05-sni.conf.in 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
  1. # -*- mode: perl; -*-
  2. # Copyright 2016-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the OpenSSL license (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## SSL test configurations
  9. use strict;
  10. use warnings;
  11. package ssltests;
  12. use OpenSSL::Test::Utils;
  13. our @tests = (
  14. {
  15. name => "SNI-switch-context",
  16. server => {
  17. extra => {
  18. "ServerNameCallback" => "IgnoreMismatch",
  19. },
  20. },
  21. client => {
  22. extra => {
  23. "ServerName" => "server2",
  24. },
  25. },
  26. test => {
  27. "ExpectedServerName" => "server2",
  28. "ExpectedResult" => "Success"
  29. },
  30. },
  31. {
  32. name => "SNI-keep-context",
  33. server => {
  34. extra => {
  35. "ServerNameCallback" => "IgnoreMismatch",
  36. },
  37. },
  38. client => {
  39. extra => {
  40. "ServerName" => "server1",
  41. },
  42. },
  43. test => {
  44. "ExpectedServerName" => "server1",
  45. "ExpectedResult" => "Success"
  46. },
  47. },
  48. {
  49. name => "SNI-no-server-support",
  50. server => { },
  51. client => {
  52. extra => {
  53. "ServerName" => "server1",
  54. },
  55. },
  56. test => { "ExpectedResult" => "Success" },
  57. },
  58. {
  59. name => "SNI-no-client-support",
  60. server => {
  61. extra => {
  62. "ServerNameCallback" => "IgnoreMismatch",
  63. },
  64. },
  65. client => { },
  66. test => {
  67. # We expect that the callback is still called
  68. # to let the application decide whether they tolerate
  69. # missing SNI (as our test callback does).
  70. "ExpectedServerName" => "server1",
  71. "ExpectedResult" => "Success"
  72. },
  73. },
  74. {
  75. name => "SNI-bad-sni-ignore-mismatch",
  76. server => {
  77. extra => {
  78. "ServerNameCallback" => "IgnoreMismatch",
  79. },
  80. },
  81. client => {
  82. extra => {
  83. "ServerName" => "invalid",
  84. },
  85. },
  86. test => {
  87. "ExpectedServerName" => "server1",
  88. "ExpectedResult" => "Success"
  89. },
  90. },
  91. {
  92. name => "SNI-bad-sni-reject-mismatch",
  93. server => {
  94. extra => {
  95. "ServerNameCallback" => "RejectMismatch",
  96. },
  97. },
  98. client => {
  99. extra => {
  100. "ServerName" => "invalid",
  101. },
  102. },
  103. test => {
  104. "ExpectedResult" => "ServerFail",
  105. "ExpectedServerAlert" => "UnrecognizedName"
  106. },
  107. },
  108. {
  109. name => "SNI-bad-clienthello-sni-ignore-mismatch",
  110. server => {
  111. extra => {
  112. "ServerNameCallback" => "ClientHelloIgnoreMismatch",
  113. },
  114. },
  115. client => {
  116. extra => {
  117. "ServerName" => "invalid",
  118. },
  119. },
  120. test => {
  121. "ExpectedServerName" => "server1",
  122. "ExpectedResult" => "Success"
  123. },
  124. },
  125. {
  126. name => "SNI-bad-clienthello-sni-reject-mismatch",
  127. server => {
  128. extra => {
  129. "ServerNameCallback" => "ClientHelloRejectMismatch",
  130. },
  131. },
  132. client => {
  133. extra => {
  134. "ServerName" => "invalid",
  135. },
  136. },
  137. test => {
  138. "ExpectedResult" => "ServerFail",
  139. "ExpectedServerAlert" => "UnrecognizedName"
  140. },
  141. },
  142. );
  143. our @tests_tls_1_1 = (
  144. {
  145. name => "SNI-clienthello-disable-v12",
  146. server => {
  147. extra => {
  148. "ServerNameCallback" => "ClientHelloNoV12",
  149. },
  150. },
  151. client => {
  152. extra => {
  153. "ServerName" => "server2",
  154. },
  155. },
  156. test => {
  157. "ExpectedProtocol" => "TLSv1.1",
  158. "ExpectedServerName" => "server2",
  159. },
  160. },
  161. );
  162. push @tests, @tests_tls_1_1 unless disabled("tls1_1");