extra]
  125. ServerNameCallback = IgnoreMismatch
  126. [4-SNI-bad-sni-ignore-mismatch-client-extra]
  127. ServerName = invalid
  128. # ===========================================================
  129. [5-SNI-bad-sni-reject-mismatch]
  130. ssl_conf = 5-SNI-bad-sni-reject-mismatch-ssl
  131. [5-SNI-bad-sni-reject-mismatch-ssl]
  132. server = 5-SNI-bad-sni-reject-mismatch-server
  133. client = 5-SNI-bad-sni-reject-mismatch-client
  134. server2 = 5-SNI-bad-sni-reject-mismatch-server
  135. [5-SNI-bad-sni-reject-mismatch-server]
  136. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  137. CipherString = DEFAULT
  138. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  139. [5-SNI-bad-sni-reject-mismatch-client]
  140. CipherString = DEFAULT
  141. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  142. VerifyMode = Peer
  143. [test-5]
  144. ExpectedResult = ServerFail
  145. ExpectedServerAlert = UnrecognizedName
  146. server = 5-SNI-bad-sni-reject-mismatch-server-extra
  147. server2 = 5-SNI-bad-sni-reject-mismatch-server-extra
  148. client = 5-SNI-bad-sni-reject-mismatch-client-extra
  149. [5-SNI-bad-sni-reject-mismatch-server-extra]
  150. ServerNameCallback = RejectMismatch
  151. [5-SNI-bad-sni-reject-mismatch-client-extra]
  152. ServerName = invalid
  153. # ===========================================================
  154. [6-SNI-bad-clienthello-sni-ignore-mismatch]
  155. ssl_conf = 6-SNI-bad-clienthello-sni-ignore-mismatch-ssl
  156. [6-SNI-bad-clienthello-sni-ignore-mismatch-ssl]
  157. server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
  158. client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client
  159. server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server
  160. [6-SNI-bad-clienthello-sni-ignore-mismatch-server]
  161. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  162. CipherString = DEFAULT
  163. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  164. [6-SNI-bad-clienthello-sni-ignore-mismatch-client]
  165. CipherString = DEFAULT
  166. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  167. VerifyMode = Peer
  168. [test-6]
  169. ExpectedResult = Success
  170. ExpectedServerName = server1
  171. server = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
  172. server2 = 6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra
  173. client = 6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra
  174. [6-SNI-bad-clienthello-sni-ignore-mismatch-server-extra]
  175. ServerNameCallback = ClientHelloIgnoreMismatch
  176. [6-SNI-bad-clienthello-sni-ignore-mismatch-client-extra]
  177. ServerName = invalid
  178. # ===========================================================
  179. [7-SNI-bad-clienthello-sni-reject-mismatch]
  180. ssl_conf = 7-SNI-bad-clienthello-sni-reject-mismatch-ssl
  181. [7-SNI-bad-clienthello-sni-reject-mismatch-ssl]
  182. server = 7-SNI-bad-clienthello-sni-reject-mismatch-server
  183. client = 7-SNI-bad-clienthello-sni-reject-mismatch-client
  184. server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server
  185. [7-SNI-bad-clienthello-sni-reject-mismatch-server]
  186. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  187. CipherString = DEFAULT
  188. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  189. [7-SNI-bad-clienthello-sni-reject-mismatch-client]
  190. CipherString = DEFAULT
  191. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  192. VerifyMode = Peer
  193. [test-7]
  194. ExpectedResult = ServerFail
  195. ExpectedServerAlert = UnrecognizedName
  196. server = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
  197. server2 = 7-SNI-bad-clienthello-sni-reject-mismatch-server-extra
  198. client = 7-SNI-bad-clienthello-sni-reject-mismatch-client-extra
  199. [7-SNI-bad-clienthello-sni-reject-mismatch-server-extra]
  200. ServerNameCallback = ClientHelloRejectMismatch
  201. [7-SNI-bad-clienthello-sni-reject-mismatch-client-extra]
  202. ServerName = invalid
  203. # ===========================================================
  204. [8-SNI-clienthello-disable-v12]
  205. ssl_conf = 8-SNI-clienthello-disable-v12-ssl
  206. [8-SNI-clienthello-disable-v12-ssl]
  207. server = 8-SNI-clienthello-disable-v12-server
  208. client = 8-SNI-clienthello-disable-v12-client
  209. server2 = 8-SNI-clienthello-disable-v12-server
  210. [8-SNI-clienthello-disable-v12-server]
  211. Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
  212. CipherString = DEFAULT:@SECLEVEL=0
  213. PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
  214. [8-SNI-clienthello-disable-v12-client]
  215. CipherString = DEFAULT:@SECLEVEL=0
  216. VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
  217. VerifyMode = Peer
  218. [test-8]
  219. ExpectedProtocol = TLSv1.1
  220. ExpectedServerName = server2
  221. server = 8-SNI-clienthello-disable-v12-server-extra
  222. server2 = 8-SNI-clienthello-disable-v12-server-extra
  223. client = 8-SNI-clienthello-disable-v12-client-extra
  224. [8-SNI-clienthello-disable-v12-server-extra]
  225. ServerNameCallback = ClientHelloNoV12
  226. [8-SNI-clienthello-disable-v12-client-extra]
  227. ServerName = server2