2
0

06-sni-ticket.cnf.in 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. # -*- mode: perl; -*-
  2. # Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. ## Test SNI/Session tickets
  9. use strict;
  10. use warnings;
  11. package ssltests;
  12. our @tests = ();
  13. #Note: MaxProtocol is set to TLSv1.2 as session tickets work differently in
  14. #TLSv1.3.
  15. sub generate_tests() {
  16. foreach my $c ("SessionTicket", "-SessionTicket") {
  17. foreach my $s1 ("SessionTicket", "-SessionTicket") {
  18. foreach my $s2 ("SessionTicket", "-SessionTicket") {
  19. foreach my $n ("server1", "server2") {
  20. my $ticket_result = expected_result($c, $s1, $s2, $n);
  21. my $session_id_result = "Yes"; # always, even with a ticket
  22. push @tests, {
  23. "name" => "sni-session-ticket",
  24. "client" => {
  25. "Options" => $c,
  26. "extra" => {
  27. "ServerName" => $n,
  28. },
  29. "MaxProtocol" => "TLSv1.2"
  30. },
  31. "server" => {
  32. "Options" => $s1,
  33. "extra" => {
  34. # We don't test mismatch here.
  35. "ServerNameCallback" => "IgnoreMismatch",
  36. },
  37. },
  38. "server2" => {
  39. "Options" => $s2,
  40. },
  41. "test" => {
  42. "ExpectedServerName" => $n,
  43. "ExpectedResult" => "Success",
  44. "SessionIdExpected" => $session_id_result,
  45. "SessionTicketExpected" => $ticket_result,
  46. }
  47. };
  48. }
  49. }
  50. }
  51. }
  52. }
  53. # If the client has session tickets disabled, then No support
  54. # If the server initial_ctx has session tickets disabled, then No support
  55. # If SNI is in use, then if the "switched-to" context has session tickets disabled,
  56. # then No support
  57. sub expected_result {
  58. my ($c, $s1, $s2, $n) = @_;
  59. return "No" if $c eq "-SessionTicket";
  60. return "No" if $s1 eq "-SessionTicket";
  61. return "No" if ($s2 eq "-SessionTicket" && $n eq "server2");
  62. return "Yes";
  63. }
  64. # Add a "Broken" case.
  65. push @tests, {
  66. "name" => "sni-session-ticket",
  67. "client" => {
  68. "MaxProtocol" => "TLSv1.2",
  69. "Options" => "SessionTicket",
  70. "extra" => {
  71. "ServerName" => "server1",
  72. }
  73. },
  74. "server" => {
  75. "Options" => "SessionTicket",
  76. "extra" => {
  77. "BrokenSessionTicket" => "Yes",
  78. },
  79. },
  80. "server2" => {
  81. "Options" => "SessionTicket",
  82. },
  83. "test" => {
  84. "ExpectedResult" => "Success",
  85. "SessionTicketExpected" => "No",
  86. }
  87. };
  88. generate_tests();